Compare commits
No commits in common. "develop" and "lam_6_6_RC1" have entirely different histories.
develop
...
lam_6_6_RC
|
@ -1,3 +0,0 @@
|
||||||
|
|
||||||
github: [LDAPAccountManager]
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
name: "LAM CodeQL config"
|
|
||||||
|
|
||||||
queries:
|
|
||||||
- uses: security-and-quality
|
|
||||||
|
|
||||||
paths-ignore:
|
|
||||||
- '**/3rdParty/**/*.*'
|
|
||||||
- '**/lib/extra/**/*.*'
|
|
||||||
- '**/lib/*jquery*.js'
|
|
||||||
paths:
|
|
||||||
- lam
|
|
|
@ -1,56 +0,0 @@
|
||||||
name: "CodeQL"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [develop]
|
|
||||||
pull_request:
|
|
||||||
# The branches below must be a subset of the branches above
|
|
||||||
branches: [develop]
|
|
||||||
schedule:
|
|
||||||
- cron: '0 10 * * 0'
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
analyse:
|
|
||||||
name: Analyse
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
with:
|
|
||||||
# We must fetch at least the immediate parents so that if this is
|
|
||||||
# a pull request then we can checkout the head.
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
# If this run was triggered by a pull request event, then checkout
|
|
||||||
# the head of the pull request instead of the merge commit.
|
|
||||||
- run: git checkout HEAD^2
|
|
||||||
if: ${{ github.event_name == 'pull_request' }}
|
|
||||||
|
|
||||||
# Initializes the CodeQL tools for scanning.
|
|
||||||
- name: Initialize CodeQL
|
|
||||||
uses: github/codeql-action/init@v1
|
|
||||||
# Override language selection by uncommenting this and choosing your languages
|
|
||||||
# with:
|
|
||||||
# languages: go, javascript, csharp, python, cpp, java
|
|
||||||
with:
|
|
||||||
config-file: ./.github/codeql/codeql-config.yml
|
|
||||||
|
|
||||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
|
||||||
# If this step fails, then you should remove it and run the build manually (see below)
|
|
||||||
- name: Autobuild
|
|
||||||
uses: github/codeql-action/autobuild@v1
|
|
||||||
|
|
||||||
# ℹ️ Command-line programs to run using the OS shell.
|
|
||||||
# 📚 https://git.io/JvXDl
|
|
||||||
|
|
||||||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
|
||||||
# and modify them (or add more) to build your code if your project
|
|
||||||
# uses a compiled language
|
|
||||||
|
|
||||||
#- run: |
|
|
||||||
# make bootstrap
|
|
||||||
# make release
|
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
|
||||||
uses: github/codeql-action/analyze@v1
|
|
|
@ -2,8 +2,3 @@
|
||||||
/.buildpath
|
/.buildpath
|
||||||
/.project
|
/.project
|
||||||
/.Readme.md.html
|
/.Readme.md.html
|
||||||
/vendor/
|
|
||||||
/composer.lock
|
|
||||||
/code-coverage/
|
|
||||||
/.phpunit.result.cache
|
|
||||||
/lam/lib/3rdParty/composer/bin/
|
|
||||||
|
|
18
.travis.yml
|
@ -1,18 +0,0 @@
|
||||||
language: php
|
|
||||||
addons:
|
|
||||||
sonarcloud:
|
|
||||||
organization: "ldap-account-manager"
|
|
||||||
php:
|
|
||||||
- '7.3'
|
|
||||||
|
|
||||||
cache:
|
|
||||||
directories:
|
|
||||||
- '$HOME/.sonar/cache'
|
|
||||||
|
|
||||||
script:
|
|
||||||
- phpunit
|
|
||||||
- ls -l code-coverage/*
|
|
||||||
- sonar-scanner
|
|
||||||
- pip install --user codespell
|
|
||||||
- cd lam
|
|
||||||
- ./codespell.sh
|
|
|
@ -25,4 +25,4 @@ There are two modules. Usually, you only need the files inside "lam".
|
||||||
LAM is published under the GNU General Public License.
|
LAM is published under the GNU General Public License.
|
||||||
The complete list of licenses can be found in the copyright file.
|
The complete list of licenses can be found in the copyright file.
|
||||||
|
|
||||||
Copyright (C) 2003 - 2020 Roland Gruber <post@rolandgruber.de>
|
Copyright (C) 2003 - 2018 Roland Gruber <post@rolandgruber.de>
|
|
@ -1,9 +0,0 @@
|
||||||
# Security Policy
|
|
||||||
|
|
||||||
## Supported Versions
|
|
||||||
|
|
||||||
Security updates are always created based on the latest release.
|
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
|
||||||
|
|
||||||
Please report all security issues to post@rolandgruber.de. Reports will be answered within 48h.
|
|
|
@ -1,10 +1,6 @@
|
||||||
{
|
{
|
||||||
"require-dev" : {
|
"require-dev" : {
|
||||||
"phpunit/phpunit" : "8.5.2",
|
"phpunit/phpunit" : "5.4.6",
|
||||||
"squizlabs/php_codesniffer" : "3.4.0"
|
"squizlabs/php_codesniffer" : "2.7.1"
|
||||||
},
|
|
||||||
"require": {
|
|
||||||
"ext-ldap": "*",
|
|
||||||
"ext-json": "*"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -22,6 +22,17 @@ Vendor: Roland Gruber
|
||||||
Packager: Roland Gruber <post@rolandgruber.de>
|
Packager: Roland Gruber <post@rolandgruber.de>
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
AutoReqProv: no
|
AutoReqProv: no
|
||||||
|
%if %is_suse
|
||||||
|
Requires: php5
|
||||||
|
Requires: php5-ldap
|
||||||
|
Requires: php5-hash
|
||||||
|
Requires: php5-gd
|
||||||
|
Requires: php5-gettext
|
||||||
|
Requires: perl
|
||||||
|
%endif
|
||||||
|
%if %is_fedora
|
||||||
|
Requires: perl
|
||||||
|
%endif
|
||||||
|
|
||||||
Source1: lam.nginx.conf
|
Source1: lam.nginx.conf
|
||||||
Source2: lam.apache.conf
|
Source2: lam.apache.conf
|
||||||
|
|
|
@ -39,7 +39,7 @@ DOCS = COPYING HISTORY README copyright docs/schema/dhcp.schema
|
||||||
|
|
||||||
HTML_DOCS = devel manual
|
HTML_DOCS = devel manual
|
||||||
|
|
||||||
LIST1 = graphics help index.html lib locale style templates VERSION pwa_worker.js
|
LIST1 = graphics help index.html lib locale style templates VERSION
|
||||||
LIST2 = sess tmp tmp/internal
|
LIST2 = sess tmp tmp/internal
|
||||||
LIST3 = config
|
LIST3 = config
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ install-lam:
|
||||||
LIST4="`(cd $(srcdir)/$(LIST3) ; ls -d *)`" ; \
|
LIST4="`(cd $(srcdir)/$(LIST3) ; ls -d *)`" ; \
|
||||||
(cd $(srcdir)/$(LIST3) ; $(TAR) cf - .) | \
|
(cd $(srcdir)/$(LIST3) ; $(TAR) cf - .) | \
|
||||||
(cd $(DESTDIR)$(sysconfdir) ; $(TAR) xf -) ; \
|
(cd $(DESTDIR)$(sysconfdir) ; $(TAR) xf -) ; \
|
||||||
[ -e ${LIST3} ] || $(LN_S) $(sysconfdir) ${LIST3} ; \
|
$(LN_S) $(sysconfdir) ${LIST3} ; \
|
||||||
(cd $(srcdir) ; $(TAR) cf - $(LIST1)) | $(TAR) xf - ; \
|
(cd $(srcdir) ; $(TAR) cf - $(LIST1)) | $(TAR) xf - ; \
|
||||||
[ -d $(DESTDIR)$(prefix)/docs ] || \
|
[ -d $(DESTDIR)$(prefix)/docs ] || \
|
||||||
$(MKDIR) -p $(DESTDIR)$(prefix)/docs || exit 1 ; \
|
$(MKDIR) -p $(DESTDIR)$(prefix)/docs || exit 1 ; \
|
||||||
|
|
|
@ -44,24 +44,23 @@ function minifyCSS {
|
||||||
echo "Minify CSS files in $dir"
|
echo "Minify CSS files in $dir"
|
||||||
local outFile=$dir/100_lam.${VERSION}.min.css
|
local outFile=$dir/100_lam.${VERSION}.min.css
|
||||||
local files=`ls $dir/*.css`
|
local files=`ls $dir/*.css`
|
||||||
cat $files | cleancss --skip-rebase -o $outFile
|
cat $files | cleancss -o $outFile
|
||||||
rm $files
|
rm $files
|
||||||
# add final new line to supress Debian warnings
|
# add final new line to supress Debian warnings
|
||||||
echo "" >> $outFile
|
echo "" >> $outFile
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "Getting files..."
|
echo "Getting files..."
|
||||||
git clone --depth 1 -b $REPO_BRANCH --single-branch git@github.com:LDAPAccountManager/lam.git github
|
git clone -b $REPO_BRANCH --single-branch git@github.com:LDAPAccountManager/lam.git github
|
||||||
cd github
|
cd github
|
||||||
mv lam ../
|
mv lam ../
|
||||||
mv lam-packaging ../
|
mv lam-packaging ../
|
||||||
cd ..
|
cd ..
|
||||||
rm -rf github
|
rm -rf github
|
||||||
|
|
||||||
git clone --depth 1 -b $REPO_BRANCH --single-branch git@gitlab.com:LDAPAccountManager/lamPro.git lamPro
|
git clone -b $REPO_BRANCH --single-branch git@gitlab.com:LDAPAccountManager/lamPro.git lamPro
|
||||||
cd lamPro
|
cd lamPro
|
||||||
rm -rf .git
|
rm -rf .git
|
||||||
rm -rf docker
|
|
||||||
cd ..
|
cd ..
|
||||||
|
|
||||||
cp lam-packaging/getVersion ./
|
cp lam-packaging/getVersion ./
|
||||||
|
@ -70,8 +69,7 @@ export VERSION=`./getVersion`
|
||||||
# remove files which are not in the final release
|
# remove files which are not in the final release
|
||||||
rm -r lam/po
|
rm -r lam/po
|
||||||
rm -r lam/tests
|
rm -r lam/tests
|
||||||
rm -f lam/lib/3rdParty/tcpdf/fonts/*.ttf
|
rm lam/lib/3rdParty/tcpdf/fonts/*.ttf
|
||||||
rm -r lam/templates/lib/extra/ckeditor/plugins/*/dev
|
|
||||||
find . -name .svnignore -exec rm {} \;
|
find . -name .svnignore -exec rm {} \;
|
||||||
find . -name .gitignore -exec rm {} \;
|
find . -name .gitignore -exec rm {} \;
|
||||||
mv lam ldap-account-manager-$VERSION
|
mv lam ldap-account-manager-$VERSION
|
||||||
|
@ -137,14 +135,8 @@ cd ..
|
||||||
|
|
||||||
# Debian
|
# Debian
|
||||||
cp -r lam-packaging/debian Debian/ldap-account-manager-$VERSION/
|
cp -r lam-packaging/debian Debian/ldap-account-manager-$VERSION/
|
||||||
cp -ar Debian Debian-Upload
|
|
||||||
cd Debian/ldap-account-manager-$VERSION
|
cd Debian/ldap-account-manager-$VERSION
|
||||||
debuild -k478730308FBD512ADF09D38E7F3D136B2BCD7990
|
debuild
|
||||||
cd ..
|
|
||||||
rm -r ldap-account-manager-$VERSION
|
|
||||||
cd ..
|
|
||||||
cd Debian-Upload/ldap-account-manager-$VERSION
|
|
||||||
debuild -S -k478730308FBD512ADF09D38E7F3D136B2BCD7990
|
|
||||||
cd ..
|
cd ..
|
||||||
rm -r ldap-account-manager-$VERSION
|
rm -r ldap-account-manager-$VERSION
|
||||||
cd ..
|
cd ..
|
||||||
|
@ -153,7 +145,7 @@ cd ..
|
||||||
cd LAMPro
|
cd LAMPro
|
||||||
cp -r ../lam-packaging/debian Debian/ldap-account-manager-$VERSION/
|
cp -r ../lam-packaging/debian Debian/ldap-account-manager-$VERSION/
|
||||||
cd Debian/ldap-account-manager-$VERSION
|
cd Debian/ldap-account-manager-$VERSION
|
||||||
debuild -k478730308FBD512ADF09D38E7F3D136B2BCD7990
|
debuild
|
||||||
cd ..
|
cd ..
|
||||||
rm -r ldap-account-manager-$VERSION
|
rm -r ldap-account-manager-$VERSION
|
||||||
cd ..
|
cd ..
|
||||||
|
|
|
@ -1,52 +1,8 @@
|
||||||
ldap-account-manager (7.3.RC1-1) unstable; urgency=medium
|
ldap-account-manager (6.6.RC1-1) unstable; urgency=medium
|
||||||
|
|
||||||
* new upstream release
|
* new upstream release
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Mon, 10 Aug 2020 19:25:33 +0200
|
-- Roland Gruber <post@rolandgruber.de> Mon, 10 Dec 2018 17:05:32 +0100
|
||||||
|
|
||||||
ldap-account-manager (7.2-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
* new upstream release
|
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Fri, 01 May 2020 08:04:56 +0200
|
|
||||||
|
|
||||||
ldap-account-manager (7.1-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
* new upstream release
|
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Mon, 16 Mar 2020 21:24:23 +0100
|
|
||||||
|
|
||||||
ldap-account-manager (7.0-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
* new upstream release
|
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Sat, 21 Dec 2019 19:53:45 +0100
|
|
||||||
|
|
||||||
ldap-account-manager (6.9-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
* new upstream release
|
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Sun, 29 Sep 2019 09:12:37 +0200
|
|
||||||
|
|
||||||
ldap-account-manager (6.8-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
* new upstream release
|
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Tue, 02 Jul 2019 12:26:45 +0200
|
|
||||||
|
|
||||||
ldap-account-manager (6.7-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
* new upstream release
|
|
||||||
* Fix "Depends on tcpdf which is considered unfit for buster" removed
|
|
||||||
dependency and embedded required parts (Closes: #923736)
|
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Mon, 25 Mar 2019 17:21:36 +0100
|
|
||||||
|
|
||||||
ldap-account-manager (6.6-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
* new upstream release
|
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Fri, 28 Dec 2018 11:08:14 +0100
|
|
||||||
|
|
||||||
ldap-account-manager (6.5-1) unstable; urgency=medium
|
ldap-account-manager (6.5-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
|
|
@ -2,26 +2,25 @@ Source: ldap-account-manager
|
||||||
Maintainer: Roland Gruber <post@rolandgruber.de>
|
Maintainer: Roland Gruber <post@rolandgruber.de>
|
||||||
Section: web
|
Section: web
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Standards-Version: 4.5.0
|
Standards-Version: 4.2.1
|
||||||
Build-Depends: debhelper (>= 9), po-debconf, cleancss, node-uglify
|
Build-Depends: debhelper (>= 9), po-debconf, cleancss, node-uglify
|
||||||
Homepage: https://www.ldap-account-manager.org/
|
Homepage: https://www.ldap-account-manager.org/
|
||||||
|
|
||||||
Package: ldap-account-manager
|
Package: ldap-account-manager
|
||||||
Architecture: all
|
Architecture: all
|
||||||
Depends: php (>= 7), php-ldap,
|
Depends: php5 (>= 5.4.26) | php (>= 7), php5-ldap | php-ldap,
|
||||||
php-gd | php-imagick,
|
php5-gd | php-gd | php5-imagick | php-imagick,
|
||||||
php-json, php-curl,
|
php5-json | php-json, php5-curl | php-curl,
|
||||||
php-zip, php-xml, php-gmp,
|
php5 | php-zip, php5 | php-xml,
|
||||||
libapache2-mod-php | libapache2-mod-fcgid | php-fpm,
|
libapache2-mod-php5 | libapache2-mod-php | libapache2-mod-fcgid | php5-fpm | php-fpm,
|
||||||
php-phpseclib (>= 2.0), php-monolog,
|
php-tcpdf, php-phpseclib (>= 2.0),
|
||||||
apache2 (>= 2.4.0) | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
|
apache2 (>= 2.4.0) | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
|
||||||
Recommends: php-opcache
|
Recommends: php-apc | php-opcache
|
||||||
Suggests: ldap-server, php-mcrypt, ldap-account-manager-lamdaemon, perl
|
Suggests: ldap-server, php5-mcrypt | php-mcrypt, ldap-account-manager-lamdaemon, perl
|
||||||
Conflicts: libapache2-mod-php5, php5, php5-fpm
|
|
||||||
Description: webfrontend for managing accounts in an LDAP directory
|
Description: webfrontend for managing accounts in an LDAP directory
|
||||||
LDAP Account Manager (LAM) runs on an existing webserver.
|
LDAP Account Manager (LAM) runs on an existing webserver.
|
||||||
It manages user, group and host accounts. Currently LAM
|
It manages user, group and host accounts. Currently LAM
|
||||||
supports these account types: Samba 3/4, Unix, Kolab,
|
supports these account types: Samba 3/4, Unix, Kolab 2/3,
|
||||||
address book entries, NIS mail aliases and MAC addresses.
|
address book entries, NIS mail aliases and MAC addresses.
|
||||||
There is an integrated LDAP browser to allow access to the
|
There is an integrated LDAP browser to allow access to the
|
||||||
raw LDAP attributes. You can use templates
|
raw LDAP attributes. You can use templates
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
This software is copyright (c) 2003 - 2020 by Roland Gruber
|
This software is copyright (c) 2003 - 2018 by Roland Gruber
|
||||||
|
|
||||||
If you purchased a copy of LDAP Account Manager Pro then the following
|
If you purchased a copy of LDAP Account Manager Pro then the following
|
||||||
files are licensed under the conditions which you accepted at purchase
|
files are licensed under the conditions which you accepted at purchase
|
||||||
|
@ -87,6 +87,7 @@ The complete license can be found in the file COPYING or in
|
||||||
Some parts of this package have other, compatible licences. These are:
|
Some parts of this package have other, compatible licences. These are:
|
||||||
|
|
||||||
A:
|
A:
|
||||||
|
|
||||||
DejaVu Fonts — License
|
DejaVu Fonts — License
|
||||||
|
|
||||||
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
|
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
|
||||||
|
@ -177,9 +178,7 @@ A:
|
||||||
Software without prior written authorization from Tavmjong Bah. For further
|
Software without prior written authorization from Tavmjong Bah. For further
|
||||||
information, contact: tavmjong @ free . fr.
|
information, contact: tavmjong @ free . fr.
|
||||||
|
|
||||||
|
|
||||||
B:
|
B:
|
||||||
MIT License
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining
|
Permission is hereby granted, free of charge, to any person obtaining
|
||||||
a copy of this software and associated documentation files (the
|
a copy of this software and associated documentation files (the
|
||||||
|
@ -201,777 +200,12 @@ B:
|
||||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
|
|
||||||
C:
|
|
||||||
New BSD License
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without modification,
|
|
||||||
are permitted provided that the following conditions are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright notice, this list
|
|
||||||
of conditions and the following disclaimer.
|
|
||||||
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright notice, this
|
|
||||||
list of conditions and the following disclaimer in the documentation and/or other
|
|
||||||
materials provided with the distribution.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
||||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
||||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
||||||
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
||||||
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
||||||
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
||||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
||||||
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
||||||
OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
D:
|
|
||||||
GNU LESSER GENERAL PUBLIC LICENSE
|
|
||||||
Version 3, 29 June 2007
|
|
||||||
|
|
||||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
|
||||||
of this license document, but changing it is not allowed.
|
|
||||||
|
|
||||||
|
|
||||||
This version of the GNU Lesser General Public License incorporates
|
|
||||||
the terms and conditions of version 3 of the GNU General Public
|
|
||||||
License, supplemented by the additional permissions listed below.
|
|
||||||
|
|
||||||
0. Additional Definitions.
|
|
||||||
|
|
||||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
|
||||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
|
||||||
General Public License.
|
|
||||||
|
|
||||||
"The Library" refers to a covered work governed by this License,
|
|
||||||
other than an Application or a Combined Work as defined below.
|
|
||||||
|
|
||||||
An "Application" is any work that makes use of an interface provided
|
|
||||||
by the Library, but which is not otherwise based on the Library.
|
|
||||||
Defining a subclass of a class defined by the Library is deemed a mode
|
|
||||||
of using an interface provided by the Library.
|
|
||||||
|
|
||||||
A "Combined Work" is a work produced by combining or linking an
|
|
||||||
Application with the Library. The particular version of the Library
|
|
||||||
with which the Combined Work was made is also called the "Linked
|
|
||||||
Version".
|
|
||||||
|
|
||||||
The "Minimal Corresponding Source" for a Combined Work means the
|
|
||||||
Corresponding Source for the Combined Work, excluding any source code
|
|
||||||
for portions of the Combined Work that, considered in isolation, are
|
|
||||||
based on the Application, and not on the Linked Version.
|
|
||||||
|
|
||||||
The "Corresponding Application Code" for a Combined Work means the
|
|
||||||
object code and/or source code for the Application, including any data
|
|
||||||
and utility programs needed for reproducing the Combined Work from the
|
|
||||||
Application, but excluding the System Libraries of the Combined Work.
|
|
||||||
|
|
||||||
1. Exception to Section 3 of the GNU GPL.
|
|
||||||
|
|
||||||
You may convey a covered work under sections 3 and 4 of this License
|
|
||||||
without being bound by section 3 of the GNU GPL.
|
|
||||||
|
|
||||||
2. Conveying Modified Versions.
|
|
||||||
|
|
||||||
If you modify a copy of the Library, and, in your modifications, a
|
|
||||||
facility refers to a function or data to be supplied by an Application
|
|
||||||
that uses the facility (other than as an argument passed when the
|
|
||||||
facility is invoked), then you may convey a copy of the modified
|
|
||||||
version:
|
|
||||||
|
|
||||||
a) under this License, provided that you make a good faith effort to
|
|
||||||
ensure that, in the event an Application does not supply the
|
|
||||||
function or data, the facility still operates, and performs
|
|
||||||
whatever part of its purpose remains meaningful, or
|
|
||||||
|
|
||||||
b) under the GNU GPL, with none of the additional permissions of
|
|
||||||
this License applicable to that copy.
|
|
||||||
|
|
||||||
3. Object Code Incorporating Material from Library Header Files.
|
|
||||||
|
|
||||||
The object code form of an Application may incorporate material from
|
|
||||||
a header file that is part of the Library. You may convey such object
|
|
||||||
code under terms of your choice, provided that, if the incorporated
|
|
||||||
material is not limited to numerical parameters, data structure
|
|
||||||
layouts and accessors, or small macros, inline functions and templates
|
|
||||||
(ten or fewer lines in length), you do both of the following:
|
|
||||||
|
|
||||||
a) Give prominent notice with each copy of the object code that the
|
|
||||||
Library is used in it and that the Library and its use are
|
|
||||||
covered by this License.
|
|
||||||
|
|
||||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
|
||||||
document.
|
|
||||||
|
|
||||||
4. Combined Works.
|
|
||||||
|
|
||||||
You may convey a Combined Work under terms of your choice that,
|
|
||||||
taken together, effectively do not restrict modification of the
|
|
||||||
portions of the Library contained in the Combined Work and reverse
|
|
||||||
engineering for debugging such modifications, if you also do each of
|
|
||||||
the following:
|
|
||||||
|
|
||||||
a) Give prominent notice with each copy of the Combined Work that
|
|
||||||
the Library is used in it and that the Library and its use are
|
|
||||||
covered by this License.
|
|
||||||
|
|
||||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
|
||||||
document.
|
|
||||||
|
|
||||||
c) For a Combined Work that displays copyright notices during
|
|
||||||
execution, include the copyright notice for the Library among
|
|
||||||
these notices, as well as a reference directing the user to the
|
|
||||||
copies of the GNU GPL and this license document.
|
|
||||||
|
|
||||||
d) Do one of the following:
|
|
||||||
|
|
||||||
0) Convey the Minimal Corresponding Source under the terms of this
|
|
||||||
License, and the Corresponding Application Code in a form
|
|
||||||
suitable for, and under terms that permit, the user to
|
|
||||||
recombine or relink the Application with a modified version of
|
|
||||||
the Linked Version to produce a modified Combined Work, in the
|
|
||||||
manner specified by section 6 of the GNU GPL for conveying
|
|
||||||
Corresponding Source.
|
|
||||||
|
|
||||||
1) Use a suitable shared library mechanism for linking with the
|
|
||||||
Library. A suitable mechanism is one that (a) uses at run time
|
|
||||||
a copy of the Library already present on the user's computer
|
|
||||||
system, and (b) will operate properly with a modified version
|
|
||||||
of the Library that is interface-compatible with the Linked
|
|
||||||
Version.
|
|
||||||
|
|
||||||
e) Provide Installation Information, but only if you would otherwise
|
|
||||||
be required to provide such information under section 6 of the
|
|
||||||
GNU GPL, and only to the extent that such information is
|
|
||||||
necessary to install and execute a modified version of the
|
|
||||||
Combined Work produced by recombining or relinking the
|
|
||||||
Application with a modified version of the Linked Version. (If
|
|
||||||
you use option 4d0, the Installation Information must accompany
|
|
||||||
the Minimal Corresponding Source and Corresponding Application
|
|
||||||
Code. If you use option 4d1, you must provide the Installation
|
|
||||||
Information in the manner specified by section 6 of the GNU GPL
|
|
||||||
for conveying Corresponding Source.)
|
|
||||||
|
|
||||||
5. Combined Libraries.
|
|
||||||
|
|
||||||
You may place library facilities that are a work based on the
|
|
||||||
Library side by side in a single library together with other library
|
|
||||||
facilities that are not Applications and are not covered by this
|
|
||||||
License, and convey such a combined library under terms of your
|
|
||||||
choice, if you do both of the following:
|
|
||||||
|
|
||||||
a) Accompany the combined library with a copy of the same work based
|
|
||||||
on the Library, uncombined with any other library facilities,
|
|
||||||
conveyed under the terms of this License.
|
|
||||||
|
|
||||||
b) Give prominent notice with the combined library that part of it
|
|
||||||
is a work based on the Library, and explaining where to find the
|
|
||||||
accompanying uncombined form of the same work.
|
|
||||||
|
|
||||||
6. Revised Versions of the GNU Lesser General Public License.
|
|
||||||
|
|
||||||
The Free Software Foundation may publish revised and/or new versions
|
|
||||||
of the GNU Lesser General Public License from time to time. Such new
|
|
||||||
versions will be similar in spirit to the present version, but may
|
|
||||||
differ in detail to address new problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the
|
|
||||||
Library as you received it specifies that a certain numbered version
|
|
||||||
of the GNU Lesser General Public License "or any later version"
|
|
||||||
applies to it, you have the option of following the terms and
|
|
||||||
conditions either of that published version or of any later version
|
|
||||||
published by the Free Software Foundation. If the Library as you
|
|
||||||
received it does not specify a version number of the GNU Lesser
|
|
||||||
General Public License, you may choose any version of the GNU Lesser
|
|
||||||
General Public License ever published by the Free Software Foundation.
|
|
||||||
|
|
||||||
If the Library as you received it specifies that a proxy can decide
|
|
||||||
whether future versions of the GNU Lesser General Public License shall
|
|
||||||
apply, that proxy's public statement of acceptance of any version is
|
|
||||||
permanent authorization for you to choose that version for the
|
|
||||||
Library.
|
|
||||||
|
|
||||||
|
|
||||||
E:
|
|
||||||
Duo
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
|
||||||
modification, are permitted provided that the following conditions
|
|
||||||
are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer.
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer in the
|
|
||||||
documentation and/or other materials provided with the distribution.
|
|
||||||
3. The name of the author may not be used to endorse or promote products
|
|
||||||
derived from this software without specific prior written permission.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
||||||
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
||||||
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
||||||
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
||||||
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
||||||
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
||||||
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
F:
|
|
||||||
3-Clause BSD License
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
|
||||||
modification, are permitted provided that the following conditions
|
|
||||||
are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer.
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer in the
|
|
||||||
documentation and/or other materials provided with the distribution.
|
|
||||||
3. Neither the name of the copyright holder nor the names of its
|
|
||||||
contributors may be used to endorse or promote products derived from
|
|
||||||
this software without specific prior written permission.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
|
||||||
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
|
||||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
||||||
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
|
||||||
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
||||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
||||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
||||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
||||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
||||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
||||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
G:
|
|
||||||
2-Clause BSD License
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without modification,
|
|
||||||
are permitted provided that the following conditions are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright notice,
|
|
||||||
this list of conditions and the following disclaimer.
|
|
||||||
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright notice,
|
|
||||||
this list of conditions and the following disclaimer in the documentation and/or
|
|
||||||
other materials provided with the distribution.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
||||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
||||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
||||||
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
||||||
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
||||||
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
||||||
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
||||||
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
||||||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
||||||
POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
H:
|
|
||||||
GNU LESSER GENERAL PUBLIC LICENSE
|
|
||||||
Version 2.1, February 1999
|
|
||||||
|
|
||||||
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
|
|
||||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
|
||||||
of this license document, but changing it is not allowed.
|
|
||||||
|
|
||||||
[This is the first released version of the Lesser GPL. It also counts
|
|
||||||
as the successor of the GNU Library Public License, version 2, hence
|
|
||||||
the version number 2.1.]
|
|
||||||
|
|
||||||
Preamble
|
|
||||||
|
|
||||||
The licenses for most software are designed to take away your
|
|
||||||
freedom to share and change it. By contrast, the GNU General Public
|
|
||||||
Licenses are intended to guarantee your freedom to share and change
|
|
||||||
free software--to make sure the software is free for all its users.
|
|
||||||
|
|
||||||
This license, the Lesser General Public License, applies to some
|
|
||||||
specially designated software packages--typically libraries--of the
|
|
||||||
Free Software Foundation and other authors who decide to use it. You
|
|
||||||
can use it too, but we suggest you first think carefully about whether
|
|
||||||
this license or the ordinary General Public License is the better
|
|
||||||
strategy to use in any particular case, based on the explanations below.
|
|
||||||
|
|
||||||
When we speak of free software, we are referring to freedom of use,
|
|
||||||
not price. Our General Public Licenses are designed to make sure that
|
|
||||||
you have the freedom to distribute copies of free software (and charge
|
|
||||||
for this service if you wish); that you receive source code or can get
|
|
||||||
it if you want it; that you can change the software and use pieces of
|
|
||||||
it in new free programs; and that you are informed that you can do
|
|
||||||
these things.
|
|
||||||
|
|
||||||
To protect your rights, we need to make restrictions that forbid
|
|
||||||
distributors to deny you these rights or to ask you to surrender these
|
|
||||||
rights. These restrictions translate to certain responsibilities for
|
|
||||||
you if you distribute copies of the library or if you modify it.
|
|
||||||
|
|
||||||
For example, if you distribute copies of the library, whether gratis
|
|
||||||
or for a fee, you must give the recipients all the rights that we gave
|
|
||||||
you. You must make sure that they, too, receive or can get the source
|
|
||||||
code. If you link other code with the library, you must provide
|
|
||||||
complete object files to the recipients, so that they can relink them
|
|
||||||
with the library after making changes to the library and recompiling
|
|
||||||
it. And you must show them these terms so they know their rights.
|
|
||||||
|
|
||||||
We protect your rights with a two-step method: (1) we copyright the
|
|
||||||
library, and (2) we offer you this license, which gives you legal
|
|
||||||
permission to copy, distribute and/or modify the library.
|
|
||||||
|
|
||||||
To protect each distributor, we want to make it very clear that
|
|
||||||
there is no warranty for the free library. Also, if the library is
|
|
||||||
modified by someone else and passed on, the recipients should know
|
|
||||||
that what they have is not the original version, so that the original
|
|
||||||
author's reputation will not be affected by problems that might be
|
|
||||||
introduced by others.
|
|
||||||
|
|
||||||
Finally, software patents pose a constant threat to the existence of
|
|
||||||
any free program. We wish to make sure that a company cannot
|
|
||||||
effectively restrict the users of a free program by obtaining a
|
|
||||||
restrictive license from a patent holder. Therefore, we insist that
|
|
||||||
any patent license obtained for a version of the library must be
|
|
||||||
consistent with the full freedom of use specified in this license.
|
|
||||||
|
|
||||||
Most GNU software, including some libraries, is covered by the
|
|
||||||
ordinary GNU General Public License. This license, the GNU Lesser
|
|
||||||
General Public License, applies to certain designated libraries, and
|
|
||||||
is quite different from the ordinary General Public License. We use
|
|
||||||
this license for certain libraries in order to permit linking those
|
|
||||||
libraries into non-free programs.
|
|
||||||
|
|
||||||
When a program is linked with a library, whether statically or using
|
|
||||||
a shared library, the combination of the two is legally speaking a
|
|
||||||
combined work, a derivative of the original library. The ordinary
|
|
||||||
General Public License therefore permits such linking only if the
|
|
||||||
entire combination fits its criteria of freedom. The Lesser General
|
|
||||||
Public License permits more lax criteria for linking other code with
|
|
||||||
the library.
|
|
||||||
|
|
||||||
We call this license the "Lesser" General Public License because it
|
|
||||||
does Less to protect the user's freedom than the ordinary General
|
|
||||||
Public License. It also provides other free software developers Less
|
|
||||||
of an advantage over competing non-free programs. These disadvantages
|
|
||||||
are the reason we use the ordinary General Public License for many
|
|
||||||
libraries. However, the Lesser license provides advantages in certain
|
|
||||||
special circumstances.
|
|
||||||
|
|
||||||
For example, on rare occasions, there may be a special need to
|
|
||||||
encourage the widest possible use of a certain library, so that it becomes
|
|
||||||
a de-facto standard. To achieve this, non-free programs must be
|
|
||||||
allowed to use the library. A more frequent case is that a free
|
|
||||||
library does the same job as widely used non-free libraries. In this
|
|
||||||
case, there is little to gain by limiting the free library to free
|
|
||||||
software only, so we use the Lesser General Public License.
|
|
||||||
|
|
||||||
In other cases, permission to use a particular library in non-free
|
|
||||||
programs enables a greater number of people to use a large body of
|
|
||||||
free software. For example, permission to use the GNU C Library in
|
|
||||||
non-free programs enables many more people to use the whole GNU
|
|
||||||
operating system, as well as its variant, the GNU/Linux operating
|
|
||||||
system.
|
|
||||||
|
|
||||||
Although the Lesser General Public License is Less protective of the
|
|
||||||
users' freedom, it does ensure that the user of a program that is
|
|
||||||
linked with the Library has the freedom and the wherewithal to run
|
|
||||||
that program using a modified version of the Library.
|
|
||||||
|
|
||||||
The precise terms and conditions for copying, distribution and
|
|
||||||
modification follow. Pay close attention to the difference between a
|
|
||||||
"work based on the library" and a "work that uses the library". The
|
|
||||||
former contains code derived from the library, whereas the latter must
|
|
||||||
be combined with the library in order to run.
|
|
||||||
|
|
||||||
GNU LESSER GENERAL PUBLIC LICENSE
|
|
||||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
|
||||||
|
|
||||||
0. This License Agreement applies to any software library or other
|
|
||||||
program which contains a notice placed by the copyright holder or
|
|
||||||
other authorized party saying it may be distributed under the terms of
|
|
||||||
this Lesser General Public License (also called "this License").
|
|
||||||
Each licensee is addressed as "you".
|
|
||||||
|
|
||||||
A "library" means a collection of software functions and/or data
|
|
||||||
prepared so as to be conveniently linked with application programs
|
|
||||||
(which use some of those functions and data) to form executables.
|
|
||||||
|
|
||||||
The "Library", below, refers to any such software library or work
|
|
||||||
which has been distributed under these terms. A "work based on the
|
|
||||||
Library" means either the Library or any derivative work under
|
|
||||||
copyright law: that is to say, a work containing the Library or a
|
|
||||||
portion of it, either verbatim or with modifications and/or translated
|
|
||||||
straightforwardly into another language. (Hereinafter, translation is
|
|
||||||
included without limitation in the term "modification".)
|
|
||||||
|
|
||||||
"Source code" for a work means the preferred form of the work for
|
|
||||||
making modifications to it. For a library, complete source code means
|
|
||||||
all the source code for all modules it contains, plus any associated
|
|
||||||
interface definition files, plus the scripts used to control compilation
|
|
||||||
and installation of the library.
|
|
||||||
|
|
||||||
Activities other than copying, distribution and modification are not
|
|
||||||
covered by this License; they are outside its scope. The act of
|
|
||||||
running a program using the Library is not restricted, and output from
|
|
||||||
such a program is covered only if its contents constitute a work based
|
|
||||||
on the Library (independent of the use of the Library in a tool for
|
|
||||||
writing it). Whether that is true depends on what the Library does
|
|
||||||
and what the program that uses the Library does.
|
|
||||||
|
|
||||||
1. You may copy and distribute verbatim copies of the Library's
|
|
||||||
complete source code as you receive it, in any medium, provided that
|
|
||||||
you conspicuously and appropriately publish on each copy an
|
|
||||||
appropriate copyright notice and disclaimer of warranty; keep intact
|
|
||||||
all the notices that refer to this License and to the absence of any
|
|
||||||
warranty; and distribute a copy of this License along with the
|
|
||||||
Library.
|
|
||||||
|
|
||||||
You may charge a fee for the physical act of transferring a copy,
|
|
||||||
and you may at your option offer warranty protection in exchange for a
|
|
||||||
fee.
|
|
||||||
|
|
||||||
2. You may modify your copy or copies of the Library or any portion
|
|
||||||
of it, thus forming a work based on the Library, and copy and
|
|
||||||
distribute such modifications or work under the terms of Section 1
|
|
||||||
above, provided that you also meet all of these conditions:
|
|
||||||
|
|
||||||
a) The modified work must itself be a software library.
|
|
||||||
|
|
||||||
b) You must cause the files modified to carry prominent notices
|
|
||||||
stating that you changed the files and the date of any change.
|
|
||||||
|
|
||||||
c) You must cause the whole of the work to be licensed at no
|
|
||||||
charge to all third parties under the terms of this License.
|
|
||||||
|
|
||||||
d) If a facility in the modified Library refers to a function or a
|
|
||||||
table of data to be supplied by an application program that uses
|
|
||||||
the facility, other than as an argument passed when the facility
|
|
||||||
is invoked, then you must make a good faith effort to ensure that,
|
|
||||||
in the event an application does not supply such function or
|
|
||||||
table, the facility still operates, and performs whatever part of
|
|
||||||
its purpose remains meaningful.
|
|
||||||
|
|
||||||
(For example, a function in a library to compute square roots has
|
|
||||||
a purpose that is entirely well-defined independent of the
|
|
||||||
application. Therefore, Subsection 2d requires that any
|
|
||||||
application-supplied function or table used by this function must
|
|
||||||
be optional: if the application does not supply it, the square
|
|
||||||
root function must still compute square roots.)
|
|
||||||
|
|
||||||
These requirements apply to the modified work as a whole. If
|
|
||||||
identifiable sections of that work are not derived from the Library,
|
|
||||||
and can be reasonably considered independent and separate works in
|
|
||||||
themselves, then this License, and its terms, do not apply to those
|
|
||||||
sections when you distribute them as separate works. But when you
|
|
||||||
distribute the same sections as part of a whole which is a work based
|
|
||||||
on the Library, the distribution of the whole must be on the terms of
|
|
||||||
this License, whose permissions for other licensees extend to the
|
|
||||||
entire whole, and thus to each and every part regardless of who wrote
|
|
||||||
it.
|
|
||||||
|
|
||||||
Thus, it is not the intent of this section to claim rights or contest
|
|
||||||
your rights to work written entirely by you; rather, the intent is to
|
|
||||||
exercise the right to control the distribution of derivative or
|
|
||||||
collective works based on the Library.
|
|
||||||
|
|
||||||
In addition, mere aggregation of another work not based on the Library
|
|
||||||
with the Library (or with a work based on the Library) on a volume of
|
|
||||||
a storage or distribution medium does not bring the other work under
|
|
||||||
the scope of this License.
|
|
||||||
|
|
||||||
3. You may opt to apply the terms of the ordinary GNU General Public
|
|
||||||
License instead of this License to a given copy of the Library. To do
|
|
||||||
this, you must alter all the notices that refer to this License, so
|
|
||||||
that they refer to the ordinary GNU General Public License, version 2,
|
|
||||||
instead of to this License. (If a newer version than version 2 of the
|
|
||||||
ordinary GNU General Public License has appeared, then you can specify
|
|
||||||
that version instead if you wish.) Do not make any other change in
|
|
||||||
these notices.
|
|
||||||
|
|
||||||
Once this change is made in a given copy, it is irreversible for
|
|
||||||
that copy, so the ordinary GNU General Public License applies to all
|
|
||||||
subsequent copies and derivative works made from that copy.
|
|
||||||
|
|
||||||
This option is useful when you wish to copy part of the code of
|
|
||||||
the Library into a program that is not a library.
|
|
||||||
|
|
||||||
4. You may copy and distribute the Library (or a portion or
|
|
||||||
derivative of it, under Section 2) in object code or executable form
|
|
||||||
under the terms of Sections 1 and 2 above provided that you accompany
|
|
||||||
it with the complete corresponding machine-readable source code, which
|
|
||||||
must be distributed under the terms of Sections 1 and 2 above on a
|
|
||||||
medium customarily used for software interchange.
|
|
||||||
|
|
||||||
If distribution of object code is made by offering access to copy
|
|
||||||
from a designated place, then offering equivalent access to copy the
|
|
||||||
source code from the same place satisfies the requirement to
|
|
||||||
distribute the source code, even though third parties are not
|
|
||||||
compelled to copy the source along with the object code.
|
|
||||||
|
|
||||||
5. A program that contains no derivative of any portion of the
|
|
||||||
Library, but is designed to work with the Library by being compiled or
|
|
||||||
linked with it, is called a "work that uses the Library". Such a
|
|
||||||
work, in isolation, is not a derivative work of the Library, and
|
|
||||||
therefore falls outside the scope of this License.
|
|
||||||
|
|
||||||
However, linking a "work that uses the Library" with the Library
|
|
||||||
creates an executable that is a derivative of the Library (because it
|
|
||||||
contains portions of the Library), rather than a "work that uses the
|
|
||||||
library". The executable is therefore covered by this License.
|
|
||||||
Section 6 states terms for distribution of such executables.
|
|
||||||
|
|
||||||
When a "work that uses the Library" uses material from a header file
|
|
||||||
that is part of the Library, the object code for the work may be a
|
|
||||||
derivative work of the Library even though the source code is not.
|
|
||||||
Whether this is true is especially significant if the work can be
|
|
||||||
linked without the Library, or if the work is itself a library. The
|
|
||||||
threshold for this to be true is not precisely defined by law.
|
|
||||||
|
|
||||||
If such an object file uses only numerical parameters, data
|
|
||||||
structure layouts and accessors, and small macros and small inline
|
|
||||||
functions (ten lines or less in length), then the use of the object
|
|
||||||
file is unrestricted, regardless of whether it is legally a derivative
|
|
||||||
work. (Executables containing this object code plus portions of the
|
|
||||||
Library will still fall under Section 6.)
|
|
||||||
|
|
||||||
Otherwise, if the work is a derivative of the Library, you may
|
|
||||||
distribute the object code for the work under the terms of Section 6.
|
|
||||||
Any executables containing that work also fall under Section 6,
|
|
||||||
whether or not they are linked directly with the Library itself.
|
|
||||||
|
|
||||||
6. As an exception to the Sections above, you may also combine or
|
|
||||||
link a "work that uses the Library" with the Library to produce a
|
|
||||||
work containing portions of the Library, and distribute that work
|
|
||||||
under terms of your choice, provided that the terms permit
|
|
||||||
modification of the work for the customer's own use and reverse
|
|
||||||
engineering for debugging such modifications.
|
|
||||||
|
|
||||||
You must give prominent notice with each copy of the work that the
|
|
||||||
Library is used in it and that the Library and its use are covered by
|
|
||||||
this License. You must supply a copy of this License. If the work
|
|
||||||
during execution displays copyright notices, you must include the
|
|
||||||
copyright notice for the Library among them, as well as a reference
|
|
||||||
directing the user to the copy of this License. Also, you must do one
|
|
||||||
of these things:
|
|
||||||
|
|
||||||
a) Accompany the work with the complete corresponding
|
|
||||||
machine-readable source code for the Library including whatever
|
|
||||||
changes were used in the work (which must be distributed under
|
|
||||||
Sections 1 and 2 above); and, if the work is an executable linked
|
|
||||||
with the Library, with the complete machine-readable "work that
|
|
||||||
uses the Library", as object code and/or source code, so that the
|
|
||||||
user can modify the Library and then relink to produce a modified
|
|
||||||
executable containing the modified Library. (It is understood
|
|
||||||
that the user who changes the contents of definitions files in the
|
|
||||||
Library will not necessarily be able to recompile the application
|
|
||||||
to use the modified definitions.)
|
|
||||||
|
|
||||||
b) Use a suitable shared library mechanism for linking with the
|
|
||||||
Library. A suitable mechanism is one that (1) uses at run time a
|
|
||||||
copy of the library already present on the user's computer system,
|
|
||||||
rather than copying library functions into the executable, and (2)
|
|
||||||
will operate properly with a modified version of the library, if
|
|
||||||
the user installs one, as long as the modified version is
|
|
||||||
interface-compatible with the version that the work was made with.
|
|
||||||
|
|
||||||
c) Accompany the work with a written offer, valid for at
|
|
||||||
least three years, to give the same user the materials
|
|
||||||
specified in Subsection 6a, above, for a charge no more
|
|
||||||
than the cost of performing this distribution.
|
|
||||||
|
|
||||||
d) If distribution of the work is made by offering access to copy
|
|
||||||
from a designated place, offer equivalent access to copy the above
|
|
||||||
specified materials from the same place.
|
|
||||||
|
|
||||||
e) Verify that the user has already received a copy of these
|
|
||||||
materials or that you have already sent this user a copy.
|
|
||||||
|
|
||||||
For an executable, the required form of the "work that uses the
|
|
||||||
Library" must include any data and utility programs needed for
|
|
||||||
reproducing the executable from it. However, as a special exception,
|
|
||||||
the materials to be distributed need not include anything that is
|
|
||||||
normally distributed (in either source or binary form) with the major
|
|
||||||
components (compiler, kernel, and so on) of the operating system on
|
|
||||||
which the executable runs, unless that component itself accompanies
|
|
||||||
the executable.
|
|
||||||
|
|
||||||
It may happen that this requirement contradicts the license
|
|
||||||
restrictions of other proprietary libraries that do not normally
|
|
||||||
accompany the operating system. Such a contradiction means you cannot
|
|
||||||
use both them and the Library together in an executable that you
|
|
||||||
distribute.
|
|
||||||
|
|
||||||
7. You may place library facilities that are a work based on the
|
|
||||||
Library side-by-side in a single library together with other library
|
|
||||||
facilities not covered by this License, and distribute such a combined
|
|
||||||
library, provided that the separate distribution of the work based on
|
|
||||||
the Library and of the other library facilities is otherwise
|
|
||||||
permitted, and provided that you do these two things:
|
|
||||||
|
|
||||||
a) Accompany the combined library with a copy of the same work
|
|
||||||
based on the Library, uncombined with any other library
|
|
||||||
facilities. This must be distributed under the terms of the
|
|
||||||
Sections above.
|
|
||||||
|
|
||||||
b) Give prominent notice with the combined library of the fact
|
|
||||||
that part of it is a work based on the Library, and explaining
|
|
||||||
where to find the accompanying uncombined form of the same work.
|
|
||||||
|
|
||||||
8. You may not copy, modify, sublicense, link with, or distribute
|
|
||||||
the Library except as expressly provided under this License. Any
|
|
||||||
attempt otherwise to copy, modify, sublicense, link with, or
|
|
||||||
distribute the Library is void, and will automatically terminate your
|
|
||||||
rights under this License. However, parties who have received copies,
|
|
||||||
or rights, from you under this License will not have their licenses
|
|
||||||
terminated so long as such parties remain in full compliance.
|
|
||||||
|
|
||||||
9. You are not required to accept this License, since you have not
|
|
||||||
signed it. However, nothing else grants you permission to modify or
|
|
||||||
distribute the Library or its derivative works. These actions are
|
|
||||||
prohibited by law if you do not accept this License. Therefore, by
|
|
||||||
modifying or distributing the Library (or any work based on the
|
|
||||||
Library), you indicate your acceptance of this License to do so, and
|
|
||||||
all its terms and conditions for copying, distributing or modifying
|
|
||||||
the Library or works based on it.
|
|
||||||
|
|
||||||
10. Each time you redistribute the Library (or any work based on the
|
|
||||||
Library), the recipient automatically receives a license from the
|
|
||||||
original licensor to copy, distribute, link with or modify the Library
|
|
||||||
subject to these terms and conditions. You may not impose any further
|
|
||||||
restrictions on the recipients' exercise of the rights granted herein.
|
|
||||||
You are not responsible for enforcing compliance by third parties with
|
|
||||||
this License.
|
|
||||||
|
|
||||||
11. If, as a consequence of a court judgment or allegation of patent
|
|
||||||
infringement or for any other reason (not limited to patent issues),
|
|
||||||
conditions are imposed on you (whether by court order, agreement or
|
|
||||||
otherwise) that contradict the conditions of this License, they do not
|
|
||||||
excuse you from the conditions of this License. If you cannot
|
|
||||||
distribute so as to satisfy simultaneously your obligations under this
|
|
||||||
License and any other pertinent obligations, then as a consequence you
|
|
||||||
may not distribute the Library at all. For example, if a patent
|
|
||||||
license would not permit royalty-free redistribution of the Library by
|
|
||||||
all those who receive copies directly or indirectly through you, then
|
|
||||||
the only way you could satisfy both it and this License would be to
|
|
||||||
refrain entirely from distribution of the Library.
|
|
||||||
|
|
||||||
If any portion of this section is held invalid or unenforceable under any
|
|
||||||
particular circumstance, the balance of the section is intended to apply,
|
|
||||||
and the section as a whole is intended to apply in other circumstances.
|
|
||||||
|
|
||||||
It is not the purpose of this section to induce you to infringe any
|
|
||||||
patents or other property right claims or to contest validity of any
|
|
||||||
such claims; this section has the sole purpose of protecting the
|
|
||||||
integrity of the free software distribution system which is
|
|
||||||
implemented by public license practices. Many people have made
|
|
||||||
generous contributions to the wide range of software distributed
|
|
||||||
through that system in reliance on consistent application of that
|
|
||||||
system; it is up to the author/donor to decide if he or she is willing
|
|
||||||
to distribute software through any other system and a licensee cannot
|
|
||||||
impose that choice.
|
|
||||||
|
|
||||||
This section is intended to make thoroughly clear what is believed to
|
|
||||||
be a consequence of the rest of this License.
|
|
||||||
|
|
||||||
12. If the distribution and/or use of the Library is restricted in
|
|
||||||
certain countries either by patents or by copyrighted interfaces, the
|
|
||||||
original copyright holder who places the Library under this License may add
|
|
||||||
an explicit geographical distribution limitation excluding those countries,
|
|
||||||
so that distribution is permitted only in or among countries not thus
|
|
||||||
excluded. In such case, this License incorporates the limitation as if
|
|
||||||
written in the body of this License.
|
|
||||||
|
|
||||||
13. The Free Software Foundation may publish revised and/or new
|
|
||||||
versions of the Lesser General Public License from time to time.
|
|
||||||
Such new versions will be similar in spirit to the present version,
|
|
||||||
but may differ in detail to address new problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the Library
|
|
||||||
specifies a version number of this License which applies to it and
|
|
||||||
"any later version", you have the option of following the terms and
|
|
||||||
conditions either of that version or of any later version published by
|
|
||||||
the Free Software Foundation. If the Library does not specify a
|
|
||||||
license version number, you may choose any version ever published by
|
|
||||||
the Free Software Foundation.
|
|
||||||
|
|
||||||
14. If you wish to incorporate parts of the Library into other free
|
|
||||||
programs whose distribution conditions are incompatible with these,
|
|
||||||
write to the author to ask for permission. For software which is
|
|
||||||
copyrighted by the Free Software Foundation, write to the Free
|
|
||||||
Software Foundation; we sometimes make exceptions for this. Our
|
|
||||||
decision will be guided by the two goals of preserving the free status
|
|
||||||
of all derivatives of our free software and of promoting the sharing
|
|
||||||
and reuse of software generally.
|
|
||||||
|
|
||||||
NO WARRANTY
|
|
||||||
|
|
||||||
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
|
|
||||||
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
|
|
||||||
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
|
||||||
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
|
|
||||||
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
|
|
||||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
||||||
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
|
|
||||||
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
|
|
||||||
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
|
||||||
|
|
||||||
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
|
|
||||||
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
|
|
||||||
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
|
|
||||||
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
|
|
||||||
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
|
|
||||||
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
|
|
||||||
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
|
|
||||||
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
|
|
||||||
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
|
|
||||||
DAMAGES.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Programs and licenses with other licenses and/or authors than the
|
Programs and licenses with other licenses and/or authors than the
|
||||||
main license and authors:
|
main license and authors:
|
||||||
|
|
||||||
lib/3rdParty/composer/beberlei G 2013 Benjamin Eberlei
|
lib/3rdParty/tcpdf/fonts/DejaVu*.ttf A Public Domain, Bitstream, Inc., Tavmjong Bah
|
||||||
lib/3rdParty/composer/composer B Nils Adermann, Jordi Boggiano
|
lib/3rdParty/tcpdf/fonts/DejaVu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
|
||||||
lib/3rdParty/composer/fgrosse B 2015 Friedrich Große
|
lib/3rdParty/phpseclib B Jim Wigginton
|
||||||
lib/3rdParty/composer/nyholm B 2016 Tobias Nyholm
|
|
||||||
lib/3rdParty/composer/paragonie B 2015 Paragon Initiative Enterprises
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Crypt_Blowfish H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Exception H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Idna G
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Imap_Client H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_ListHeaders H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mail G
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mime H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Secret H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Socket_Client H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Filter H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Wrapper G
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Support G
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Text_Flowed H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Translation H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Util H
|
|
||||||
lib/3rdParty/composer/php-http B 2015 PHP HTTP Team
|
|
||||||
lib/3rdParty/composer/phpmailer H
|
|
||||||
lib/3rdParty/composer/psr B 2018 PHP Framework Interoperability Group
|
|
||||||
lib/3rdParty/composer/ramsey B 2018 Ben Ramsey
|
|
||||||
lib/3rdParty/composer/spomky-labs B 2018 Spomky-Labs
|
|
||||||
lib/3rdParty/composer/symfony B 2019 Fabien Potencier
|
|
||||||
lib/3rdParty/composer/web-auth B 2018 Spomky-Labs
|
|
||||||
lib/3rdParty/tcpdf D 2020 Nicola Asuni - Tecnick.com LTD
|
|
||||||
lib/3rdParty/tcpdf/fonts/dejavu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
|
|
||||||
lib/3rdParty/phpseclib B 2019 TerraFrost and other contributors
|
|
||||||
lib/3rdParty/Monolog B 2011 Jordi Boggiano
|
|
||||||
lib/3rdParty/Psr B 2012 PHP Framework Interoperability Group
|
|
||||||
lib/3rdParty/yubico/Yubico.php C 2015 Yubico AB
|
|
||||||
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
|
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
|
||||||
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
|
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
|
||||||
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
|
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
|
||||||
|
@ -982,11 +216,9 @@ templates/lib/*jquery-validationEngine-*.js B 2010 Ce
|
||||||
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
|
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
|
||||||
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
||||||
style/600_cropper*.css B 2018 Chen Fengyuan
|
style/600_cropper*.css B 2018 Chen Fengyuan
|
||||||
templates/lib/extra/duo/*.js E 2019 Duo Security
|
|
||||||
lib/3rdParty/duo/*.php E 2019 Duo Security
|
|
||||||
graphics/webauthn.svg F 2017 Duo Security, Inc.
|
|
||||||
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
|
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
|
||||||
style/610_magnific-popup.css B 2016 Dmitry Semenov
|
style/610_magnific-popup.css B 2016 Dmitry Semenov
|
||||||
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
||||||
style/responsive/110_grid.css B
|
style/responsive/110_grid.css B
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@ fi
|
||||||
files=`ls style/*.css`
|
files=`ls style/*.css`
|
||||||
outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css
|
outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css
|
||||||
if [ ! -e $outFile ]; then
|
if [ ! -e $outFile ]; then
|
||||||
cat $files | cleancss --skip-rebase -o ${outFile}
|
cat $files | cleancss -o ${outFile}
|
||||||
rm $files
|
rm $files
|
||||||
# add final new line to supress Debian warnings
|
# add final new line to supress Debian warnings
|
||||||
echo "" >> $outFile
|
echo "" >> $outFile
|
||||||
|
|
|
@ -10,7 +10,7 @@ fi
|
||||||
db_version 2.0 || [ $? -lt 30 ]
|
db_version 2.0 || [ $? -lt 30 ]
|
||||||
|
|
||||||
# 3rd party libs
|
# 3rd party libs
|
||||||
phpThirdPartyLibs='phpseclib Monolog Psr'
|
phpThirdPartyLibs='phpseclib tcpdf'
|
||||||
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
||||||
if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then
|
if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then
|
||||||
ln -s /usr/share/php/${phpThirdPartyLib} /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
ln -s /usr/share/php/${phpThirdPartyLib} /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
||||||
|
@ -36,15 +36,12 @@ files=`ls -a *.jpg`
|
||||||
for file in $files; do
|
for file in $files; do
|
||||||
cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
|
cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
|
||||||
done
|
done
|
||||||
if [ ! -h /usr/share/ldap-account-manager/config ]; then
|
if [ ! -h /usr/share/ldap-account-manager/config ]; then\
|
||||||
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
|
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi
|
||||||
fi
|
if [ ! -h /usr/share/ldap-account-manager/sess ]; then\
|
||||||
if [ ! -h /usr/share/ldap-account-manager/sess ]; then
|
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi
|
||||||
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
|
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\
|
||||||
fi
|
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi
|
||||||
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
|
|
||||||
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
|
|
||||||
fi
|
|
||||||
chown www-data /etc/ldap-account-manager/config.cfg
|
chown www-data /etc/ldap-account-manager/config.cfg
|
||||||
chmod 600 /etc/ldap-account-manager/config.cfg
|
chmod 600 /etc/ldap-account-manager/config.cfg
|
||||||
chown www-data /var/lib/ldap-account-manager/sess
|
chown www-data /var/lib/ldap-account-manager/sess
|
||||||
|
@ -54,14 +51,9 @@ chown www-data /var/lib/ldap-account-manager/tmp/internal
|
||||||
chmod 700 /var/lib/ldap-account-manager/tmp
|
chmod 700 /var/lib/ldap-account-manager/tmp
|
||||||
chown -R www-data /var/lib/ldap-account-manager/config
|
chown -R www-data /var/lib/ldap-account-manager/config
|
||||||
chmod 700 /var/lib/ldap-account-manager/config
|
chmod 700 /var/lib/ldap-account-manager/config
|
||||||
set +e
|
if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \
|
||||||
ls -l /var/lib/ldap-account-manager/config/*.conf &> /dev/null
|
then cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf; \
|
||||||
cfgFilesExist=$?
|
chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi
|
||||||
set -e
|
|
||||||
if [ $cfgFilesExist -ne 0 ]; then
|
|
||||||
cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf
|
|
||||||
chown www-data /var/lib/ldap-account-manager/config/lam.conf
|
|
||||||
fi
|
|
||||||
chmod 600 /var/lib/ldap-account-manager/config/*.conf
|
chmod 600 /var/lib/ldap-account-manager/config/*.conf
|
||||||
if [ "$1" = "configure" ]; then
|
if [ "$1" = "configure" ]; then
|
||||||
db_get "ldap-account-manager/alias"
|
db_get "ldap-account-manager/alias"
|
||||||
|
|
|
@ -50,7 +50,7 @@ if [ -f /usr/share/debconf/confmodule ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 3rd party libs
|
# 3rd party libs
|
||||||
phpThirdPartyLibs='phpseclib tcpdf Monolog Psr'
|
phpThirdPartyLibs='phpseclib tcpdf'
|
||||||
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
||||||
if [ -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then
|
if [ -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then
|
||||||
rm /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
rm /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if [ "$1" != "upgrade" ]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# 3rd party libs
|
|
||||||
phpThirdPartyLibs='phpseclib tcpdf Monolog Psr'
|
|
||||||
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
|
||||||
if [ -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then
|
|
||||||
rm /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
#DEBHELPER#
|
|
|
@ -23,7 +23,6 @@ install:
|
||||||
|
|
||||||
install -D --mode=644 index.html debian/ldap-account-manager/usr/share/ldap-account-manager/index.html
|
install -D --mode=644 index.html debian/ldap-account-manager/usr/share/ldap-account-manager/index.html
|
||||||
install -D --mode=644 VERSION debian/ldap-account-manager/usr/share/ldap-account-manager/VERSION
|
install -D --mode=644 VERSION debian/ldap-account-manager/usr/share/ldap-account-manager/VERSION
|
||||||
install -D --mode=644 pwa_worker.js debian/ldap-account-manager/usr/share/ldap-account-manager/pwa_worker.js
|
|
||||||
install -D --mode=644 tmp/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/.htaccess
|
install -D --mode=644 tmp/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/.htaccess
|
||||||
install -D --mode=644 tmp/internal/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/internal/.htaccess
|
install -D --mode=644 tmp/internal/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/internal/.htaccess
|
||||||
install -D --mode=644 config/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/config/.htaccess
|
install -D --mode=644 config/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/config/.htaccess
|
||||||
|
@ -47,10 +46,6 @@ install:
|
||||||
|
|
||||||
# 3rd party libs are linked
|
# 3rd party libs are linked
|
||||||
install -d --mode=755 debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty
|
install -d --mode=755 debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty
|
||||||
cp -r lib/3rdParty/composer debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
|
|
||||||
cp -r lib/3rdParty/yubico debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
|
|
||||||
cp -r lib/3rdParty/tcpdf debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
|
|
||||||
cp -r lib/3rdParty/duo debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
|
|
||||||
|
|
||||||
cp -r locale debian/ldap-account-manager/usr/share/ldap-account-manager/
|
cp -r locale debian/ldap-account-manager/usr/share/ldap-account-manager/
|
||||||
install -D --mode=644 sess/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/sess/.htaccess
|
install -D --mode=644 sess/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/sess/.htaccess
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
#
|
|
||||||
# LAM setup
|
|
||||||
#
|
|
||||||
# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false)
|
|
||||||
# If set to false the other variables below have no effect.
|
|
||||||
LAM_SKIP_PRECONFIGURE=false
|
|
||||||
# domain of LDAP database root entry, will be converted to dc=...,dc=...
|
|
||||||
LDAP_DOMAIN=my-domain.com
|
|
||||||
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
|
|
||||||
LDAP_BASE_DN=dc=my-domain,dc=com
|
|
||||||
# LDAP users DN to overwrite value provided by LDAP_BASE_DN
|
|
||||||
LDAP_USERS_DN=ou=people,dc=my-domain,dc=com
|
|
||||||
# LDAP groups DN to overwrite value provided by LDAP_BASE_DN
|
|
||||||
LDAP_GROUPS_DN=ou=groups,dc=my-domain,dc=com
|
|
||||||
|
|
||||||
# LDAP server URL
|
|
||||||
LDAP_SERVER=ldap://ldap:389
|
|
||||||
# LDAP admin user (set as login user for LAM)
|
|
||||||
LDAP_USER=cn=admin,dc=my-domain,dc=com
|
|
||||||
# default language, e.g. en_US, de_DE, fr_FR, ...
|
|
||||||
LAM_LANG=en_US
|
|
||||||
# LAM configuration master password and password for server profile "lam"
|
|
||||||
LAM_PASSWORD=lam
|
|
||||||
|
|
||||||
# deactivate TLS certificate checks, activate for development only
|
|
||||||
LAM_DISABLE_TLS_CHECK=false
|
|
||||||
|
|
||||||
#
|
|
||||||
# docker-compose only, LDAP server setup
|
|
||||||
#
|
|
||||||
# LDAP organisation name for OpenLDAP
|
|
||||||
LDAP_ORGANISATION="LDAP Account Manager Demo"
|
|
||||||
# LDAP admin password
|
|
||||||
LDAP_ADMIN_PASSWORD=adminpw
|
|
||||||
# password for LDAP read-only user
|
|
||||||
LDAP_READONLY_USER_PASSWORD=readonlypw
|
|
|
@ -1,112 +0,0 @@
|
||||||
#
|
|
||||||
# Docker image for LDAP Account Manager
|
|
||||||
|
|
||||||
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
|
||||||
# Copyright (C) 2019 - 2020 Roland Gruber
|
|
||||||
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program; if not, write to the Free Software
|
|
||||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
||||||
|
|
||||||
#
|
|
||||||
# Usage: run this command: docker run -p 8080:80 -it -d ldapaccountmanager/lam:stable
|
|
||||||
#
|
|
||||||
# Then access LAM at http://localhost:8080/
|
|
||||||
# You can change the port 8080 if needed.
|
|
||||||
# See possible environment variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
|
|
||||||
#
|
|
||||||
|
|
||||||
FROM debian:buster-slim
|
|
||||||
LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
|
|
||||||
|
|
||||||
ARG LAM_RELEASE=7.3.RC1
|
|
||||||
EXPOSE 80
|
|
||||||
|
|
||||||
ENV \
|
|
||||||
DEBIAN_FRONTEND=noninteractive \
|
|
||||||
DEBUG=''
|
|
||||||
|
|
||||||
RUN apt-get update && \
|
|
||||||
apt-get upgrade -y
|
|
||||||
|
|
||||||
# install locales
|
|
||||||
RUN apt-get install -y locales
|
|
||||||
RUN sed -i 's/^# *\(ca_ES.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(cz_CZ.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(de_DE.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(en_GB.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(es_ES.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(fr_FR.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(it_IT.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(hu_HU.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(nl_NL.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(pl_PL.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(pt_BR.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(ru_RU.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(sk_SK.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(tr_TR.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(uk_UA.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(ja_JP.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(zh_TW.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
sed -i 's/^# *\(zh_CN.UTF-8\)/\1/' /etc/locale.gen && \
|
|
||||||
locale-gen
|
|
||||||
|
|
||||||
RUN apt-get install --no-install-recommends -y \
|
|
||||||
apache2 \
|
|
||||||
ca-certificates \
|
|
||||||
dumb-init \
|
|
||||||
fonts-dejavu \
|
|
||||||
libapache2-mod-php \
|
|
||||||
php \
|
|
||||||
php-curl \
|
|
||||||
php-gd \
|
|
||||||
php-imagick \
|
|
||||||
php-ldap \
|
|
||||||
php-monolog \
|
|
||||||
php-phpseclib \
|
|
||||||
php-xml \
|
|
||||||
php-zip \
|
|
||||||
php-imap \
|
|
||||||
php-gmp \
|
|
||||||
wget \
|
|
||||||
&& \
|
|
||||||
rm /etc/apache2/sites-enabled/*default* && \
|
|
||||||
rm -rf /var/cache/apt /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# install LAM
|
|
||||||
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \
|
|
||||||
-O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
|
|
||||||
dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
|
|
||||||
rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
|
|
||||||
|
|
||||||
# redirect Apache logging
|
|
||||||
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
|
|
||||||
# because there is no logging set in the lam vhost logging goes to other_vhost_access.log
|
|
||||||
RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
|
|
||||||
|
|
||||||
# add redirect for /
|
|
||||||
RUN a2enmod rewrite
|
|
||||||
RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
|
|
||||||
&& echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
|
|
||||||
|
|
||||||
COPY start.sh /usr/local/bin/start.sh
|
|
||||||
|
|
||||||
WORKDIR /var/lib/ldap-account-manager/config
|
|
||||||
|
|
||||||
# start Apache when container starts
|
|
||||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
|
||||||
CMD [ "/usr/local/bin/start.sh" ]
|
|
||||||
|
|
||||||
HEALTHCHECK --interval=1m --timeout=10s \
|
|
||||||
CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>'
|
|
|
@ -1,42 +0,0 @@
|
||||||
version: '3.5'
|
|
||||||
services:
|
|
||||||
ldap-account-manager:
|
|
||||||
build:
|
|
||||||
context: .
|
|
||||||
image: ldapaccountmanager/lam:7.3.RC1
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
- "8080:80"
|
|
||||||
volumes:
|
|
||||||
- lametc/:/etc/ldap-account-manager
|
|
||||||
- lamconfig/:/var/lib/ldap-account-manager/config
|
|
||||||
- lamsession/:/var/lib/ldap-account-manager/sess
|
|
||||||
environment:
|
|
||||||
- LAM_PASSWORD=${LAM_PASSWORD}
|
|
||||||
- LAM_LANG=en_US
|
|
||||||
- LDAP_SERVER=${LDAP_SERVER}
|
|
||||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
|
||||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
|
||||||
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
|
|
||||||
- DEBUG=true
|
|
||||||
ldap:
|
|
||||||
image: osixia/openldap:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
|
||||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
|
||||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
|
||||||
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
|
||||||
- LDAP_READONLY_USER=true
|
|
||||||
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
|
||||||
command: "--loglevel info --copy-service"
|
|
||||||
volumes:
|
|
||||||
- ldap:/var/lib/ldap
|
|
||||||
- slapd:/etc/ldap/slapd.d
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
lametc:
|
|
||||||
lamconfig:
|
|
||||||
lamsession:
|
|
||||||
ldap:
|
|
||||||
slapd:
|
|
|
@ -1,66 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# Docker start script for LDAP Account Manager
|
|
||||||
|
|
||||||
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
|
||||||
# Copyright (C) 2019 Felix Bartels
|
|
||||||
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program; if not, write to the Free Software
|
|
||||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
||||||
|
|
||||||
|
|
||||||
set -eu # unset variables are errors & non-zero return values exit the whole script
|
|
||||||
[ "$DEBUG" ] && set -x
|
|
||||||
|
|
||||||
if [ "${LAM_DISABLE_TLS_CHECK:-}" == "true" ]; then
|
|
||||||
ln -s /etc/ldap/ldap.conf /etc/ldap.conf
|
|
||||||
echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}"
|
|
||||||
if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
|
|
||||||
|
|
||||||
LAM_LANG="${LAM_LANG:-en_US}"
|
|
||||||
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
|
|
||||||
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
|
|
||||||
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
|
|
||||||
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
|
|
||||||
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
|
|
||||||
LDAP_USERS_DN="${LDAP_USERS_DN:-${LDAP_BASE_DN}}"
|
|
||||||
LDAP_GROUPS_DN="${LDAP_GROUPS_DN:-${LDAP_BASE_DN}}"
|
|
||||||
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
|
|
||||||
|
|
||||||
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
|
|
||||||
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
|
|
||||||
EOF
|
|
||||||
unset LAM_PASSWORD
|
|
||||||
|
|
||||||
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
|
|
||||||
s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|;
|
|
||||||
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
|
|
||||||
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
|
|
||||||
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
|
|
||||||
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
|
|
||||||
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_USERS_DN}|;
|
|
||||||
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_GROUPS_DN}|;
|
|
||||||
EOF
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Starting Apache"
|
|
||||||
rm -f /run/apache2/apache2.pid
|
|
||||||
set +u
|
|
||||||
# shellcheck disable=SC1091
|
|
||||||
source /etc/apache2/envvars
|
|
||||||
exec /usr/sbin/apache2 -DFOREGROUND
|
|
109
lam/HISTORY
|
@ -1,97 +1,4 @@
|
||||||
September 2020
|
December 2018 6.6
|
||||||
- PHP 7.4 compatibility
|
|
||||||
- Configuration export and import
|
|
||||||
- Server profiles support to specify a part of the DN to hide
|
|
||||||
- Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2)
|
|
||||||
- Better error messages on login when account is expired/deactivated/...
|
|
||||||
- Personal/Windows: photo can be uploaded via webcam
|
|
||||||
- Windows users: group display format can be configured (cn/dn)
|
|
||||||
- LAM Pro:
|
|
||||||
-> Windows: new cron job to send users a summary of their managed groups
|
|
||||||
- Fixed bugs:
|
|
||||||
-> Unix groups: memberUid was not deleted correctly when forced sync with group of names is active
|
|
||||||
|
|
||||||
01.05.2020 7.2
|
|
||||||
- Unix: allow to create group with same name during user creation
|
|
||||||
- LAM Pro:
|
|
||||||
-> EMail sending can be done via SMTP without local mail server
|
|
||||||
-> License expiration warning can be sent via email or disabled
|
|
||||||
- Fixed bugs:
|
|
||||||
-> Captcha don't show anymore in Self Service login page (213)
|
|
||||||
-> Unix memberships cannot be changed. This issue can also affect other membership relations.
|
|
||||||
-> Missing locales on Docker image
|
|
||||||
|
|
||||||
|
|
||||||
17.03.2020 7.1
|
|
||||||
- PHP 7 required
|
|
||||||
- WebAuthn/FIDO2 support for 2-factor-authentication (requires PHP 7.2)
|
|
||||||
- IMAP: changed library to support latest TLS versions
|
|
||||||
- Personal: support display name (hidden by default in server profile)
|
|
||||||
- Windows users: support allowed workstations, more profile options
|
|
||||||
- Reactivated Polish translation
|
|
||||||
- LAM Pro:
|
|
||||||
-> PPolicy: support for password check module
|
|
||||||
-> Windows AD LDS support (users and groups)
|
|
||||||
-> User self registration: support Active Directory/Samba4
|
|
||||||
|
|
||||||
|
|
||||||
21.12.2019 7.0
|
|
||||||
- Lamdaemon can be configured with directory prefix for homedirs
|
|
||||||
- Account list filters match on substrings instead of whole value
|
|
||||||
- YubiKey: support to configure multiple verification servers
|
|
||||||
- Windows hosts: added last password change and last login
|
|
||||||
- Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish
|
|
||||||
Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included).
|
|
||||||
- Docker updates
|
|
||||||
- Fixed bugs:
|
|
||||||
-> Missing CSS for Duo
|
|
||||||
-> Editing of DNs with comma on Windows (210)
|
|
||||||
|
|
||||||
|
|
||||||
29.09.2019 6.9
|
|
||||||
- Group account types can show member+owner count in list view
|
|
||||||
- 2-factor authentication:
|
|
||||||
-> Duo support
|
|
||||||
-> user name attribute for privacyIDEA can be specified
|
|
||||||
- LAM Pro:
|
|
||||||
-> New self service settings for login and main page footer
|
|
||||||
-> Custom fields: custom labels for LDAP search select list
|
|
||||||
- Fixed bugs:
|
|
||||||
-> Configuration issue with Unix user/host module (206)
|
|
||||||
|
|
||||||
|
|
||||||
02.07.2019 6.8
|
|
||||||
- Parallel editing of multiple entries in different browser tabs supported
|
|
||||||
- LAM supports the progressive web app standard which allows to install LAM as an icon on home screen
|
|
||||||
- Windows: added home drive and force password change to profile editor
|
|
||||||
- Unix: password management can be disabled in module settings
|
|
||||||
- LAM Pro:
|
|
||||||
-> Bind DLZ: entry table can show record data (use special attribute "#records" in server profile)
|
|
||||||
-> Self service: support legacy attribute "email" for password self reset and user self registration
|
|
||||||
- Fixed bugs:
|
|
||||||
-> Users: No drop-down filter box for account status (200)
|
|
||||||
-> Custom fields: Account type "Groups" not saving/deleting fields (66)
|
|
||||||
|
|
||||||
|
|
||||||
25.03.2019 6.7
|
|
||||||
- Added YubiKey as 2-factor authentication provider
|
|
||||||
- Support logging to remote syslog server
|
|
||||||
- PHP 7.3 support
|
|
||||||
- LAM Pro:
|
|
||||||
-> Allow to mark text and text area fields as required
|
|
||||||
-> New self service fields:
|
|
||||||
-> Mail routing
|
|
||||||
-> Windows proxy addresses + mail alias
|
|
||||||
-> Shadow account expiration date
|
|
||||||
-> Unix and group of names memberships
|
|
||||||
-> Base URL for emails in self service can be configured in self service profile
|
|
||||||
-> Bind DLZ: support DNAME+XFR records and descriptions in records (requires latest LDAP schema)
|
|
||||||
-> Cron jobs: added Shadow account expiration notification job
|
|
||||||
- Fixed bugs:
|
|
||||||
-> Allow tree-only configurations without any other tab
|
|
||||||
|
|
||||||
|
|
||||||
28.12.2018 6.6
|
|
||||||
- New import/export in tools menu
|
- New import/export in tools menu
|
||||||
- YubiKey support
|
- YubiKey support
|
||||||
- Windows users:
|
- Windows users:
|
||||||
|
@ -338,7 +245,7 @@ September 2020
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
-> Password self reset and user self registration support to set a header text
|
-> Password self reset and user self registration support to set a header text
|
||||||
-> Sudo roles: support latest schema
|
-> Sudo roles: support latest schema
|
||||||
-> Bind DLZ: automatic PTR management (disabled by default) and better formatting of e.g. TTL values
|
-> Bind DLZ: automatic PTR management (disabled by default) and better formating of e.g. TTL values
|
||||||
|
|
||||||
|
|
||||||
18.03.2014 4.5
|
18.03.2014 4.5
|
||||||
|
@ -530,7 +437,7 @@ September 2020
|
||||||
-> support to read user name from uid attribute
|
-> support to read user name from uid attribute
|
||||||
-> added quota management
|
-> added quota management
|
||||||
- Personal: added additional options for account profiles
|
- Personal: added additional options for account profiles
|
||||||
- Mail aliases: sort recipients (RFE 3170336)
|
- Mail aliases: sort receipients (RFE 3170336)
|
||||||
- Asterisk: support all attributes (can be disabled in configuration)
|
- Asterisk: support all attributes (can be disabled in configuration)
|
||||||
- Samba 3/Shadow: allow to sync expiration date (RFE 3147751)
|
- Samba 3/Shadow: allow to sync expiration date (RFE 3147751)
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
|
@ -657,7 +564,7 @@ September 2020
|
||||||
21.01.2009 2.5.0
|
21.01.2009 2.5.0
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
-> supports rfc2307bis schema for Unix groups (RFE 2111694)
|
-> supports rfc2307bis schema for Unix groups (RFE 2111694)
|
||||||
-> added alias management (object classes alias + uidObject) (RFE 1912779)
|
-> added alias manangement (object classes alias + uidObject) (RFE 1912779)
|
||||||
- Shadow: module is now optional when creating new accounts
|
- Shadow: module is now optional when creating new accounts
|
||||||
- Kolab:
|
- Kolab:
|
||||||
-> account extension is now optional
|
-> account extension is now optional
|
||||||
|
@ -846,7 +753,7 @@ September 2020
|
||||||
- security: LAM checks the session id and client IP
|
- security: LAM checks the session id and client IP
|
||||||
- fixed bugs:
|
- fixed bugs:
|
||||||
-> Samba 3: hash values were wrong in some rare cases (1440021)
|
-> Samba 3: hash values were wrong in some rare cases (1440021)
|
||||||
-> Samba 3: re-added time zone selection for logon hours (1407761)
|
-> Samba 3: readded time zone selection for logon hours (1407761)
|
||||||
-> Unix: call of unknown function (1450464)
|
-> Unix: call of unknown function (1450464)
|
||||||
|
|
||||||
|
|
||||||
|
@ -983,7 +890,7 @@ September 2020
|
||||||
-> dynamic configuration options (based on modules)
|
-> dynamic configuration options (based on modules)
|
||||||
- all pages in UTF-8
|
- all pages in UTF-8
|
||||||
- added developer documentation
|
- added developer documentation
|
||||||
- PHPDoc formatted comments
|
- PHPDoc formated comments
|
||||||
- new plugin for managing MAC addresses (RFE 926017)
|
- new plugin for managing MAC addresses (RFE 926017)
|
||||||
- new plugin for managing NIS mail aliases (RFE 1050036)
|
- new plugin for managing NIS mail aliases (RFE 1050036)
|
||||||
- new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137)
|
- new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137)
|
||||||
|
@ -1045,7 +952,7 @@ September 2020
|
||||||
if magic_quotes_gpc in php.ini is was set to "Off", several pages did not work
|
if magic_quotes_gpc in php.ini is was set to "Off", several pages did not work
|
||||||
some smaller bugs in mass upload
|
some smaller bugs in mass upload
|
||||||
Samba hash values for hosts were not correct
|
Samba hash values for hosts were not correct
|
||||||
Unix passwords could be disabled but not re-enabled
|
Unix passwords could be disabled but not reenabled
|
||||||
fixed problem with eval() in status.inc (894433)
|
fixed problem with eval() in status.inc (894433)
|
||||||
|
|
||||||
|
|
||||||
|
@ -1068,7 +975,7 @@ September 2020
|
||||||
- better error handling at login
|
- better error handling at login
|
||||||
- support spaces in DNs
|
- support spaces in DNs
|
||||||
- PDF text for users
|
- PDF text for users
|
||||||
- create missing OUs recursively
|
- create missing OUs recursivly
|
||||||
- fixed bugs:
|
- fixed bugs:
|
||||||
SMD5 passwords were wrong
|
SMD5 passwords were wrong
|
||||||
primaryGroupSID wrong if SID has no relation to Algorithmic RID Base
|
primaryGroupSID wrong if SID has no relation to Algorithmic RID Base
|
||||||
|
|
|
@ -3,16 +3,19 @@ LAM - Readme
|
||||||
============
|
============
|
||||||
|
|
||||||
LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
|
LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
|
||||||
directory. LAM runs on any webserver with PHP7 support and connects to your
|
directory. LAM runs on any webserver with PHP5 support and connects to your
|
||||||
LDAP server unencrypted or via SSL/TLS.
|
LDAP server unencrypted or via SSL/TLS.
|
||||||
Currently LAM supports these account types: Samba 3/4, Unix, Kolab,
|
Currently LAM supports these account types: Samba 3/4, Unix, Kolab 2,
|
||||||
address book entries, NIS mail aliases and MAC addresses. There is a tree
|
address book entries, NIS mail aliases and MAC addresses. There is a tree
|
||||||
viewer included to allow access to the raw LDAP attributes. You can use
|
viewer included to allow access to the raw LDAP attributes. You can use
|
||||||
templates for account creation and use multiple configuration profiles.
|
templates for account creation and use multiple configuration profiles.
|
||||||
|
LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech,
|
||||||
|
Dutch, English, French, German, Hungarian, Italian, Japanese, Polish,
|
||||||
|
Portuguese, Russian, Slovak, Spanish, Turkish and Ukrainian.
|
||||||
|
|
||||||
https://www.ldap-account-manager.org/
|
https://www.ldap-account-manager.org/
|
||||||
|
|
||||||
Copyright (C) 2003 - 2020 Roland Gruber <post@rolandgruber.de>
|
Copyright (C) 2003 - 2018 Roland Gruber <post@rolandgruber.de>
|
||||||
|
|
||||||
Installation and documentation:
|
Installation and documentation:
|
||||||
Please see the LAM manual in docs/manual/index.html.
|
Please see the LAM manual in docs/manual/index.html.
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
7.3.RC1
|
6.6.RC1
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
~/.local/bin/codespell --skip '*3rdParty*,*/ckeditor/*,*/po/*,*/locale/*,tmp,sess,config,graphics,*/style/images/*,*/style/*.gif,*/style/*.png,*/docs/manual-onePage/*,*/docs/manual-sources/images/*,*/templates/lib/*jquery*,*~,*/docs/phpdoc/*,*/docs/manual/*,*/docs/devel/images/*,*/docs/manual-pdf/*,*.sh,*/cropper.js,*/lib/extra/duo/*' --ignore-words-list "tim,te,pres,files'"
|
|
|
@ -1,18 +0,0 @@
|
||||||
{
|
|
||||||
"config": {
|
|
||||||
"vendor-dir": "lib/3rdParty/composer"
|
|
||||||
},
|
|
||||||
"repositories": [
|
|
||||||
{
|
|
||||||
"type": "pear",
|
|
||||||
"url": "https://pear.horde.org"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"require" : {
|
|
||||||
"web-auth/webauthn-lib" : "2.1.7",
|
|
||||||
"symfony/http-foundation" : "5.0.7",
|
|
||||||
"symfony/psr-http-message-bridge" : "1.3.0",
|
|
||||||
"pear-pear.horde.org/Horde_Imap_Client" : "2.30.1",
|
|
||||||
"phpmailer/phpmailer": "~6.1"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -3,4 +3,3 @@ config.cfg
|
||||||
/serverCerts.pem
|
/serverCerts.pem
|
||||||
/pdf/
|
/pdf/
|
||||||
/profiles/
|
/profiles/
|
||||||
*.sqlite
|
|
|
@ -6,10 +6,10 @@
|
||||||
# the second is the character encoding and the third the language name.
|
# the second is the character encoding and the third the language name.
|
||||||
|
|
||||||
# Catalan
|
# Catalan
|
||||||
# ca_ES.utf8:UTF-8:Català (Catalunya)
|
ca_ES.utf8:UTF-8:Català (Catalunya)
|
||||||
|
|
||||||
# Czech
|
# Czech
|
||||||
# cs_CZ.utf8:UTF-8:Čeština (Česko)
|
cs_CZ.utf8:UTF-8:Čeština (Česko)
|
||||||
|
|
||||||
# German
|
# German
|
||||||
de_DE.utf8:UTF-8:Deutsch (Deutschland)
|
de_DE.utf8:UTF-8:Deutsch (Deutschland)
|
||||||
|
@ -30,7 +30,7 @@ fr_FR.utf8:UTF-8:Français (France)
|
||||||
it_IT.utf8:UTF-8:Italiano (Italia)
|
it_IT.utf8:UTF-8:Italiano (Italia)
|
||||||
|
|
||||||
# Hungarian
|
# Hungarian
|
||||||
# hu_HU.utf8:UTF-8:Magyar (Magyarország)
|
hu_HU.utf8:UTF-8:Magyar (Magyarország)
|
||||||
|
|
||||||
# Dutch
|
# Dutch
|
||||||
nl_NL.utf8:UTF-8:Nederlands (Nederland)
|
nl_NL.utf8:UTF-8:Nederlands (Nederland)
|
||||||
|
@ -48,7 +48,7 @@ ru_RU.utf8:UTF-8:Русский (Россия)
|
||||||
sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
|
sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
|
||||||
|
|
||||||
# Turkish
|
# Turkish
|
||||||
# tr_TR.utf8:UTF-8:Türkçe (Türkiye)
|
tr_TR.utf8:UTF-8:Türkçe (Türkiye)
|
||||||
|
|
||||||
# Ukrainian
|
# Ukrainian
|
||||||
uk_UA.utf8:UTF-8:Українська (Україна)
|
uk_UA.utf8:UTF-8:Українська (Україна)
|
||||||
|
|
779
lam/copyright
|
@ -1,4 +1,4 @@
|
||||||
This software is copyright (c) 2003 - 2020 by Roland Gruber
|
This software is copyright (c) 2003 - 2018 by Roland Gruber
|
||||||
|
|
||||||
If you purchased a copy of LDAP Account Manager Pro then the following
|
If you purchased a copy of LDAP Account Manager Pro then the following
|
||||||
files are licensed under the conditions which you accepted at purchase
|
files are licensed under the conditions which you accepted at purchase
|
||||||
|
@ -86,6 +86,7 @@ The complete license can be found in the file COPYING.
|
||||||
Some parts of this package have other, compatible licences. These are:
|
Some parts of this package have other, compatible licences. These are:
|
||||||
|
|
||||||
A:
|
A:
|
||||||
|
|
||||||
DejaVu Fonts — License
|
DejaVu Fonts — License
|
||||||
|
|
||||||
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
|
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
|
||||||
|
@ -176,9 +177,7 @@ A:
|
||||||
Software without prior written authorization from Tavmjong Bah. For further
|
Software without prior written authorization from Tavmjong Bah. For further
|
||||||
information, contact: tavmjong @ free . fr.
|
information, contact: tavmjong @ free . fr.
|
||||||
|
|
||||||
|
|
||||||
B:
|
B:
|
||||||
MIT License
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining
|
Permission is hereby granted, free of charge, to any person obtaining
|
||||||
a copy of this software and associated documentation files (the
|
a copy of this software and associated documentation files (the
|
||||||
|
@ -200,777 +199,12 @@ B:
|
||||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
|
|
||||||
C:
|
|
||||||
New BSD License
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without modification,
|
|
||||||
are permitted provided that the following conditions are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright notice, this list
|
|
||||||
of conditions and the following disclaimer.
|
|
||||||
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright notice, this
|
|
||||||
list of conditions and the following disclaimer in the documentation and/or other
|
|
||||||
materials provided with the distribution.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
||||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
||||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
||||||
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
||||||
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
||||||
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
||||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
||||||
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
||||||
OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
D:
|
|
||||||
GNU LESSER GENERAL PUBLIC LICENSE
|
|
||||||
Version 3, 29 June 2007
|
|
||||||
|
|
||||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
|
||||||
of this license document, but changing it is not allowed.
|
|
||||||
|
|
||||||
|
|
||||||
This version of the GNU Lesser General Public License incorporates
|
|
||||||
the terms and conditions of version 3 of the GNU General Public
|
|
||||||
License, supplemented by the additional permissions listed below.
|
|
||||||
|
|
||||||
0. Additional Definitions.
|
|
||||||
|
|
||||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
|
||||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
|
||||||
General Public License.
|
|
||||||
|
|
||||||
"The Library" refers to a covered work governed by this License,
|
|
||||||
other than an Application or a Combined Work as defined below.
|
|
||||||
|
|
||||||
An "Application" is any work that makes use of an interface provided
|
|
||||||
by the Library, but which is not otherwise based on the Library.
|
|
||||||
Defining a subclass of a class defined by the Library is deemed a mode
|
|
||||||
of using an interface provided by the Library.
|
|
||||||
|
|
||||||
A "Combined Work" is a work produced by combining or linking an
|
|
||||||
Application with the Library. The particular version of the Library
|
|
||||||
with which the Combined Work was made is also called the "Linked
|
|
||||||
Version".
|
|
||||||
|
|
||||||
The "Minimal Corresponding Source" for a Combined Work means the
|
|
||||||
Corresponding Source for the Combined Work, excluding any source code
|
|
||||||
for portions of the Combined Work that, considered in isolation, are
|
|
||||||
based on the Application, and not on the Linked Version.
|
|
||||||
|
|
||||||
The "Corresponding Application Code" for a Combined Work means the
|
|
||||||
object code and/or source code for the Application, including any data
|
|
||||||
and utility programs needed for reproducing the Combined Work from the
|
|
||||||
Application, but excluding the System Libraries of the Combined Work.
|
|
||||||
|
|
||||||
1. Exception to Section 3 of the GNU GPL.
|
|
||||||
|
|
||||||
You may convey a covered work under sections 3 and 4 of this License
|
|
||||||
without being bound by section 3 of the GNU GPL.
|
|
||||||
|
|
||||||
2. Conveying Modified Versions.
|
|
||||||
|
|
||||||
If you modify a copy of the Library, and, in your modifications, a
|
|
||||||
facility refers to a function or data to be supplied by an Application
|
|
||||||
that uses the facility (other than as an argument passed when the
|
|
||||||
facility is invoked), then you may convey a copy of the modified
|
|
||||||
version:
|
|
||||||
|
|
||||||
a) under this License, provided that you make a good faith effort to
|
|
||||||
ensure that, in the event an Application does not supply the
|
|
||||||
function or data, the facility still operates, and performs
|
|
||||||
whatever part of its purpose remains meaningful, or
|
|
||||||
|
|
||||||
b) under the GNU GPL, with none of the additional permissions of
|
|
||||||
this License applicable to that copy.
|
|
||||||
|
|
||||||
3. Object Code Incorporating Material from Library Header Files.
|
|
||||||
|
|
||||||
The object code form of an Application may incorporate material from
|
|
||||||
a header file that is part of the Library. You may convey such object
|
|
||||||
code under terms of your choice, provided that, if the incorporated
|
|
||||||
material is not limited to numerical parameters, data structure
|
|
||||||
layouts and accessors, or small macros, inline functions and templates
|
|
||||||
(ten or fewer lines in length), you do both of the following:
|
|
||||||
|
|
||||||
a) Give prominent notice with each copy of the object code that the
|
|
||||||
Library is used in it and that the Library and its use are
|
|
||||||
covered by this License.
|
|
||||||
|
|
||||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
|
||||||
document.
|
|
||||||
|
|
||||||
4. Combined Works.
|
|
||||||
|
|
||||||
You may convey a Combined Work under terms of your choice that,
|
|
||||||
taken together, effectively do not restrict modification of the
|
|
||||||
portions of the Library contained in the Combined Work and reverse
|
|
||||||
engineering for debugging such modifications, if you also do each of
|
|
||||||
the following:
|
|
||||||
|
|
||||||
a) Give prominent notice with each copy of the Combined Work that
|
|
||||||
the Library is used in it and that the Library and its use are
|
|
||||||
covered by this License.
|
|
||||||
|
|
||||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
|
||||||
document.
|
|
||||||
|
|
||||||
c) For a Combined Work that displays copyright notices during
|
|
||||||
execution, include the copyright notice for the Library among
|
|
||||||
these notices, as well as a reference directing the user to the
|
|
||||||
copies of the GNU GPL and this license document.
|
|
||||||
|
|
||||||
d) Do one of the following:
|
|
||||||
|
|
||||||
0) Convey the Minimal Corresponding Source under the terms of this
|
|
||||||
License, and the Corresponding Application Code in a form
|
|
||||||
suitable for, and under terms that permit, the user to
|
|
||||||
recombine or relink the Application with a modified version of
|
|
||||||
the Linked Version to produce a modified Combined Work, in the
|
|
||||||
manner specified by section 6 of the GNU GPL for conveying
|
|
||||||
Corresponding Source.
|
|
||||||
|
|
||||||
1) Use a suitable shared library mechanism for linking with the
|
|
||||||
Library. A suitable mechanism is one that (a) uses at run time
|
|
||||||
a copy of the Library already present on the user's computer
|
|
||||||
system, and (b) will operate properly with a modified version
|
|
||||||
of the Library that is interface-compatible with the Linked
|
|
||||||
Version.
|
|
||||||
|
|
||||||
e) Provide Installation Information, but only if you would otherwise
|
|
||||||
be required to provide such information under section 6 of the
|
|
||||||
GNU GPL, and only to the extent that such information is
|
|
||||||
necessary to install and execute a modified version of the
|
|
||||||
Combined Work produced by recombining or relinking the
|
|
||||||
Application with a modified version of the Linked Version. (If
|
|
||||||
you use option 4d0, the Installation Information must accompany
|
|
||||||
the Minimal Corresponding Source and Corresponding Application
|
|
||||||
Code. If you use option 4d1, you must provide the Installation
|
|
||||||
Information in the manner specified by section 6 of the GNU GPL
|
|
||||||
for conveying Corresponding Source.)
|
|
||||||
|
|
||||||
5. Combined Libraries.
|
|
||||||
|
|
||||||
You may place library facilities that are a work based on the
|
|
||||||
Library side by side in a single library together with other library
|
|
||||||
facilities that are not Applications and are not covered by this
|
|
||||||
License, and convey such a combined library under terms of your
|
|
||||||
choice, if you do both of the following:
|
|
||||||
|
|
||||||
a) Accompany the combined library with a copy of the same work based
|
|
||||||
on the Library, uncombined with any other library facilities,
|
|
||||||
conveyed under the terms of this License.
|
|
||||||
|
|
||||||
b) Give prominent notice with the combined library that part of it
|
|
||||||
is a work based on the Library, and explaining where to find the
|
|
||||||
accompanying uncombined form of the same work.
|
|
||||||
|
|
||||||
6. Revised Versions of the GNU Lesser General Public License.
|
|
||||||
|
|
||||||
The Free Software Foundation may publish revised and/or new versions
|
|
||||||
of the GNU Lesser General Public License from time to time. Such new
|
|
||||||
versions will be similar in spirit to the present version, but may
|
|
||||||
differ in detail to address new problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the
|
|
||||||
Library as you received it specifies that a certain numbered version
|
|
||||||
of the GNU Lesser General Public License "or any later version"
|
|
||||||
applies to it, you have the option of following the terms and
|
|
||||||
conditions either of that published version or of any later version
|
|
||||||
published by the Free Software Foundation. If the Library as you
|
|
||||||
received it does not specify a version number of the GNU Lesser
|
|
||||||
General Public License, you may choose any version of the GNU Lesser
|
|
||||||
General Public License ever published by the Free Software Foundation.
|
|
||||||
|
|
||||||
If the Library as you received it specifies that a proxy can decide
|
|
||||||
whether future versions of the GNU Lesser General Public License shall
|
|
||||||
apply, that proxy's public statement of acceptance of any version is
|
|
||||||
permanent authorization for you to choose that version for the
|
|
||||||
Library.
|
|
||||||
|
|
||||||
|
|
||||||
E:
|
|
||||||
Duo
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
|
||||||
modification, are permitted provided that the following conditions
|
|
||||||
are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer.
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer in the
|
|
||||||
documentation and/or other materials provided with the distribution.
|
|
||||||
3. The name of the author may not be used to endorse or promote products
|
|
||||||
derived from this software without specific prior written permission.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
||||||
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
||||||
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
||||||
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
||||||
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
||||||
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
||||||
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
F:
|
|
||||||
3-Clause BSD License
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
|
||||||
modification, are permitted provided that the following conditions
|
|
||||||
are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer.
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer in the
|
|
||||||
documentation and/or other materials provided with the distribution.
|
|
||||||
3. Neither the name of the copyright holder nor the names of its
|
|
||||||
contributors may be used to endorse or promote products derived from
|
|
||||||
this software without specific prior written permission.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
|
||||||
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
|
||||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
||||||
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
|
||||||
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
||||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
||||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
||||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
||||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
||||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
||||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
G:
|
|
||||||
2-Clause BSD License
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without modification,
|
|
||||||
are permitted provided that the following conditions are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright notice,
|
|
||||||
this list of conditions and the following disclaimer.
|
|
||||||
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright notice,
|
|
||||||
this list of conditions and the following disclaimer in the documentation and/or
|
|
||||||
other materials provided with the distribution.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
||||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
||||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
||||||
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
||||||
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
||||||
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
||||||
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
||||||
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
||||||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
||||||
POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
H:
|
|
||||||
GNU LESSER GENERAL PUBLIC LICENSE
|
|
||||||
Version 2.1, February 1999
|
|
||||||
|
|
||||||
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
|
|
||||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
|
||||||
of this license document, but changing it is not allowed.
|
|
||||||
|
|
||||||
[This is the first released version of the Lesser GPL. It also counts
|
|
||||||
as the successor of the GNU Library Public License, version 2, hence
|
|
||||||
the version number 2.1.]
|
|
||||||
|
|
||||||
Preamble
|
|
||||||
|
|
||||||
The licenses for most software are designed to take away your
|
|
||||||
freedom to share and change it. By contrast, the GNU General Public
|
|
||||||
Licenses are intended to guarantee your freedom to share and change
|
|
||||||
free software--to make sure the software is free for all its users.
|
|
||||||
|
|
||||||
This license, the Lesser General Public License, applies to some
|
|
||||||
specially designated software packages--typically libraries--of the
|
|
||||||
Free Software Foundation and other authors who decide to use it. You
|
|
||||||
can use it too, but we suggest you first think carefully about whether
|
|
||||||
this license or the ordinary General Public License is the better
|
|
||||||
strategy to use in any particular case, based on the explanations below.
|
|
||||||
|
|
||||||
When we speak of free software, we are referring to freedom of use,
|
|
||||||
not price. Our General Public Licenses are designed to make sure that
|
|
||||||
you have the freedom to distribute copies of free software (and charge
|
|
||||||
for this service if you wish); that you receive source code or can get
|
|
||||||
it if you want it; that you can change the software and use pieces of
|
|
||||||
it in new free programs; and that you are informed that you can do
|
|
||||||
these things.
|
|
||||||
|
|
||||||
To protect your rights, we need to make restrictions that forbid
|
|
||||||
distributors to deny you these rights or to ask you to surrender these
|
|
||||||
rights. These restrictions translate to certain responsibilities for
|
|
||||||
you if you distribute copies of the library or if you modify it.
|
|
||||||
|
|
||||||
For example, if you distribute copies of the library, whether gratis
|
|
||||||
or for a fee, you must give the recipients all the rights that we gave
|
|
||||||
you. You must make sure that they, too, receive or can get the source
|
|
||||||
code. If you link other code with the library, you must provide
|
|
||||||
complete object files to the recipients, so that they can relink them
|
|
||||||
with the library after making changes to the library and recompiling
|
|
||||||
it. And you must show them these terms so they know their rights.
|
|
||||||
|
|
||||||
We protect your rights with a two-step method: (1) we copyright the
|
|
||||||
library, and (2) we offer you this license, which gives you legal
|
|
||||||
permission to copy, distribute and/or modify the library.
|
|
||||||
|
|
||||||
To protect each distributor, we want to make it very clear that
|
|
||||||
there is no warranty for the free library. Also, if the library is
|
|
||||||
modified by someone else and passed on, the recipients should know
|
|
||||||
that what they have is not the original version, so that the original
|
|
||||||
author's reputation will not be affected by problems that might be
|
|
||||||
introduced by others.
|
|
||||||
|
|
||||||
Finally, software patents pose a constant threat to the existence of
|
|
||||||
any free program. We wish to make sure that a company cannot
|
|
||||||
effectively restrict the users of a free program by obtaining a
|
|
||||||
restrictive license from a patent holder. Therefore, we insist that
|
|
||||||
any patent license obtained for a version of the library must be
|
|
||||||
consistent with the full freedom of use specified in this license.
|
|
||||||
|
|
||||||
Most GNU software, including some libraries, is covered by the
|
|
||||||
ordinary GNU General Public License. This license, the GNU Lesser
|
|
||||||
General Public License, applies to certain designated libraries, and
|
|
||||||
is quite different from the ordinary General Public License. We use
|
|
||||||
this license for certain libraries in order to permit linking those
|
|
||||||
libraries into non-free programs.
|
|
||||||
|
|
||||||
When a program is linked with a library, whether statically or using
|
|
||||||
a shared library, the combination of the two is legally speaking a
|
|
||||||
combined work, a derivative of the original library. The ordinary
|
|
||||||
General Public License therefore permits such linking only if the
|
|
||||||
entire combination fits its criteria of freedom. The Lesser General
|
|
||||||
Public License permits more lax criteria for linking other code with
|
|
||||||
the library.
|
|
||||||
|
|
||||||
We call this license the "Lesser" General Public License because it
|
|
||||||
does Less to protect the user's freedom than the ordinary General
|
|
||||||
Public License. It also provides other free software developers Less
|
|
||||||
of an advantage over competing non-free programs. These disadvantages
|
|
||||||
are the reason we use the ordinary General Public License for many
|
|
||||||
libraries. However, the Lesser license provides advantages in certain
|
|
||||||
special circumstances.
|
|
||||||
|
|
||||||
For example, on rare occasions, there may be a special need to
|
|
||||||
encourage the widest possible use of a certain library, so that it becomes
|
|
||||||
a de-facto standard. To achieve this, non-free programs must be
|
|
||||||
allowed to use the library. A more frequent case is that a free
|
|
||||||
library does the same job as widely used non-free libraries. In this
|
|
||||||
case, there is little to gain by limiting the free library to free
|
|
||||||
software only, so we use the Lesser General Public License.
|
|
||||||
|
|
||||||
In other cases, permission to use a particular library in non-free
|
|
||||||
programs enables a greater number of people to use a large body of
|
|
||||||
free software. For example, permission to use the GNU C Library in
|
|
||||||
non-free programs enables many more people to use the whole GNU
|
|
||||||
operating system, as well as its variant, the GNU/Linux operating
|
|
||||||
system.
|
|
||||||
|
|
||||||
Although the Lesser General Public License is Less protective of the
|
|
||||||
users' freedom, it does ensure that the user of a program that is
|
|
||||||
linked with the Library has the freedom and the wherewithal to run
|
|
||||||
that program using a modified version of the Library.
|
|
||||||
|
|
||||||
The precise terms and conditions for copying, distribution and
|
|
||||||
modification follow. Pay close attention to the difference between a
|
|
||||||
"work based on the library" and a "work that uses the library". The
|
|
||||||
former contains code derived from the library, whereas the latter must
|
|
||||||
be combined with the library in order to run.
|
|
||||||
|
|
||||||
GNU LESSER GENERAL PUBLIC LICENSE
|
|
||||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
|
||||||
|
|
||||||
0. This License Agreement applies to any software library or other
|
|
||||||
program which contains a notice placed by the copyright holder or
|
|
||||||
other authorized party saying it may be distributed under the terms of
|
|
||||||
this Lesser General Public License (also called "this License").
|
|
||||||
Each licensee is addressed as "you".
|
|
||||||
|
|
||||||
A "library" means a collection of software functions and/or data
|
|
||||||
prepared so as to be conveniently linked with application programs
|
|
||||||
(which use some of those functions and data) to form executables.
|
|
||||||
|
|
||||||
The "Library", below, refers to any such software library or work
|
|
||||||
which has been distributed under these terms. A "work based on the
|
|
||||||
Library" means either the Library or any derivative work under
|
|
||||||
copyright law: that is to say, a work containing the Library or a
|
|
||||||
portion of it, either verbatim or with modifications and/or translated
|
|
||||||
straightforwardly into another language. (Hereinafter, translation is
|
|
||||||
included without limitation in the term "modification".)
|
|
||||||
|
|
||||||
"Source code" for a work means the preferred form of the work for
|
|
||||||
making modifications to it. For a library, complete source code means
|
|
||||||
all the source code for all modules it contains, plus any associated
|
|
||||||
interface definition files, plus the scripts used to control compilation
|
|
||||||
and installation of the library.
|
|
||||||
|
|
||||||
Activities other than copying, distribution and modification are not
|
|
||||||
covered by this License; they are outside its scope. The act of
|
|
||||||
running a program using the Library is not restricted, and output from
|
|
||||||
such a program is covered only if its contents constitute a work based
|
|
||||||
on the Library (independent of the use of the Library in a tool for
|
|
||||||
writing it). Whether that is true depends on what the Library does
|
|
||||||
and what the program that uses the Library does.
|
|
||||||
|
|
||||||
1. You may copy and distribute verbatim copies of the Library's
|
|
||||||
complete source code as you receive it, in any medium, provided that
|
|
||||||
you conspicuously and appropriately publish on each copy an
|
|
||||||
appropriate copyright notice and disclaimer of warranty; keep intact
|
|
||||||
all the notices that refer to this License and to the absence of any
|
|
||||||
warranty; and distribute a copy of this License along with the
|
|
||||||
Library.
|
|
||||||
|
|
||||||
You may charge a fee for the physical act of transferring a copy,
|
|
||||||
and you may at your option offer warranty protection in exchange for a
|
|
||||||
fee.
|
|
||||||
|
|
||||||
2. You may modify your copy or copies of the Library or any portion
|
|
||||||
of it, thus forming a work based on the Library, and copy and
|
|
||||||
distribute such modifications or work under the terms of Section 1
|
|
||||||
above, provided that you also meet all of these conditions:
|
|
||||||
|
|
||||||
a) The modified work must itself be a software library.
|
|
||||||
|
|
||||||
b) You must cause the files modified to carry prominent notices
|
|
||||||
stating that you changed the files and the date of any change.
|
|
||||||
|
|
||||||
c) You must cause the whole of the work to be licensed at no
|
|
||||||
charge to all third parties under the terms of this License.
|
|
||||||
|
|
||||||
d) If a facility in the modified Library refers to a function or a
|
|
||||||
table of data to be supplied by an application program that uses
|
|
||||||
the facility, other than as an argument passed when the facility
|
|
||||||
is invoked, then you must make a good faith effort to ensure that,
|
|
||||||
in the event an application does not supply such function or
|
|
||||||
table, the facility still operates, and performs whatever part of
|
|
||||||
its purpose remains meaningful.
|
|
||||||
|
|
||||||
(For example, a function in a library to compute square roots has
|
|
||||||
a purpose that is entirely well-defined independent of the
|
|
||||||
application. Therefore, Subsection 2d requires that any
|
|
||||||
application-supplied function or table used by this function must
|
|
||||||
be optional: if the application does not supply it, the square
|
|
||||||
root function must still compute square roots.)
|
|
||||||
|
|
||||||
These requirements apply to the modified work as a whole. If
|
|
||||||
identifiable sections of that work are not derived from the Library,
|
|
||||||
and can be reasonably considered independent and separate works in
|
|
||||||
themselves, then this License, and its terms, do not apply to those
|
|
||||||
sections when you distribute them as separate works. But when you
|
|
||||||
distribute the same sections as part of a whole which is a work based
|
|
||||||
on the Library, the distribution of the whole must be on the terms of
|
|
||||||
this License, whose permissions for other licensees extend to the
|
|
||||||
entire whole, and thus to each and every part regardless of who wrote
|
|
||||||
it.
|
|
||||||
|
|
||||||
Thus, it is not the intent of this section to claim rights or contest
|
|
||||||
your rights to work written entirely by you; rather, the intent is to
|
|
||||||
exercise the right to control the distribution of derivative or
|
|
||||||
collective works based on the Library.
|
|
||||||
|
|
||||||
In addition, mere aggregation of another work not based on the Library
|
|
||||||
with the Library (or with a work based on the Library) on a volume of
|
|
||||||
a storage or distribution medium does not bring the other work under
|
|
||||||
the scope of this License.
|
|
||||||
|
|
||||||
3. You may opt to apply the terms of the ordinary GNU General Public
|
|
||||||
License instead of this License to a given copy of the Library. To do
|
|
||||||
this, you must alter all the notices that refer to this License, so
|
|
||||||
that they refer to the ordinary GNU General Public License, version 2,
|
|
||||||
instead of to this License. (If a newer version than version 2 of the
|
|
||||||
ordinary GNU General Public License has appeared, then you can specify
|
|
||||||
that version instead if you wish.) Do not make any other change in
|
|
||||||
these notices.
|
|
||||||
|
|
||||||
Once this change is made in a given copy, it is irreversible for
|
|
||||||
that copy, so the ordinary GNU General Public License applies to all
|
|
||||||
subsequent copies and derivative works made from that copy.
|
|
||||||
|
|
||||||
This option is useful when you wish to copy part of the code of
|
|
||||||
the Library into a program that is not a library.
|
|
||||||
|
|
||||||
4. You may copy and distribute the Library (or a portion or
|
|
||||||
derivative of it, under Section 2) in object code or executable form
|
|
||||||
under the terms of Sections 1 and 2 above provided that you accompany
|
|
||||||
it with the complete corresponding machine-readable source code, which
|
|
||||||
must be distributed under the terms of Sections 1 and 2 above on a
|
|
||||||
medium customarily used for software interchange.
|
|
||||||
|
|
||||||
If distribution of object code is made by offering access to copy
|
|
||||||
from a designated place, then offering equivalent access to copy the
|
|
||||||
source code from the same place satisfies the requirement to
|
|
||||||
distribute the source code, even though third parties are not
|
|
||||||
compelled to copy the source along with the object code.
|
|
||||||
|
|
||||||
5. A program that contains no derivative of any portion of the
|
|
||||||
Library, but is designed to work with the Library by being compiled or
|
|
||||||
linked with it, is called a "work that uses the Library". Such a
|
|
||||||
work, in isolation, is not a derivative work of the Library, and
|
|
||||||
therefore falls outside the scope of this License.
|
|
||||||
|
|
||||||
However, linking a "work that uses the Library" with the Library
|
|
||||||
creates an executable that is a derivative of the Library (because it
|
|
||||||
contains portions of the Library), rather than a "work that uses the
|
|
||||||
library". The executable is therefore covered by this License.
|
|
||||||
Section 6 states terms for distribution of such executables.
|
|
||||||
|
|
||||||
When a "work that uses the Library" uses material from a header file
|
|
||||||
that is part of the Library, the object code for the work may be a
|
|
||||||
derivative work of the Library even though the source code is not.
|
|
||||||
Whether this is true is especially significant if the work can be
|
|
||||||
linked without the Library, or if the work is itself a library. The
|
|
||||||
threshold for this to be true is not precisely defined by law.
|
|
||||||
|
|
||||||
If such an object file uses only numerical parameters, data
|
|
||||||
structure layouts and accessors, and small macros and small inline
|
|
||||||
functions (ten lines or less in length), then the use of the object
|
|
||||||
file is unrestricted, regardless of whether it is legally a derivative
|
|
||||||
work. (Executables containing this object code plus portions of the
|
|
||||||
Library will still fall under Section 6.)
|
|
||||||
|
|
||||||
Otherwise, if the work is a derivative of the Library, you may
|
|
||||||
distribute the object code for the work under the terms of Section 6.
|
|
||||||
Any executables containing that work also fall under Section 6,
|
|
||||||
whether or not they are linked directly with the Library itself.
|
|
||||||
|
|
||||||
6. As an exception to the Sections above, you may also combine or
|
|
||||||
link a "work that uses the Library" with the Library to produce a
|
|
||||||
work containing portions of the Library, and distribute that work
|
|
||||||
under terms of your choice, provided that the terms permit
|
|
||||||
modification of the work for the customer's own use and reverse
|
|
||||||
engineering for debugging such modifications.
|
|
||||||
|
|
||||||
You must give prominent notice with each copy of the work that the
|
|
||||||
Library is used in it and that the Library and its use are covered by
|
|
||||||
this License. You must supply a copy of this License. If the work
|
|
||||||
during execution displays copyright notices, you must include the
|
|
||||||
copyright notice for the Library among them, as well as a reference
|
|
||||||
directing the user to the copy of this License. Also, you must do one
|
|
||||||
of these things:
|
|
||||||
|
|
||||||
a) Accompany the work with the complete corresponding
|
|
||||||
machine-readable source code for the Library including whatever
|
|
||||||
changes were used in the work (which must be distributed under
|
|
||||||
Sections 1 and 2 above); and, if the work is an executable linked
|
|
||||||
with the Library, with the complete machine-readable "work that
|
|
||||||
uses the Library", as object code and/or source code, so that the
|
|
||||||
user can modify the Library and then relink to produce a modified
|
|
||||||
executable containing the modified Library. (It is understood
|
|
||||||
that the user who changes the contents of definitions files in the
|
|
||||||
Library will not necessarily be able to recompile the application
|
|
||||||
to use the modified definitions.)
|
|
||||||
|
|
||||||
b) Use a suitable shared library mechanism for linking with the
|
|
||||||
Library. A suitable mechanism is one that (1) uses at run time a
|
|
||||||
copy of the library already present on the user's computer system,
|
|
||||||
rather than copying library functions into the executable, and (2)
|
|
||||||
will operate properly with a modified version of the library, if
|
|
||||||
the user installs one, as long as the modified version is
|
|
||||||
interface-compatible with the version that the work was made with.
|
|
||||||
|
|
||||||
c) Accompany the work with a written offer, valid for at
|
|
||||||
least three years, to give the same user the materials
|
|
||||||
specified in Subsection 6a, above, for a charge no more
|
|
||||||
than the cost of performing this distribution.
|
|
||||||
|
|
||||||
d) If distribution of the work is made by offering access to copy
|
|
||||||
from a designated place, offer equivalent access to copy the above
|
|
||||||
specified materials from the same place.
|
|
||||||
|
|
||||||
e) Verify that the user has already received a copy of these
|
|
||||||
materials or that you have already sent this user a copy.
|
|
||||||
|
|
||||||
For an executable, the required form of the "work that uses the
|
|
||||||
Library" must include any data and utility programs needed for
|
|
||||||
reproducing the executable from it. However, as a special exception,
|
|
||||||
the materials to be distributed need not include anything that is
|
|
||||||
normally distributed (in either source or binary form) with the major
|
|
||||||
components (compiler, kernel, and so on) of the operating system on
|
|
||||||
which the executable runs, unless that component itself accompanies
|
|
||||||
the executable.
|
|
||||||
|
|
||||||
It may happen that this requirement contradicts the license
|
|
||||||
restrictions of other proprietary libraries that do not normally
|
|
||||||
accompany the operating system. Such a contradiction means you cannot
|
|
||||||
use both them and the Library together in an executable that you
|
|
||||||
distribute.
|
|
||||||
|
|
||||||
7. You may place library facilities that are a work based on the
|
|
||||||
Library side-by-side in a single library together with other library
|
|
||||||
facilities not covered by this License, and distribute such a combined
|
|
||||||
library, provided that the separate distribution of the work based on
|
|
||||||
the Library and of the other library facilities is otherwise
|
|
||||||
permitted, and provided that you do these two things:
|
|
||||||
|
|
||||||
a) Accompany the combined library with a copy of the same work
|
|
||||||
based on the Library, uncombined with any other library
|
|
||||||
facilities. This must be distributed under the terms of the
|
|
||||||
Sections above.
|
|
||||||
|
|
||||||
b) Give prominent notice with the combined library of the fact
|
|
||||||
that part of it is a work based on the Library, and explaining
|
|
||||||
where to find the accompanying uncombined form of the same work.
|
|
||||||
|
|
||||||
8. You may not copy, modify, sublicense, link with, or distribute
|
|
||||||
the Library except as expressly provided under this License. Any
|
|
||||||
attempt otherwise to copy, modify, sublicense, link with, or
|
|
||||||
distribute the Library is void, and will automatically terminate your
|
|
||||||
rights under this License. However, parties who have received copies,
|
|
||||||
or rights, from you under this License will not have their licenses
|
|
||||||
terminated so long as such parties remain in full compliance.
|
|
||||||
|
|
||||||
9. You are not required to accept this License, since you have not
|
|
||||||
signed it. However, nothing else grants you permission to modify or
|
|
||||||
distribute the Library or its derivative works. These actions are
|
|
||||||
prohibited by law if you do not accept this License. Therefore, by
|
|
||||||
modifying or distributing the Library (or any work based on the
|
|
||||||
Library), you indicate your acceptance of this License to do so, and
|
|
||||||
all its terms and conditions for copying, distributing or modifying
|
|
||||||
the Library or works based on it.
|
|
||||||
|
|
||||||
10. Each time you redistribute the Library (or any work based on the
|
|
||||||
Library), the recipient automatically receives a license from the
|
|
||||||
original licensor to copy, distribute, link with or modify the Library
|
|
||||||
subject to these terms and conditions. You may not impose any further
|
|
||||||
restrictions on the recipients' exercise of the rights granted herein.
|
|
||||||
You are not responsible for enforcing compliance by third parties with
|
|
||||||
this License.
|
|
||||||
|
|
||||||
11. If, as a consequence of a court judgment or allegation of patent
|
|
||||||
infringement or for any other reason (not limited to patent issues),
|
|
||||||
conditions are imposed on you (whether by court order, agreement or
|
|
||||||
otherwise) that contradict the conditions of this License, they do not
|
|
||||||
excuse you from the conditions of this License. If you cannot
|
|
||||||
distribute so as to satisfy simultaneously your obligations under this
|
|
||||||
License and any other pertinent obligations, then as a consequence you
|
|
||||||
may not distribute the Library at all. For example, if a patent
|
|
||||||
license would not permit royalty-free redistribution of the Library by
|
|
||||||
all those who receive copies directly or indirectly through you, then
|
|
||||||
the only way you could satisfy both it and this License would be to
|
|
||||||
refrain entirely from distribution of the Library.
|
|
||||||
|
|
||||||
If any portion of this section is held invalid or unenforceable under any
|
|
||||||
particular circumstance, the balance of the section is intended to apply,
|
|
||||||
and the section as a whole is intended to apply in other circumstances.
|
|
||||||
|
|
||||||
It is not the purpose of this section to induce you to infringe any
|
|
||||||
patents or other property right claims or to contest validity of any
|
|
||||||
such claims; this section has the sole purpose of protecting the
|
|
||||||
integrity of the free software distribution system which is
|
|
||||||
implemented by public license practices. Many people have made
|
|
||||||
generous contributions to the wide range of software distributed
|
|
||||||
through that system in reliance on consistent application of that
|
|
||||||
system; it is up to the author/donor to decide if he or she is willing
|
|
||||||
to distribute software through any other system and a licensee cannot
|
|
||||||
impose that choice.
|
|
||||||
|
|
||||||
This section is intended to make thoroughly clear what is believed to
|
|
||||||
be a consequence of the rest of this License.
|
|
||||||
|
|
||||||
12. If the distribution and/or use of the Library is restricted in
|
|
||||||
certain countries either by patents or by copyrighted interfaces, the
|
|
||||||
original copyright holder who places the Library under this License may add
|
|
||||||
an explicit geographical distribution limitation excluding those countries,
|
|
||||||
so that distribution is permitted only in or among countries not thus
|
|
||||||
excluded. In such case, this License incorporates the limitation as if
|
|
||||||
written in the body of this License.
|
|
||||||
|
|
||||||
13. The Free Software Foundation may publish revised and/or new
|
|
||||||
versions of the Lesser General Public License from time to time.
|
|
||||||
Such new versions will be similar in spirit to the present version,
|
|
||||||
but may differ in detail to address new problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the Library
|
|
||||||
specifies a version number of this License which applies to it and
|
|
||||||
"any later version", you have the option of following the terms and
|
|
||||||
conditions either of that version or of any later version published by
|
|
||||||
the Free Software Foundation. If the Library does not specify a
|
|
||||||
license version number, you may choose any version ever published by
|
|
||||||
the Free Software Foundation.
|
|
||||||
|
|
||||||
14. If you wish to incorporate parts of the Library into other free
|
|
||||||
programs whose distribution conditions are incompatible with these,
|
|
||||||
write to the author to ask for permission. For software which is
|
|
||||||
copyrighted by the Free Software Foundation, write to the Free
|
|
||||||
Software Foundation; we sometimes make exceptions for this. Our
|
|
||||||
decision will be guided by the two goals of preserving the free status
|
|
||||||
of all derivatives of our free software and of promoting the sharing
|
|
||||||
and reuse of software generally.
|
|
||||||
|
|
||||||
NO WARRANTY
|
|
||||||
|
|
||||||
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
|
|
||||||
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
|
|
||||||
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
|
||||||
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
|
|
||||||
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
|
|
||||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
||||||
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
|
|
||||||
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
|
|
||||||
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
|
||||||
|
|
||||||
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
|
|
||||||
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
|
|
||||||
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
|
|
||||||
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
|
|
||||||
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
|
|
||||||
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
|
|
||||||
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
|
|
||||||
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
|
|
||||||
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
|
|
||||||
DAMAGES.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Programs and licenses with other licenses and/or authors than the
|
Programs and licenses with other licenses and/or authors than the
|
||||||
main license and authors:
|
main license and authors:
|
||||||
|
|
||||||
lib/3rdParty/composer/beberlei G 2013 Benjamin Eberlei
|
lib/3rdParty/tcpdf/fonts/DejaVu*.ttf A Public Domain, Bitstream, Inc., Tavmjong Bah
|
||||||
lib/3rdParty/composer/composer B Nils Adermann, Jordi Boggiano
|
lib/3rdParty/tcpdf/fonts/DejaVu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
|
||||||
lib/3rdParty/composer/fgrosse B 2015 Friedrich Große
|
lib/3rdParty/phpseclib B Jim Wigginton
|
||||||
lib/3rdParty/composer/nyholm B 2016 Tobias Nyholm
|
|
||||||
lib/3rdParty/composer/paragonie B 2015 Paragon Initiative Enterprises
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Crypt_Blowfish H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Exception H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Idna G
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Imap_Client H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_ListHeaders H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mail G
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mime H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Secret H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Socket_Client H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Filter H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Wrapper G
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Support G
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Text_Flowed H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Translation H
|
|
||||||
lib/3rdParty/composer/pear-pear.horde.org/Horde_Util H
|
|
||||||
lib/3rdParty/composer/php-http B 2015 PHP HTTP Team
|
|
||||||
lib/3rdParty/composer/phpmailer H
|
|
||||||
lib/3rdParty/composer/psr B 2018 PHP Framework Interoperability Group
|
|
||||||
lib/3rdParty/composer/ramsey B 2018 Ben Ramsey
|
|
||||||
lib/3rdParty/composer/spomky-labs B 2018 Spomky-Labs
|
|
||||||
lib/3rdParty/composer/symfony B 2019 Fabien Potencier
|
|
||||||
lib/3rdParty/composer/web-auth B 2018 Spomky-Labs
|
|
||||||
lib/3rdParty/tcpdf D 2020 Nicola Asuni - Tecnick.com LTD
|
|
||||||
lib/3rdParty/tcpdf/fonts/dejavu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
|
|
||||||
lib/3rdParty/phpseclib B 2019 TerraFrost and other contributors
|
|
||||||
lib/3rdParty/Monolog B 2011 Jordi Boggiano
|
|
||||||
lib/3rdParty/Psr B 2012 PHP Framework Interoperability Group
|
|
||||||
lib/3rdParty/yubico/Yubico.php C 2015 Yubico AB
|
|
||||||
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
|
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
|
||||||
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
|
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
|
||||||
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
|
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
|
||||||
|
@ -981,9 +215,6 @@ templates/lib/*jquery-validationEngine-*.js B 2010 Ce
|
||||||
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
|
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
|
||||||
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
||||||
style/600_cropper*.css B 2018 Chen Fengyuan
|
style/600_cropper*.css B 2018 Chen Fengyuan
|
||||||
templates/lib/extra/duo/*.js E 2019 Duo Security
|
|
||||||
lib/3rdParty/duo/*.php E 2019 Duo Security
|
|
||||||
graphics/webauthn.svg F 2017 Duo Security, Inc.
|
|
||||||
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
|
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
|
||||||
style/610_magnific-popup.css B 2016 Dmitry Semenov
|
style/610_magnific-popup.css B 2016 Dmitry Semenov
|
||||||
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
||||||
|
|
|
@ -21,11 +21,11 @@ The main script for the account pages is located in <span
|
||||||
a very simple content. If the page is loaded for the first time it
|
a very simple content. If the page is loaded for the first time it
|
||||||
creates a new <span style="font-weight: bold;">accountContainer</span>
|
creates a new <span style="font-weight: bold;">accountContainer</span>
|
||||||
inside the session and tells it to load/create an LDAP account. Then it
|
inside the session and tells it to load/create an LDAP account. Then it
|
||||||
calls the <span style="font-weight: bold;">continue_main()</span>
|
calles the <span style="font-weight: bold;">continue_main()</span>
|
||||||
function of the <span style="font-weight: bold;">accountContainer</span>
|
function of the <span style="font-weight: bold;">accountContainer</span>
|
||||||
object which prints all HTML output.<br>
|
object which prints all HTML output.<br>
|
||||||
<br>
|
<br>
|
||||||
Managing of user input etc. is completely made by the <span
|
Managing of user input etc. is completly made by the <span
|
||||||
style="font-weight: bold;">accountContainer</span>.<br>
|
style="font-weight: bold;">accountContainer</span>.<br>
|
||||||
<br>
|
<br>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
@ -54,7 +54,7 @@ to make it easier for the user to modify the values. The dynamic
|
||||||
options provided by the modules do not include a comment.<br>
|
options provided by the modules do not include a comment.<br>
|
||||||
<br>
|
<br>
|
||||||
<h2>Master configuration file</h2>
|
<h2>Master configuration file</h2>
|
||||||
LAM stores the default configuration profile and a master password in <span
|
LAM stores the default configuartion profile and a master password in <span
|
||||||
style="font-style: italic;">config/config.cfg</span>.<br>
|
style="font-style: italic;">config/config.cfg</span>.<br>
|
||||||
The master password is verified when the user wants to create/delete
|
The master password is verified when the user wants to create/delete
|
||||||
configuration profiles.<br>
|
configuration profiles.<br>
|
||||||
|
|
|
@ -39,7 +39,7 @@ attribute. Therefore we will save these two values.<br>
|
||||||
* This function loads all needed attributes into the
|
* This function loads all needed attributes into the
|
||||||
object.<br>
|
object.<br>
|
||||||
*<br>
|
*<br>
|
||||||
* @param array $attr an array as it is returned from
|
* @param array $attr an array as it is retured from
|
||||||
ldap_get_attributes<br>
|
ldap_get_attributes<br>
|
||||||
*/<br>
|
*/<br>
|
||||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_attributes</span>($attr) {<br>
|
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_attributes</span>($attr) {<br>
|
||||||
|
|
|
@ -58,7 +58,7 @@ class</span> <span style="color: rgb(255, 0, 0);">ieee802Device</span>
|
||||||
</table>
|
</table>
|
||||||
<br>
|
<br>
|
||||||
<h2>4. Meta data</h2>
|
<h2>4. Meta data</h2>
|
||||||
The module interface includes a lot of required and optional functions.
|
The module interface inludes a lot of required and optional functions.
|
||||||
Many of these functions do not need to be implemented directly in the
|
Many of these functions do not need to be implemented directly in the
|
||||||
module, you can define <span style="font-weight: bold;">meta data</span>
|
module, you can define <span style="font-weight: bold;">meta data</span>
|
||||||
for them and the <span style="font-weight: bold;">baseModule</span>
|
for them and the <span style="font-weight: bold;">baseModule</span>
|
||||||
|
|
|
@ -137,7 +137,7 @@ the <span style="font-style: italic;">baseModule</span> will use the <span style
|
||||||
check. This function already contains regular expressions for the most
|
check. This function already contains regular expressions for the most
|
||||||
common cases.<br>
|
common cases.<br>
|
||||||
To check if the minimum GID is smaller than the maximum GID we define a
|
To check if the minimum GID is smaller than the maximum GID we define a
|
||||||
check for the nonexistent option "cmpGID" and define it as optional.
|
check for the nonexistant option "cmpGID" and define it as optional.
|
||||||
This will do the comparison check.<br>
|
This will do the comparison check.<br>
|
||||||
<br>
|
<br>
|
||||||
<br>
|
<br>
|
||||||
|
|
|
@ -198,7 +198,7 @@ is set dynamically<br>
|
||||||
You can tell LAM what object classes are managed by your module.<br>
|
You can tell LAM what object classes are managed by your module.<br>
|
||||||
LAM will then check the spelling of the objectClass attributes and
|
LAM will then check the spelling of the objectClass attributes and
|
||||||
correct it automatically. This is useful if other applications (e.g.
|
correct it automatically. This is useful if other applications (e.g.
|
||||||
smbldap-tools) also create accounts and the spelling is different.<br>
|
smbldap-tools) also create accounts and the spelling is differnt.<br>
|
||||||
<br>
|
<br>
|
||||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
|
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
|
||||||
<br>
|
<br>
|
||||||
|
|
|
@ -21,7 +21,7 @@ They are configured on tab "Jobs" in LAM server profile.<br>
|
||||||
<div style="text-align: left;">See ppolicyUser module for an example.<br>
|
<div style="text-align: left;">See ppolicyUser module for an example.<br>
|
||||||
<br>
|
<br>
|
||||||
<h2>Adding the job class</h2>
|
<h2>Adding the job class</h2>
|
||||||
The module defines the list of supported jobs with function
|
The module defines the list of suuported jobs with function
|
||||||
getSupportedJobs().<br>
|
getSupportedJobs().<br>
|
||||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||||
<tbody>
|
<tbody>
|
||||||
|
@ -77,7 +77,7 @@ If your job requires any configuration options then use get/checkConfigOptions()
|
||||||
<br>
|
<br>
|
||||||
<h2>Database</h2>
|
<h2>Database</h2>
|
||||||
Jobs can access a database to read and store data about job runs. Use
|
Jobs can access a database to read and store data about job runs. Use
|
||||||
this e.g. if you need to save any status information across job runs.<br>
|
this e.g. if you need to save any status information accross job runs.<br>
|
||||||
Database access is specified with needsDatabaseAccess().<br>
|
Database access is specified with needsDatabaseAccess().<br>
|
||||||
<br>
|
<br>
|
||||||
There is a built-in database upgrade mechanism. Your job must return
|
There is a built-in database upgrade mechanism. Your job must return
|
||||||
|
|
|
@ -18,7 +18,7 @@ designed to be editable by hand. They do not allow to add comments and
|
||||||
have a simpler format.<br>
|
have a simpler format.<br>
|
||||||
<br>
|
<br>
|
||||||
<h2>Format</h2>
|
<h2>Format</h2>
|
||||||
There is one option per line which is formatted: <identifier>:
|
There is one option per line which is formated: <identifier>:
|
||||||
<value><br>
|
<value><br>
|
||||||
<br>
|
<br>
|
||||||
Identifier is the option's name, value is the rest of the line after
|
Identifier is the option's name, value is the rest of the line after
|
||||||
|
|
|
@ -88,10 +88,10 @@ class <span style="font-weight: bold;">toolProfileEditor</span> implements <span
|
||||||
}<br>
|
}<br>
|
||||||
<br>
|
<br>
|
||||||
/**<br>
|
/**<br>
|
||||||
* Returns the preferred position of this tool on the tools page.<br>
|
* Returns the prefered position of this tool on the tools page.<br>
|
||||||
* The position may be between 0 and 1000. 0 is the top position.<br>
|
* The position may be between 0 and 1000. 0 is the top position.<br>
|
||||||
*<br>
|
*<br>
|
||||||
* @return int preferred position<br>
|
* @return int prefered position<br>
|
||||||
*/<br>
|
*/<br>
|
||||||
function <span style="font-weight: bold;">getPosition</span>() {<br>
|
function <span style="font-weight: bold;">getPosition</span>() {<br>
|
||||||
return 100;<br>
|
return 100;<br>
|
||||||
|
|
|
@ -91,10 +91,10 @@ Example:<br>
|
||||||
<pre> }</pre>
|
<pre> }</pre>
|
||||||
<pre> </pre>
|
<pre> </pre>
|
||||||
<pre> /**</pre>
|
<pre> /**</pre>
|
||||||
<pre> * Returns the preferred position of this tool on the tools page.</pre>
|
<pre> * Returns the prefered position of this tool on the tools page.</pre>
|
||||||
<pre> * The position may be between 0 and 1000. 0 is the top position.</pre>
|
<pre> * The position may be between 0 and 1000. 0 is the top position.</pre>
|
||||||
<pre> *</pre>
|
<pre> *</pre>
|
||||||
<pre> * @return int preferred position</pre>
|
<pre> * @return int prefered position</pre>
|
||||||
<pre> */</pre>
|
<pre> */</pre>
|
||||||
<pre> function getPosition() {</pre>
|
<pre> function getPosition() {</pre>
|
||||||
<pre> return 600;</pre>
|
<pre> return 600;</pre>
|
||||||
|
|
|
@ -115,7 +115,7 @@ If you want to change more than just the labels, take a look at <span
|
||||||
style="font-weight: bold;">lib/types/user.inc</span>. When a list is
|
style="font-weight: bold;">lib/types/user.inc</span>. When a list is
|
||||||
displayed then the <span style="font-weight: bold;">showPage()</span>
|
displayed then the <span style="font-weight: bold;">showPage()</span>
|
||||||
function is called. You can overwrite this function to display a
|
function is called. You can overwrite this function to display a
|
||||||
completely new list or just one of the other functions.<br>
|
completly new list or just one of the other functions.<br>
|
||||||
<br>
|
<br>
|
||||||
<table style="width: 100%; text-align: left;" class="mod-code"
|
<table style="width: 100%; text-align: left;" class="mod-code"
|
||||||
border="0" cellpadding="2" cellspacing="2">
|
border="0" cellpadding="2" cellspacing="2">
|
||||||
|
|
|
@ -60,14 +60,6 @@ This is a list of API changes for all LAM releases.
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
<h2>6.7 -> 6.8</h2>
|
|
||||||
<ul>
|
|
||||||
<li>Module API
|
|
||||||
<ul>
|
|
||||||
<li>display_html_attributes(): use responsive HTML elements instead of tables</li>
|
|
||||||
</ul>
|
|
||||||
</li>
|
|
||||||
</ul>
|
|
||||||
<h2>6.3 -> 6.4</h2>
|
<h2>6.3 -> 6.4</h2>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Module API
|
<li>Module API
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||||
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||||
|
<appendix id="mailSetup">
|
||||||
|
<title>Setup of email (SMTP) server</title>
|
||||||
|
|
||||||
|
<para>LAM always uses a local SMTP email server on the machine where LAM
|
||||||
|
is installed. Therefore, there is no need to configure any SMTP settings
|
||||||
|
inside LAM itself.</para>
|
||||||
|
|
||||||
|
<para>The local email server should be configured to forward all emails to
|
||||||
|
your company mail server (so-called smarthost). You can use any SMTP
|
||||||
|
software that ships with a Sendmail wrapper (e.g. Exim, Postfix, QMail or
|
||||||
|
Sendmail itself).</para>
|
||||||
|
|
||||||
|
<literallayout>
|
||||||
|
|
||||||
|
</literallayout>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/lam_mail.png" />
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
</appendix>
|
||||||
|
|
|
@ -104,24 +104,6 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><inlinemediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/schema_samba.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</inlinemediaobject></entry>
|
|
||||||
|
|
||||||
<entry>AD LDS</entry>
|
|
||||||
|
|
||||||
<entry>user, group</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
|
|
||||||
<entry>AD LDS built-in</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry><inlinemediaobject>
|
<entry><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
|
|
@ -34,7 +34,7 @@
|
||||||
<section>
|
<section>
|
||||||
<title>Use of SSL</title>
|
<title>Use of SSL</title>
|
||||||
|
|
||||||
<para>The data which is transferred between you and LAM is very sensitive.
|
<para>The data which is transfered between you and LAM is very sensitive.
|
||||||
Please always use SSL encrypted connections between LAM and your browser
|
Please always use SSL encrypted connections between LAM and your browser
|
||||||
to protect yourself against network sniffers.</para>
|
to protect yourself against network sniffers.</para>
|
||||||
</section>
|
</section>
|
||||||
|
@ -257,7 +257,7 @@ semodule -i httpdlocal.pp</programlisting>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>directory contents must be accessible by browser but directory
|
<para>directory contents must be accessible by browser but directory
|
||||||
itself needs not to be browsable</para>
|
itself needs not to be browseable</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
@ -445,51 +445,4 @@ semodule -i httpdlocal.pp</programlisting>
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="a_webauthn">
|
|
||||||
<title>Webauthn/FIDO2</title>
|
|
||||||
|
|
||||||
<para>LAM allows to secure logins via <ulink
|
|
||||||
url="https://en.wikipedia.org/wiki/WebAuthn">Webauthn/FIDO2</ulink>. This
|
|
||||||
means your users login with their LDAP password and an additional hardware
|
|
||||||
token (e.g. Yubico Security Key, Windows Hello and many more).</para>
|
|
||||||
|
|
||||||
<para>Webauthn/FIDO2 is a very strong 2-factor-authentication method as it
|
|
||||||
also checks the website domain. This prevents attacks via web
|
|
||||||
proxies.</para>
|
|
||||||
|
|
||||||
<para>To use this feature you need to activate the 2-factor authentication
|
|
||||||
in LAM.</para>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">LAM admin interface</emphasis></para>
|
|
||||||
|
|
||||||
<para>Please activate Webauthn/FIDO2 in your <link
|
|
||||||
linkend="conf_serverprofile_2fa">LAM server profile</link>. Then users
|
|
||||||
will be asked to authenticate via Webauthn/FIDO2 on each login.</para>
|
|
||||||
|
|
||||||
<para>If no device is registered for a user then LAM will ask for this
|
|
||||||
during login. Afterwards, users can manage their devices with the <link
|
|
||||||
linkend="tool_webauthn">Webauthn tool</link>.</para>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">LAM Self Service</emphasis></para>
|
|
||||||
|
|
||||||
<para>Please activate Webauthn/FIDO2 in your <link
|
|
||||||
linkend="selfservice_2fa">LAM self service profile</link>. Then users will
|
|
||||||
be asked to authenticate via Webauthn/FIDO2 on each login.</para>
|
|
||||||
|
|
||||||
<para>If no device is registered for a user then LAM will ask for this
|
|
||||||
during login. Afterwards, users can manage their devices with the <link
|
|
||||||
linkend="selfservice_fields">Webauthn field</link>.</para>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Global device management</emphasis></para>
|
|
||||||
|
|
||||||
<para>This is for cases where one of your users has no more access to his
|
|
||||||
device and cannot login anymore. In this case you can delete his device(s)
|
|
||||||
in the <link linkend="confmain_webauthn">LAM main
|
|
||||||
configuration</link>.</para>
|
|
||||||
|
|
||||||
<para>Note that devices can only be deleted. Registration of devices can
|
|
||||||
only be done by the user during login or on the management pages listed
|
|
||||||
above.</para>
|
|
||||||
</section>
|
|
||||||
</appendix>
|
</appendix>
|
||||||
|
|
|
@ -85,7 +85,7 @@
|
||||||
|
|
||||||
<para>If there are any object classes or attributes missing you will get
|
<para>If there are any object classes or attributes missing you will get
|
||||||
a notice. See <link linkend="a_schema">LDAP schema files</link> for a
|
a notice. See <link linkend="a_schema">LDAP schema files</link> for a
|
||||||
list of used schemas. You may also want to deactivate unused modules in
|
list of used schemas. You may also want to deactive unused modules in
|
||||||
your LAM server profile (tab "Modules").</para>
|
your LAM server profile (tab "Modules").</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
|
|
|
@ -93,7 +93,9 @@
|
||||||
<para>If the user account has set the mail attribute then LAM can
|
<para>If the user account has set the mail attribute then LAM can
|
||||||
send your user a mail with the new password. You can change the mail
|
send your user a mail with the new password. You can change the mail
|
||||||
template to fit your needs. Please configure your LAM server profile
|
template to fit your needs. Please configure your LAM server profile
|
||||||
to setup the sender address, subject and mail body. See <link linkend="mailSetup">here</link> for setting up your
|
to setup the sender address, subject and mail body. Please see <link
|
||||||
|
linkend="mailEOL">email format option</link> in case of broken
|
||||||
|
mails. See <link linkend="mailSetup">here</link> for setting up your
|
||||||
SMTP server.</para>
|
SMTP server.</para>
|
||||||
|
|
||||||
<para>Using this method will prevent that your support staff knows
|
<para>Using this method will prevent that your support staff knows
|
||||||
|
|
|
@ -292,7 +292,7 @@
|
||||||
|
|
||||||
<para><emphasis role="bold">LAM runtime environment:</emphasis></para>
|
<para><emphasis role="bold">LAM runtime environment:</emphasis></para>
|
||||||
|
|
||||||
<para>LAM runs on PHP. Therefore, it is independent of CPU architecture
|
<para>LAM runs on PHP. Therefore, it is independant of CPU architecture
|
||||||
and operating system (OS). You can run LAM on any OS which supports
|
and operating system (OS). You can run LAM on any OS which supports
|
||||||
Apache, Nginx or other PHP compatible web servers.</para>
|
Apache, Nginx or other PHP compatible web servers.</para>
|
||||||
|
|
||||||
|
|
|
@ -60,10 +60,6 @@
|
||||||
<para>When you entered the license key then the license details can be
|
<para>When you entered the license key then the license details can be
|
||||||
seen on LAM configuration overview page.</para>
|
seen on LAM configuration overview page.</para>
|
||||||
|
|
||||||
<para>By default, LAM Pro will show a warning message on the login page
|
|
||||||
3 weeks before expiration. You can disable this here and/or send out an
|
|
||||||
email instead.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -197,41 +193,16 @@
|
||||||
<section id="conf_logging">
|
<section id="conf_logging">
|
||||||
<title>Logging</title>
|
<title>Logging</title>
|
||||||
|
|
||||||
<para>LAM can log events (e.g. user logins). You can use e.g. system
|
<para>LAM can log events (e.g. user logins). You can use system logging
|
||||||
logging (syslog for Unix, event viewer for Windows) or log to a separate
|
(syslog for Unix, event viewer for Windows) or log to a separate file.
|
||||||
file. Please note that LAM may log sensitive data (e.g. passwords) at
|
Please note that LAM may log sensitive data (e.g. passwords) at log
|
||||||
log level "Debug". Production systems should be set to "Warning" or
|
level "Debug". Production systems should be set to "Warning" or
|
||||||
"Error".</para>
|
"Error".</para>
|
||||||
|
|
||||||
<para>The PHP error reporting is only for developers. By default LAM
|
<para>The PHP error reporting is only for developers. By default LAM
|
||||||
does not show PHP notice messages in the web pages. You can select to
|
does not show PHP notice messages in the web pages. You can select to
|
||||||
use the php.ini setting here or printing all errors and notices.</para>
|
use the php.ini setting here or printing all errors and notices.</para>
|
||||||
|
|
||||||
<para>Log destinations:</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>File: all messages will be written to the given file. LAM will
|
|
||||||
create it if not yet existing.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Syslog: uses local system logging (syslog for Unix, event
|
|
||||||
viewer for Windows)</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Remote: sends log messages to a remote server that supports
|
|
||||||
the Unix <ulink url="https://www.rsyslog.com/">remote
|
|
||||||
Syslogd</ulink> protocol. Please enter destination as "server:port",
|
|
||||||
e.g. "myserver:123".</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>No logging: disabled logging</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -241,23 +212,18 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="mailSetup">
|
<section>
|
||||||
<title>Mail options (LAM Pro)</title>
|
<title>Additional options</title>
|
||||||
|
|
||||||
<para>Here you can configure the mail server settings. If you do not set
|
<para id="mailEOL"><emphasis role="bold">Email format</emphasis></para>
|
||||||
a mail server then LAM will try to use a locally installed one (e.g.
|
|
||||||
postfix, exim, sendmail).</para>
|
|
||||||
|
|
||||||
<para>SMTP setup:</para>
|
<para>Some email servers are not standards compatible. If you receive
|
||||||
|
mails that look broken you can change the line endings for sent mails
|
||||||
|
here. Default is to use "\r\n".</para>
|
||||||
|
|
||||||
<para>Mail server: enter name + port separated by ":". E.g. "server:25"
|
<para>At the moment, this option is only available in LAM Pro as there
|
||||||
will use "server" on port 25. Please note that your mail server
|
is no mail sending in the free version. See <link
|
||||||
<emphasis role="bold">must</emphasis> support TLS encryption.</para>
|
linkend="mailSetup">here</link> for setting up your SMTP server.</para>
|
||||||
|
|
||||||
<para>User name: enter the user name if your SMTP server requires
|
|
||||||
authentication</para>
|
|
||||||
|
|
||||||
<para>Password: enter the password for the user above</para>
|
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -268,33 +234,6 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="confmain_webauthn">
|
|
||||||
<title>Webauthn/FIDO2 devices</title>
|
|
||||||
|
|
||||||
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2 appendix</link>
|
|
||||||
for an overview about Webauthn/FIDO2 in LAM.</para>
|
|
||||||
|
|
||||||
<para>Here you can delete any webauthn device registrations. This
|
|
||||||
section is only shown if at least one device is registered.</para>
|
|
||||||
|
|
||||||
<para>Enter a part of the user's DN in the input box and perform a
|
|
||||||
search. LAM will show users and devices that match the search. You can
|
|
||||||
then delete a device registration. If the user has no more registered
|
|
||||||
devices then LAM will ask for registration on next login.</para>
|
|
||||||
|
|
||||||
<para>Note: You cannot add any device here. This can only be done by the
|
|
||||||
user during login, <link linkend="tool_webauthn">webauthn tool</link> or
|
|
||||||
self service.</para>
|
|
||||||
|
|
||||||
<para><screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/configGeneral8.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot></para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Change master password</title>
|
<title>Change master password</title>
|
||||||
|
|
||||||
|
@ -503,9 +442,6 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para>Hide password prompt for expired password: Hides the password
|
|
||||||
prompt when a user with expired password logs into LAM.</para>
|
|
||||||
|
|
||||||
<literallayout>
|
<literallayout>
|
||||||
</literallayout>
|
</literallayout>
|
||||||
|
|
||||||
|
@ -528,30 +464,6 @@
|
||||||
is located. The default rights for new home directories can be set,
|
is located. The default rights for new home directories can be set,
|
||||||
too.</para>
|
too.</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Note:</emphasis> This requires lamdaemon
|
|
||||||
to be installed on the remote server. This comes as separate package
|
|
||||||
for DEB/RPM. See <link linkend="a_lamdaemon">here</link>.</para>
|
|
||||||
|
|
||||||
<para>Script server format:</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>"server": "server" is the DNS name of your script
|
|
||||||
server</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>"server:NAME": NAME is the display name of this
|
|
||||||
server</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>"server:NAME:/prefix": /prefix is the directory prefix for
|
|
||||||
all operations. E.g. creating a home directory "/home/user" would
|
|
||||||
create "/prefix/home/user" then.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para>You can provide a fixed user name. If you leave the field empty
|
<para>You can provide a fixed user name. If you leave the field empty
|
||||||
then LAM will use your current account (the account you used to login
|
then LAM will use your current account (the account you used to login
|
||||||
to LAM).</para>
|
to LAM).</para>
|
||||||
|
@ -564,9 +476,7 @@
|
||||||
<para>SSH key (recommended): Please generate a SSH key pair and
|
<para>SSH key (recommended): Please generate a SSH key pair and
|
||||||
provide the location to the <emphasis
|
provide the location to the <emphasis
|
||||||
role="bold">private</emphasis> key file. If the key is protected
|
role="bold">private</emphasis> key file. If the key is protected
|
||||||
by a password you can also specify it here. Please note that only
|
by a password you can also specify it here.</para>
|
||||||
RSA keys (with "-----BEGIN RSA PRIVATE KEY-----" at the beginning
|
|
||||||
of the file) are supported.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -670,8 +580,7 @@
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para id="conf_serverprofile_2fa"><emphasis role="bold">2-factor
|
<para><emphasis role="bold">2-factor authentication</emphasis></para>
|
||||||
authentication</emphasis></para>
|
|
||||||
|
|
||||||
<para>LAM supports 2-factor authentication for your users. This means
|
<para>LAM supports 2-factor authentication for your users. This means
|
||||||
the user will not only authenticate by user+password but also with
|
the user will not only authenticate by user+password but also with
|
||||||
|
@ -687,139 +596,11 @@
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><ulink url="https://www.yubico.com/">YubiKey</ulink></para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><ulink url="https://duo.com/">Duo</ulink></para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><ulink
|
|
||||||
url="https://webauthn.io/">Webauthn/FIDO2</ulink></para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para>Configuration options:</para>
|
<para>By default LAM will enforce to use a token and reject users that
|
||||||
|
did not setup one. You can set this check to optional. But if a user
|
||||||
<para><emphasis role="bold">privacyIDEA</emphasis></para>
|
has setup a token then this will always be required.</para>
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>Base URL: please enter the URL of your privacyIDEA
|
|
||||||
instance</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>User name attribute: please enter the LDAP attribute name
|
|
||||||
that contains the user ID (e.g. "uid").</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Optional: By default LAM will enforce to use a token and
|
|
||||||
reject users that did not setup one. You can set this check to
|
|
||||||
optional. But if a user has setup a token then this will always be
|
|
||||||
required.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Disable certificate check: This should be used on
|
|
||||||
development instances only. It skips the certificate check when
|
|
||||||
connecting to verification server.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">YubiKey</emphasis></para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>Base URLs: please enter the URL(s) of your YubiKey
|
|
||||||
verification server(s). If you run a custom verification API such
|
|
||||||
as yubiserver then enter its URL (e.g.
|
|
||||||
http://www.example.com:8000/wsapi/2.0/verify). The URL needs to
|
|
||||||
end with "/wsapi/2.0/verify". For YubiKey cloud these are
|
|
||||||
"https://api.yubico.com/wsapi/2.0/verify",
|
|
||||||
"https://api2.yubico.com/wsapi/2.0/verify",
|
|
||||||
"https://api3.yubico.com/wsapi/2.0/verify",
|
|
||||||
"https://api4.yubico.com/wsapi/2.0/verify" and
|
|
||||||
"https://api5.yubico.com/wsapi/2.0/verify". Enter one URL per
|
|
||||||
line.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Client id: this is only required for YubiKey cloud. You can
|
|
||||||
register here: https://upgrade.yubico.com/getapikey/</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Secret key: this is only required for YubiKey cloud. You can
|
|
||||||
register here: https://upgrade.yubico.com/getapikey/</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Optional: By default LAM will enforce to use a token and
|
|
||||||
reject users that did not setup one. You can set this check to
|
|
||||||
optional. But if a user has setup a token then this will always be
|
|
||||||
required.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Disable certificate check: This should be used on
|
|
||||||
development instances only. It skips the certificate check when
|
|
||||||
connecting to verification server.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Duo</emphasis></para>
|
|
||||||
|
|
||||||
<para>This requires to register a new "Web SDK" application in your
|
|
||||||
Duo admin panel.</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>User name attribute: please enter the LDAP attribute name
|
|
||||||
that contains the user ID (e.g. "uid").</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Base URL: please enter the API-URL of your Duo instance
|
|
||||||
(e.g. api-12345.duosecurity.com).</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Client id: please enter your integration key.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Secret key: please enter your secret key.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Webauthn/FIDO2</emphasis></para>
|
|
||||||
|
|
||||||
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2
|
|
||||||
appendix</link> for an overview about Webauthn/FIDO2 in LAM.</para>
|
|
||||||
|
|
||||||
<para>Users will be asked to register a device during login if no
|
|
||||||
device is setup.</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>Domain: Please enter the WebAuthn domain. This is the public
|
|
||||||
domain of the web server (e.g. "example.com"). Do not include
|
|
||||||
protocol or port. Browsers will reject authentication if the
|
|
||||||
domain does not match the web server domain.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Optional: By default LAM will enforce to use a 2FA device
|
|
||||||
and reject users that do not setup one. You can set this check to
|
|
||||||
optional. But if a user has setup a device then this will always
|
|
||||||
be required.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -1121,11 +902,6 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
move expired accounts</link></para>
|
move expired accounts</link></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><link linkend="job_shadow_account_expiration_note">Shadow:
|
|
||||||
Notify users about account expiration</link></para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><link linkend="job_windows_password_expire">Windows: Notify
|
<para><link linkend="job_windows_password_expire">Windows: Notify
|
||||||
users about password expiration</link></para>
|
users about password expiration</link></para>
|
||||||
|
@ -1141,11 +917,6 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
move expired accounts</link></para>
|
move expired accounts</link></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><link linkend="job_windows_notify_groups">Windows: Notify
|
|
||||||
users about their managed groups</link></para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><link linkend="job_freeradius_move_expired">FreeRadius:
|
<para><link linkend="job_freeradius_move_expired">FreeRadius:
|
||||||
Delete or move expired accounts</link></para>
|
Delete or move expired accounts</link></para>
|
||||||
|
@ -1526,90 +1297,6 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</table>
|
</table>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="job_shadow_account_expiration_note">
|
|
||||||
<title>Shadow: Notify users about account expiration</title>
|
|
||||||
|
|
||||||
<para>This will send your users an email reminder before their whole
|
|
||||||
account expires.</para>
|
|
||||||
|
|
||||||
<para>You need to activate the Shadow module for users to be able to
|
|
||||||
add this job. The job can be added multiple times (e.g. to send a
|
|
||||||
second warning at a later time).</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/jobs_shadow3.png"/>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para><table>
|
|
||||||
<title>Options</title>
|
|
||||||
|
|
||||||
<tgroup cols="2">
|
|
||||||
<tbody>
|
|
||||||
<row>
|
|
||||||
<entry><emphasis role="bold">Option</emphasis></entry>
|
|
||||||
|
|
||||||
<entry><emphasis
|
|
||||||
role="bold">Description</emphasis></entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>From address</entry>
|
|
||||||
|
|
||||||
<entry>The email address to set as FROM.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Reply-to address</entry>
|
|
||||||
|
|
||||||
<entry>Optional Reply-to address for email.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>CC address</entry>
|
|
||||||
|
|
||||||
<entry>Optional CC mail address.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>BCC address</entry>
|
|
||||||
|
|
||||||
<entry>Optional BCC mail address.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Subject</entry>
|
|
||||||
|
|
||||||
<entry>The email subject line. Supports wildcards, see
|
|
||||||
below.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Text</entry>
|
|
||||||
|
|
||||||
<entry>The email body text. Supports wildcards, see
|
|
||||||
below.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Notification period</entry>
|
|
||||||
|
|
||||||
<entry>Number of days to notify before account
|
|
||||||
expires.</entry>
|
|
||||||
</row>
|
|
||||||
</tbody>
|
|
||||||
</tgroup>
|
|
||||||
</table>Wildcards:</para>
|
|
||||||
|
|
||||||
<para>You can enter LDAP attributes as wildcards in the form
|
|
||||||
@@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
|
|
||||||
For the common name it would be "@@cn@@".</para>
|
|
||||||
|
|
||||||
<para>There are also two special wildcards for the expiration date.
|
|
||||||
@@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016".
|
|
||||||
@@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
|
|
||||||
"2016-12-31".</para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section id="job_windows_password_expire">
|
<section id="job_windows_password_expire">
|
||||||
<title>Windows: Notify users about password expiration</title>
|
<title>Windows: Notify users about password expiration</title>
|
||||||
|
|
||||||
|
@ -1834,95 +1521,6 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</table>
|
</table>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="job_windows_notify_groups">
|
|
||||||
<title>Windows: Notify users about their managed groups</title>
|
|
||||||
|
|
||||||
<para>This will send your users an email with the groups they
|
|
||||||
manage. This also includes a list of users in these groups. The
|
|
||||||
users and groups are searched using the user+group account types
|
|
||||||
that are specified in server profile.</para>
|
|
||||||
|
|
||||||
<para>You need to activate the Windows module for users to be able
|
|
||||||
to add this job. The job can be added multiple times.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/jobs_windowsNotifyGroups.png"/>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para><table>
|
|
||||||
<title>Options</title>
|
|
||||||
|
|
||||||
<tgroup cols="2">
|
|
||||||
<tbody>
|
|
||||||
<row>
|
|
||||||
<entry><emphasis role="bold">Option</emphasis></entry>
|
|
||||||
|
|
||||||
<entry><emphasis
|
|
||||||
role="bold">Description</emphasis></entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>From address</entry>
|
|
||||||
|
|
||||||
<entry>The email address to set as FROM.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Reply-to address</entry>
|
|
||||||
|
|
||||||
<entry>Optional Reply-to address for email.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>CC address</entry>
|
|
||||||
|
|
||||||
<entry>Optional CC mail address.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>BCC address</entry>
|
|
||||||
|
|
||||||
<entry>Optional BCC mail address.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Subject</entry>
|
|
||||||
|
|
||||||
<entry>The email subject line. Supports wildcards, see
|
|
||||||
below.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>HTML format</entry>
|
|
||||||
|
|
||||||
<entry>Send email as HTML instead of plain text.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Text</entry>
|
|
||||||
|
|
||||||
<entry>The email body text. Supports wildcards, see
|
|
||||||
below.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Period</entry>
|
|
||||||
|
|
||||||
<entry>Defines how often the mail is sent (e.g.
|
|
||||||
quarterly).</entry>
|
|
||||||
</row>
|
|
||||||
</tbody>
|
|
||||||
</tgroup>
|
|
||||||
</table>Wildcards:</para>
|
|
||||||
|
|
||||||
<para>You can enter LDAP attributes as wildcards in the form
|
|
||||||
@@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
|
|
||||||
For the common name it would be "@@cn@@".</para>
|
|
||||||
|
|
||||||
<para>Use the wildcard "@@LAM_MANAGED_GROUPS@@" to insert the group
|
|
||||||
listing. This wildcard is mandatory.</para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section id="job_freeradius_move_expired">
|
<section id="job_freeradius_move_expired">
|
||||||
<title>FreeRadius: Delete or move expired accounts</title>
|
<title>FreeRadius: Delete or move expired accounts</title>
|
||||||
|
|
||||||
|
@ -2305,50 +1903,4 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>Self Service (LAM Pro)</title>
|
|
||||||
|
|
||||||
<para>See <link linkend="a_selfService">Self Service
|
|
||||||
chapter</link>.</para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>Import and export configuration</title>
|
|
||||||
|
|
||||||
<para>Here you can export and import LAM's whole configuration. You can
|
|
||||||
use this to backup the configuration or migrate from one server to
|
|
||||||
another.</para>
|
|
||||||
|
|
||||||
<para>You will need to login with the configuration master password to use
|
|
||||||
this feature.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/confImportExport1.png"/>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Export</emphasis></para>
|
|
||||||
|
|
||||||
<para>This will dump the whole configuration to one big single file. It is
|
|
||||||
not possible to dump only parts of the configuration. During import you
|
|
||||||
can select what exactly to import.</para>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Import</emphasis></para>
|
|
||||||
|
|
||||||
<para>Please select the import file first and submit. LAM will then
|
|
||||||
present you possible import data. You can select what to import using the
|
|
||||||
checkboxes.</para>
|
|
||||||
|
|
||||||
<para>Please note that LAM will not delete e.g. server profiles that are
|
|
||||||
not in the import file.</para>
|
|
||||||
|
|
||||||
<para>Example: You have profile1+profile2 in your LAM installation and
|
|
||||||
profile2+profile3 in your import file. When you select to import all
|
|
||||||
server profiles then profile1 stays untouched, profile2 will be
|
|
||||||
overwritten and profile3 will be added.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/confImportExport2.png"/>
|
|
||||||
</screenshot>
|
|
||||||
</section>
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Apache/Nginx webserver (SSL recommended) with PHP module (PHP
|
<para>Apache/Nginx webserver (SSL recommended) with PHP module (PHP
|
||||||
(>= 7.0.0) with ldap, gettext, xml, openssl and optional
|
(>= 5.6.0) with ldap, gettext, xml, openssl and optional
|
||||||
OpenSSL)</para>
|
OpenSSL)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
@ -150,9 +150,9 @@
|
||||||
role="bold">rpm -i <path to LAM
|
role="bold">rpm -i <path to LAM
|
||||||
package></emphasis></para><literallayout>
|
package></emphasis></para><literallayout>
|
||||||
</literallayout><para><emphasis role="bold">Note:</emphasis> The RPM packages
|
</literallayout><para><emphasis role="bold">Note:</emphasis> The RPM packages
|
||||||
do not contain a dependency to PHP due to the various package
|
for Fedora/CentOS do not contain a dependency to PHP due to
|
||||||
names for it. Please make sure that you install Apache/Nginx
|
the various package names for it. Please make sure that you
|
||||||
with PHP.</para></entry>
|
install Apache/Nginx with PHP.</para></entry>
|
||||||
</row>
|
</row>
|
||||||
</tbody>
|
</tbody>
|
||||||
</tgroup>
|
</tgroup>
|
||||||
|
@ -313,45 +313,6 @@
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>Docker</title>
|
|
||||||
|
|
||||||
<para>You can run LAM inside Docker.</para>
|
|
||||||
|
|
||||||
<para>Possible environment variables are documented in the <ulink
|
|
||||||
url="https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env">sample
|
|
||||||
.env</ulink> file.</para>
|
|
||||||
|
|
||||||
<para>See here:</para>
|
|
||||||
|
|
||||||
<para><ulink
|
|
||||||
url="https://hub.docker.com/r/ldapaccountmanager/lam">https://hub.docker.com/r/ldapaccountmanager/lam</ulink></para>
|
|
||||||
|
|
||||||
<para/>
|
|
||||||
|
|
||||||
<para>LAM Pro:</para>
|
|
||||||
|
|
||||||
<para>Please request access at support providing your Docker Hub user
|
|
||||||
ID.</para>
|
|
||||||
|
|
||||||
<para><ulink
|
|
||||||
url="https://hub.docker.com/r/ldapaccountmanager/lampro">https://hub.docker.com/r/ldapaccountmanager/lampro</ulink></para>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Configuration files</emphasis></para>
|
|
||||||
|
|
||||||
<para>All configuration files are stored in:</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>/etc/ldap-account-manager</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>/var/lib/ldap-account-manager</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>System configuration</title>
|
<title>System configuration</title>
|
||||||
|
|
||||||
|
@ -613,40 +574,6 @@
|
||||||
version. Unless explicitly noticed there is no need to install an
|
version. Unless explicitly noticed there is no need to install an
|
||||||
intermediate release.</para>
|
intermediate release.</para>
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>7.2 -> 7.3</title>
|
|
||||||
|
|
||||||
<para>No actions required.</para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>7.1 -> 7.2</title>
|
|
||||||
|
|
||||||
<para>LAM Pro: All emails need a specified FROM address. This affects
|
|
||||||
password email, self registration, password self reset and cron
|
|
||||||
emails.</para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>6.7 -> 7.1</title>
|
|
||||||
|
|
||||||
<para>No actions required.</para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>6.6 -> 6.7</title>
|
|
||||||
|
|
||||||
<para>Self service: please verify the self service base URL in your
|
|
||||||
self service profiles in case you have password self reset / user self
|
|
||||||
registration enabled.</para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>6.5 -> 6.6</title>
|
|
||||||
|
|
||||||
<para>No actions required.</para>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>6.4 -> 6.5</title>
|
<title>6.4 -> 6.5</title>
|
||||||
|
|
||||||
|
|
|
@ -1349,146 +1349,6 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
|
|
||||||
|
|
||||||
<para>Please activate the account type "Users" in your LAM server
|
|
||||||
profile and then add the user module "AD LDS
|
|
||||||
(windowsLDSUser)(*)".</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_windowsUser4.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para>The default list attributes are for Unix and not suitable for AD
|
|
||||||
LDS (blank lines in account table). Please use
|
|
||||||
"#cn;#givenName;#sn;#mail" or select your own attributes to display in
|
|
||||||
the account list.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_adLds1.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para>On tab "Module settings" you can specify the possible Windows
|
|
||||||
domain names.</para>
|
|
||||||
|
|
||||||
<para>You can also set maximum values for user photos in advanced
|
|
||||||
options.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata contentwidth="1172" fileref="images/mod_adLds3.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para>Now you can manage your AD LDS users and e.g. assign groups. You
|
|
||||||
might want to set the default domain name in the <link
|
|
||||||
linkend="a_accountProfile">profile editor</link>.</para>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Attention:</emphasis></para>
|
|
||||||
|
|
||||||
<para>Password changes require a secure connection via ldaps://. Check
|
|
||||||
your LAM server profile if password changes are refused by the
|
|
||||||
server.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_adLds4a.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_adLds4b.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Wildcards</emphasis></para>
|
|
||||||
|
|
||||||
<para>This module provides the following wildcards (others may be
|
|
||||||
provided by other modules):</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>$firstname: First name</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>$lastname: Last name</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>$user: User name</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>$commonname: Common name</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>$email: Email address</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para>You can use them in the following input fields on user edit
|
|
||||||
screen:</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>Common name</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Display name</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Email</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Email alias</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para>Use this when some of your data always follows the same schema.
|
|
||||||
E.g. using "$firstname $lastname" in common name field can be used like
|
|
||||||
this to get "Demo User". You can set the wildcards in profile editor so
|
|
||||||
they are automatically applied for new users.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_adLds5a.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para/>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_adLds5b.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Filesystem quota (lamdaemon)</title>
|
<title>Filesystem quota (lamdaemon)</title>
|
||||||
|
|
||||||
|
@ -1807,7 +1667,7 @@
|
||||||
<para><emphasis role="bold">Setup password changing</emphasis></para>
|
<para><emphasis role="bold">Setup password changing</emphasis></para>
|
||||||
|
|
||||||
<para>LAM Pro cannot generate the password hashes itself because Heimdal
|
<para>LAM Pro cannot generate the password hashes itself because Heimdal
|
||||||
uses a proprietary format for them. Therefore, LAM Pro needs to call e.g.
|
uses a propietary format for them. Therefore, LAM Pro needs to call e.g.
|
||||||
kadmin to set the password.</para>
|
kadmin to set the password.</para>
|
||||||
|
|
||||||
<para>The wildcards @@password@@ and @@principal@@ are replaced with
|
<para>The wildcards @@password@@ and @@principal@@ are replaced with
|
||||||
|
@ -1856,7 +1716,7 @@
|
||||||
<para><emphasis role="bold">Setup password changing</emphasis></para>
|
<para><emphasis role="bold">Setup password changing</emphasis></para>
|
||||||
|
|
||||||
<para>LAM Pro cannot generate the password hashes itself because MIT
|
<para>LAM Pro cannot generate the password hashes itself because MIT
|
||||||
uses a proprietary format for them. Therefore, LAM Pro needs to call
|
uses a propietary format for them. Therefore, LAM Pro needs to call
|
||||||
kadmin/kadmin.local to set the password.</para>
|
kadmin/kadmin.local to set the password.</para>
|
||||||
|
|
||||||
<para>LAM will add "-q 'cpw -pw PASSWORD PRINCIPAL'" to the command to
|
<para>LAM will add "-q 'cpw -pw PASSWORD PRINCIPAL'" to the command to
|
||||||
|
@ -1870,9 +1730,9 @@
|
||||||
password change.</para>
|
password change.</para>
|
||||||
|
|
||||||
<para>Please note that kadmin/kadmin.local often returns a successful
|
<para>Please note that kadmin/kadmin.local often returns a successful
|
||||||
command even if errors occurred (e.g. password policy violations). You
|
command even if errors occured (e.g. password policy violations). You
|
||||||
need to test this before and if affected then write a wrapper script
|
need to test this before and if affected then write a wrapper script
|
||||||
around kadmin that returns non-zero return codes for errors.</para>
|
arround kadmin that returns non-zero return codes for errors.</para>
|
||||||
|
|
||||||
<para>Example commands:</para>
|
<para>Example commands:</para>
|
||||||
|
|
||||||
|
@ -1956,7 +1816,7 @@
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para>You can add the user to existing alias entries or create completely
|
<para>You can add the user to existing alias entries or create completly
|
||||||
new ones.</para>
|
new ones.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
|
@ -2283,7 +2143,7 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
security reasons.</para>
|
security reasons.</para>
|
||||||
|
|
||||||
<para>The user name can either be a fixed name (e.g. "admin") or it can
|
<para>The user name can either be a fixed name (e.g. "admin") or it can
|
||||||
be generated with LDAP attributes of the LAM admin user. E.g. $uid$ will
|
be generated with LDAP attributes of the LAM admn user. E.g. $uid$ will
|
||||||
be transformed to "myUser" if you login with
|
be transformed to "myUser" if you login with
|
||||||
"uid=myUser,ou=people,dc=example,dc=com".</para>
|
"uid=myUser,ou=people,dc=example,dc=com".</para>
|
||||||
|
|
||||||
|
@ -2399,8 +2259,8 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
|
|
||||||
<para><emphasis role="bold">Configuration</emphasis></para>
|
<para><emphasis role="bold">Configuration</emphasis></para>
|
||||||
|
|
||||||
<para>Special Please add the account type "Groups" and then select
|
<para>Please add the account type "Groups" and then select account
|
||||||
account module "Unix (posixGroup)".</para>
|
module "Unix (posixGroup)".</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -2410,43 +2270,6 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para>Virtual list attributes:</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/mod_unixGroupConfig2.png"/>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para>The following virtual attributes can be shown in the group list.
|
|
||||||
These are no real LDAP attributes but extra data that can be shown by
|
|
||||||
LAM.</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>memberuid_count: number of entries in attribute
|
|
||||||
"memberuid"</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>member_count: number of entries in attribute "member"</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>uniqueMember_count: number of entries in attribute
|
|
||||||
"uniquemember"</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>owner_count: number of entries in attribute "owner"</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>roleOccupant_count: number of entries in attribute
|
|
||||||
"roleOccupant"</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para>Module settings:</para>
|
|
||||||
|
|
||||||
<para>GID generator: LAM will suggest GID numbers for your accounts.
|
<para>GID generator: LAM will suggest GID numbers for your accounts.
|
||||||
Please note that it may happen that there are duplicate IDs assigned if
|
Please note that it may happen that there are duplicate IDs assigned if
|
||||||
users create groups at the same time. Use an <ulink
|
users create groups at the same time. Use an <ulink
|
||||||
|
@ -2720,52 +2543,6 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
|
|
||||||
|
|
||||||
<para>LAM can manage your AD LDS groups. Please enable the account type
|
|
||||||
"Groups" in your LAM server profile and then add the group module "AD
|
|
||||||
LDS (windowsLDSGroup)(*)".</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_windowsGroup3.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para>The default list attributes are for Unix and not suitable for AD
|
|
||||||
LDS (blank lines in account table). Please use
|
|
||||||
"#cn;#member;#description" or select your own attributes to display in
|
|
||||||
the account list.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_adLds2.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para/>
|
|
||||||
|
|
||||||
<para>Now you can edit your groups inside LAM. You can manage the group
|
|
||||||
name, description and its type. Of course, you can also set the group
|
|
||||||
members.</para>
|
|
||||||
|
|
||||||
<para>With "Show effective members" you can show a list of all members
|
|
||||||
of this group including members of subgroups and their subgroups.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/mod_adLds6.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Kolab</title>
|
<title>Kolab</title>
|
||||||
|
|
||||||
|
@ -3259,38 +3036,6 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para>Virtual list attributes:</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/mod_gon.png"/>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para>The following virtual attributes can be shown in the group list.
|
|
||||||
These are no real LDAP attributes but extra data that can be shown by
|
|
||||||
LAM.</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>member_count: number of entries in attribute "member"</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>uniqueMember_count: number of entries in attribute
|
|
||||||
"uniquemember"</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>owner_count: number of entries in attribute "owner"</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>roleOccupant_count: number of entries in attribute
|
|
||||||
"roleOccupant"</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para>Module settings:</para>
|
|
||||||
|
|
||||||
<para>On the module settings tab you set some options like the display
|
<para>On the module settings tab you set some options like the display
|
||||||
format for members/owners and if fields like description should not be
|
format for members/owners and if fields like description should not be
|
||||||
displayed.</para>
|
displayed.</para>
|
||||||
|
@ -4353,13 +4098,9 @@ Run slapindex to rebuild the index.
|
||||||
extension to the DNS server <ulink
|
extension to the DNS server <ulink
|
||||||
url="http://www.isc.org/software/bind">Bind</ulink> that allows to store
|
url="http://www.isc.org/software/bind">Bind</ulink> that allows to store
|
||||||
DNS entries inside LDAP. Please install the Bind DLZ schema file on your
|
DNS entries inside LDAP. Please install the Bind DLZ schema file on your
|
||||||
LDAP server. It is part of the Bind download. You can also get it from
|
LDAP server. It is part of the DLZ patch.</para>
|
||||||
Bind's <ulink
|
|
||||||
url="https://gitlab.isc.org/isc-projects/bind9/blob/master/contrib/dlz/modules/ldap/testing/dlz.schema">git
|
|
||||||
repository</ulink>.</para>
|
|
||||||
|
|
||||||
<section>
|
<para><emphasis role="bold">Configuration</emphasis></para>
|
||||||
<title>Configuration</title>
|
|
||||||
|
|
||||||
<para>First, you need to add the Bind DNS account type and the Bind DLZ
|
<para>First, you need to add the Bind DNS account type and the Bind DLZ
|
||||||
module:</para>
|
module:</para>
|
||||||
|
@ -4372,9 +4113,8 @@ Run slapindex to rebuild the index.
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para>Please set the LDAP suffix either to an existing DNS zone
|
<para>Please set the LDAP suffix either to an existing DNS zone (dlzZone)
|
||||||
(dlzZone) or an organizational unit that should include your DNS
|
or an organizational unit that should include your DNS zones.</para>
|
||||||
zones.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4387,9 +4127,6 @@ Run slapindex to rebuild the index.
|
||||||
<literallayout>
|
<literallayout>
|
||||||
</literallayout>
|
</literallayout>
|
||||||
|
|
||||||
<para>For regular entry management use "DNS entry (bindDLZ)(*)"
|
|
||||||
module.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -4398,23 +4135,6 @@ Run slapindex to rebuild the index.
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para><emphasis role="bold">XFR</emphasis></para>
|
|
||||||
|
|
||||||
<para>If you want to edit XFR entries please add a second account type
|
|
||||||
for XFR. Recommended list attributes are
|
|
||||||
"#dlzipaddr;#dlzrecordid".</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/mod_bind13.png"/>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para>Now use the "XFR (bindDLZXfr)(*)" module for this account
|
|
||||||
type.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/mod_bind14.png"/>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Automatic PTR management</emphasis></para>
|
<para><emphasis role="bold">Automatic PTR management</emphasis></para>
|
||||||
|
|
||||||
<para>LAM can automatically create/delete PTR entries for the entered
|
<para>LAM can automatically create/delete PTR entries for the entered
|
||||||
|
@ -4436,12 +4156,12 @@ Run slapindex to rebuild the index.
|
||||||
<para><emphasis role="bold">Zone management</emphasis></para>
|
<para><emphasis role="bold">Zone management</emphasis></para>
|
||||||
|
|
||||||
<para>If you do not yet have a DNS zone then LAM can create one for you.
|
<para>If you do not yet have a DNS zone then LAM can create one for you.
|
||||||
In list view switch the suffix to an organizational unit DN. Now you
|
In list view switch the suffix to an organizational unit DN. Now you will
|
||||||
will see a button "New zone".</para>
|
see a button "New zone".</para>
|
||||||
|
|
||||||
<para>This will create the zone container entry and a default DNS entry
|
<para>This will create the zone container entry and a default DNS entry
|
||||||
"@" for authoritative information. Now switch the suffix to your new
|
"@" for authoritative information. Now switch the suffix to your new zone
|
||||||
zone and start adding DNS entries.</para>
|
and start adding DNS entries.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4450,10 +4170,8 @@ Run slapindex to rebuild the index.
|
||||||
</imageobject>
|
</imageobject>
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<para><emphasis role="bold">DNS entries</emphasis></para>
|
||||||
<title>DNS entries</title>
|
|
||||||
|
|
||||||
<para>LAM supports the following DNS record types:</para>
|
<para>LAM supports the following DNS record types:</para>
|
||||||
|
|
||||||
|
@ -4497,9 +4215,9 @@ Run slapindex to rebuild the index.
|
||||||
<para><emphasis role="bold">Authoritative (SOA) and name server (NS)
|
<para><emphasis role="bold">Authoritative (SOA) and name server (NS)
|
||||||
records</emphasis></para>
|
records</emphasis></para>
|
||||||
|
|
||||||
<para>Here you can manage general information about the zone like
|
<para>Here you can manage general information about the zone like timeouts
|
||||||
timeouts and name servers. Please note that name servers must be
|
and name servers. Please note that name servers must be inserted in a
|
||||||
inserted in a special format (dot at the end).</para>
|
special format (dot at the end).</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4530,9 +4248,9 @@ Run slapindex to rebuild the index.
|
||||||
|
|
||||||
<para><emphasis role="bold">Reverse DNS entries</emphasis></para>
|
<para><emphasis role="bold">Reverse DNS entries</emphasis></para>
|
||||||
|
|
||||||
<para>Reverse DNS entries are important when you need to find the DNS
|
<para>Reverse DNS entries are important when you need to find the DNS name
|
||||||
name that is associated with a given IP address. Reverse DNS entries are
|
that is associated with a given IP address. Reverse DNS entries are stored
|
||||||
stored in a separate DNS zone.</para>
|
in a separate DNS zone.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4580,8 +4298,8 @@ Run slapindex to rebuild the index.
|
||||||
|
|
||||||
<para><emphasis role="bold">Text records (TXT)</emphasis></para>
|
<para><emphasis role="bold">Text records (TXT)</emphasis></para>
|
||||||
|
|
||||||
<para>Text records can be added to store a description or other data
|
<para>Text records can be added to store a description or other data (e.g.
|
||||||
(e.g. SPF information).</para>
|
SPF information).</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4596,8 +4314,8 @@ Run slapindex to rebuild the index.
|
||||||
|
|
||||||
<para><emphasis role="bold">Services (SRV)</emphasis></para>
|
<para><emphasis role="bold">Services (SRV)</emphasis></para>
|
||||||
|
|
||||||
<para>Service records can be used to specify which servers provide
|
<para>Service records can be used to specify which servers provide common
|
||||||
common services such as LDAP. Please note that the host name must be
|
services such as LDAP. Please note that the host name must be
|
||||||
_SERVICE._PROTOCOL (e.g. _ldap._tcp).</para>
|
_SERVICE._PROTOCOL (e.g. _ldap._tcp).</para>
|
||||||
|
|
||||||
<literallayout>
|
<literallayout>
|
||||||
|
@ -4628,8 +4346,8 @@ Run slapindex to rebuild the index.
|
||||||
|
|
||||||
<para><emphasis role="bold">File upload</emphasis></para>
|
<para><emphasis role="bold">File upload</emphasis></para>
|
||||||
|
|
||||||
<para>You can upload complete DNS zones via LAM's file upload. Here is
|
<para>You can upload complete DNS zones via LAM's file upload. Here is an
|
||||||
an example for a zone file and the corresponding CSV file.</para>
|
example for a zone file and the corresponding CSV file.</para>
|
||||||
|
|
||||||
<table>
|
<table>
|
||||||
<title>Zone file</title>
|
<title>Zone file</title>
|
||||||
|
@ -4733,11 +4451,11 @@ Run slapindex to rebuild the index.
|
||||||
<para>Please check that you have an existing zone entry that can be used
|
<para>Please check that you have an existing zone entry that can be used
|
||||||
for the file upload. See above to create a new zone.</para>
|
for the file upload. See above to create a new zone.</para>
|
||||||
|
|
||||||
<para>Hint: If you use the function above to create a new zone then
|
<para>Hint: If you use the function above to create a new zone then please
|
||||||
please skip the "@" entry in the CSV file below. LAM creates this entry
|
skip the "@" entry in the CSV file below. LAM creates this entry with
|
||||||
with sample data.</para>
|
sample data.</para>
|
||||||
|
|
||||||
<para>In this example we assume that the following zone entry
|
<para>In this example we assume that the following zone extry
|
||||||
exists:</para>
|
exists:</para>
|
||||||
|
|
||||||
<literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com
|
<literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com
|
||||||
|
@ -4751,25 +4469,6 @@ objectclass: top
|
||||||
url="resources/bindUpload.csv">bindUpload.csv</ulink></para>
|
url="resources/bindUpload.csv">bindUpload.csv</ulink></para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
|
||||||
<title>XFR entries</title>
|
|
||||||
|
|
||||||
<para>You can manage the XFR entries in the second tab that you
|
|
||||||
configured before.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/mod_bind16.png"/>
|
|
||||||
</screenshot>
|
|
||||||
|
|
||||||
<para>For each XFR entry you can set a record ID and the IP
|
|
||||||
address.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/mod_bind15.png"/>
|
|
||||||
</screenshot>
|
|
||||||
</section>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Aliases (LAM Pro)</title>
|
<title>Aliases (LAM Pro)</title>
|
||||||
|
|
||||||
|
@ -5360,7 +5059,7 @@ OK (10 msec)</programlisting>
|
||||||
<para>LAM will display a default icon and "Custom fields" as label if you
|
<para>LAM will display a default icon and "Custom fields" as label if you
|
||||||
do not enter any values.</para>
|
do not enter any values.</para>
|
||||||
|
|
||||||
<para>You may also specify how LAM displays custom fields when there are
|
<para>You may also specify how LAM displays cutom fields when there are
|
||||||
multiple field groups. The default is accordion view where you can switch
|
multiple field groups. The default is accordion view where you can switch
|
||||||
field groups by clicking on the title. You may also deactivate this mode.
|
field groups by clicking on the title. You may also deactivate this mode.
|
||||||
Then all field groups are displayed one below the other.</para>
|
Then all field groups are displayed one below the other.</para>
|
||||||
|
@ -5375,7 +5074,7 @@ OK (10 msec)</programlisting>
|
||||||
|
|
||||||
<para><emphasis role="bold">Defining groups:</emphasis></para>
|
<para><emphasis role="bold">Defining groups:</emphasis></para>
|
||||||
|
|
||||||
<para>All input fields are divided into groups. A group may contain one or
|
<para>All input fields are devided into groups. A group may contain one or
|
||||||
more object classes and allows you to add/remove a certain set of input
|
more object classes and allows you to add/remove a certain set of input
|
||||||
fields.</para>
|
fields.</para>
|
||||||
|
|
||||||
|
@ -5665,10 +5364,6 @@ OK (10 msec)</programlisting>
|
||||||
<para>Attribute name: The values of this attribute will be used to build
|
<para>Attribute name: The values of this attribute will be used to build
|
||||||
the selection list.</para>
|
the selection list.</para>
|
||||||
|
|
||||||
<para>Display attributes: List of attributes to show as label for the
|
|
||||||
options in select box. Attribute wildcards are surrounded by "$", e.g.
|
|
||||||
"$cn$" will be replaced by "cn" attribute. Default is "$dn$".</para>
|
|
||||||
|
|
||||||
<para>Presentation:</para>
|
<para>Presentation:</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
|
@ -5724,7 +5419,7 @@ OK (10 msec)</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>§attribute|;§; attribute values separated by ";" (you can set
|
<para>§attribute|;§; attribute values separted by ";" (you can set
|
||||||
other separators if you want)</para>
|
other separators if you want)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
@ -5840,7 +5535,7 @@ OK (10 msec)</programlisting>
|
||||||
<para>LAM Pro allows you to execute scripts whenever an account is
|
<para>LAM Pro allows you to execute scripts whenever an account is
|
||||||
created, modified or deleted. This can be useful to automate processes
|
created, modified or deleted. This can be useful to automate processes
|
||||||
which needed manual work afterwards (e.g. sending your user a welcome mail
|
which needed manual work afterwards (e.g. sending your user a welcome mail
|
||||||
or register a mailbox). Additionally, you can specify manual scripts that
|
or register a mailbox). Additionally, you can specify manual scipts that
|
||||||
can be executed from within LAM Pro.</para>
|
can be executed from within LAM Pro.</para>
|
||||||
|
|
||||||
<para>To activate this feature please add the "Custom scripts" module to
|
<para>To activate this feature please add the "Custom scripts" module to
|
||||||
|
@ -5974,7 +5669,7 @@ OK (10 msec)</programlisting>
|
||||||
<para>You can switch LAM's logging to debug mode if you are unsure which
|
<para>You can switch LAM's logging to debug mode if you are unsure which
|
||||||
attributes with which values are available.</para>
|
attributes with which values are available.</para>
|
||||||
|
|
||||||
<para>The following special wildcards are available for automatic
|
<para>The following special wildcards are available for automatical
|
||||||
scripts:</para>
|
scripts:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
|
|
@ -204,34 +204,6 @@
|
||||||
url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink>.</entry>
|
url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink>.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Default language</entry>
|
|
||||||
|
|
||||||
<entry>This language is preselected on login.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Enforce language</entry>
|
|
||||||
|
|
||||||
<entry>Disables language selection and uses default
|
|
||||||
language.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Time zone</entry>
|
|
||||||
|
|
||||||
<entry>Please provide your time zone.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Base URL</entry>
|
|
||||||
|
|
||||||
<entry>Please enter the base URL of your webserver (e.g.
|
|
||||||
https://www.example.com). This is used to generate links in
|
|
||||||
emails for password self reset and user self
|
|
||||||
registration.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Login attribute label</entry>
|
<entry>Login attribute label</entry>
|
||||||
|
|
||||||
|
@ -250,29 +222,15 @@
|
||||||
<row>
|
<row>
|
||||||
<entry>Login caption</entry>
|
<entry>Login caption</entry>
|
||||||
|
|
||||||
<entry>This text is displayed on the login page inside the login
|
<entry>This text is displayed at the login page. You can input
|
||||||
mask.</entry>
|
HTML, too.</entry>
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Login footer</entry>
|
|
||||||
|
|
||||||
<entry>This text is displayed on the login page below the login
|
|
||||||
mask.</entry>
|
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Main page caption</entry>
|
<entry>Main page caption</entry>
|
||||||
|
|
||||||
<entry>This text is displayed on the self service main page
|
<entry>This text is displayed at self service main page where
|
||||||
where your users change their data.</entry>
|
your users change their data. You can input HTML, too.</entry>
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Main page footer</entry>
|
|
||||||
|
|
||||||
<entry>This text is displayed as footer on the self service main
|
|
||||||
page where your users change their data.</entry>
|
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
|
@ -304,7 +262,7 @@
|
||||||
|
|
||||||
<para/>
|
<para/>
|
||||||
|
|
||||||
<section id="selfservice_2fa">
|
<section>
|
||||||
<title>2-factor authentication</title>
|
<title>2-factor authentication</title>
|
||||||
|
|
||||||
<para>LAM supports 2-factor authentication for your users. This means
|
<para>LAM supports 2-factor authentication for your users. This means
|
||||||
|
@ -321,137 +279,11 @@
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><ulink url="https://www.yubico.com/">YubiKey</ulink></para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><ulink url="https://duo.com/">Duo</ulink></para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para><ulink
|
|
||||||
url="https://en.wikipedia.org/wiki/WebAuthn">Webauthn/FIDO2</ulink></para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para><emphasis role="bold">privacyIDEA</emphasis></para>
|
<para>By default LAM will enforce to use a token and reject users that
|
||||||
|
did not setup one. You can set this check to optional. But if a user
|
||||||
<itemizedlist>
|
has setup a token then this will always be required.</para>
|
||||||
<listitem>
|
|
||||||
<para>Base URL: please enter the URL of your privacyIDEA
|
|
||||||
instance</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>User name attribute: please enter the LDAP attribute name
|
|
||||||
that contains the user ID (e.g. "uid")</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Optional: By default LAM will enforce to use a token and
|
|
||||||
reject users that did not setup one. You can set this check to
|
|
||||||
optional. But if a user has setup a token then this will always be
|
|
||||||
required.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Disable certificate check: This should be used on
|
|
||||||
development instances only. It skips the certificate check when
|
|
||||||
connecting to verification server.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">YubiKey</emphasis></para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>Base URLs: please enter the URL(s) of your YubiKey
|
|
||||||
verification server(s). If you run a custom verification API such
|
|
||||||
as yubiserver then enter its URL (e.g.
|
|
||||||
http://www.example.com:8000/wsapi/2.0/verify). The URL needs to
|
|
||||||
end with "/wsapi/2.0/verify". For YubiKey cloud these are
|
|
||||||
"https://api.yubico.com/wsapi/2.0/verify",
|
|
||||||
"https://api2.yubico.com/wsapi/2.0/verify",
|
|
||||||
"https://api3.yubico.com/wsapi/2.0/verify",
|
|
||||||
"https://api4.yubico.com/wsapi/2.0/verify" and
|
|
||||||
"https://api5.yubico.com/wsapi/2.0/verify". Enter one URL per
|
|
||||||
line.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Client id: this is only required for YubiKey cloud. You can
|
|
||||||
register here: https://upgrade.yubico.com/getapikey/</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Secret key: this is only required for YubiKey cloud. You can
|
|
||||||
register here: https://upgrade.yubico.com/getapikey/</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Optional: By default LAM will enforce to use a token and
|
|
||||||
reject users that did not setup one. You can set this check to
|
|
||||||
optional. But if a user has setup a token then this will always be
|
|
||||||
required.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Disable certificate check: This should be used on
|
|
||||||
development instances only. It skips the certificate check when
|
|
||||||
connecting to verification server.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Duo</emphasis></para>
|
|
||||||
|
|
||||||
<para>This requires to register a new "Web SDK" application in your
|
|
||||||
Duo admin panel.</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>User name attribute: please enter the LDAP attribute name
|
|
||||||
that contains the user ID (e.g. "uid").</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Base URL: please enter the API-URL of your Duo instance
|
|
||||||
(e.g. api-12345.duosecurity.com).</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Client id: please enter your integration key.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Secret key: please enter your secret key.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Webauthn/FIDO2</emphasis></para>
|
|
||||||
|
|
||||||
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2
|
|
||||||
appendix</link> for an overview about Webauthn/FIDO2 in LAM.</para>
|
|
||||||
|
|
||||||
<para>Users will be asked to register a device during login if no
|
|
||||||
device is setup.</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>Domain: Please enter the WebAuthn domain. This is the public
|
|
||||||
domain of the web server (e.g. "example.com"). Do not include
|
|
||||||
protocol or port. Browsers will reject authentication if the
|
|
||||||
domain does not match the web server domain.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Optional: By default LAM will enforce to use a 2FA device
|
|
||||||
and reject users that do not setup one. You can set this check to
|
|
||||||
optional. But if a user has setup a device then this will always
|
|
||||||
be required.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -524,8 +356,7 @@
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para id="selfservice_fields"><emphasis role="bold">Possible input
|
<para><emphasis role="bold">Possible input fields</emphasis></para>
|
||||||
fields</emphasis></para>
|
|
||||||
|
|
||||||
<para>This is a list of input fields you may add to the self service
|
<para>This is a list of input fields you may add to the self service
|
||||||
page.</para>
|
page.</para>
|
||||||
|
@ -571,18 +402,6 @@
|
||||||
password each time the Unix password is changed.</entry>
|
password each time the Unix password is changed.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><inlinemediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/schema_groupOfNames.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</inlinemediaobject>Group of names</entry>
|
|
||||||
|
|
||||||
<entry>Group memberships (read-only)</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry><inlinemediaobject>
|
<entry><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -826,24 +645,6 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry morerows="1"><inlinemediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/schema_mailAlias.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</inlinemediaobject> Mail routing</entry>
|
|
||||||
|
|
||||||
<entry>Local address (read-only)</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Mail routing address (read-only)</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="4"><inlinemediaobject>
|
<entry morerows="4"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -887,18 +688,12 @@
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="1"><inlinemediaobject>
|
<entry><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
<imagedata fileref="images/schema_ssh.png"/>
|
<imagedata fileref="images/schema_ssh.png"/>
|
||||||
</imageobject>
|
</imageobject>
|
||||||
</inlinemediaobject> Shadow</entry>
|
</inlinemediaobject> Shadow</entry>
|
||||||
|
|
||||||
<entry>Account expiration date (read-only)</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Last password change (read-only)</entry>
|
<entry>Last password change (read-only)</entry>
|
||||||
|
|
||||||
<entry>Displays the date and time of the user's last password
|
<entry>Displays the date and time of the user's last password
|
||||||
|
@ -906,11 +701,11 @@
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="10"><inlinemediaobject>
|
<entry morerows="8"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
<imagedata fileref="images/schema_samba.png"/>
|
<imagedata fileref="images/schema_samba.png"/>
|
||||||
</imageobject>
|
</imageobject>
|
||||||
</inlinemediaobject> Windows (AD, AD LDS, Samba 4)</entry>
|
</inlinemediaobject> Windows</entry>
|
||||||
|
|
||||||
<entry>Password</entry>
|
<entry>Password</entry>
|
||||||
|
|
||||||
|
@ -923,12 +718,6 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Mail alias (read-only)</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Office name</entry>
|
<entry>Office name</entry>
|
||||||
|
|
||||||
|
@ -947,12 +736,6 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Proxy-Addresses (read-only)</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>State</entry>
|
<entry>State</entry>
|
||||||
|
|
||||||
|
@ -978,7 +761,7 @@
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="4"><inlinemediaobject>
|
<entry morerows="3"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
<imagedata fileref="images/schema_unix.png"/>
|
<imagedata fileref="images/schema_unix.png"/>
|
||||||
</imageobject>
|
</imageobject>
|
||||||
|
@ -989,12 +772,6 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry>Group memberships (read-only)</entry>
|
|
||||||
|
|
||||||
<entry/>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Login shell</entry>
|
<entry>Login shell</entry>
|
||||||
|
|
||||||
|
@ -1015,19 +792,6 @@
|
||||||
each time the Windows password is changed.</entry>
|
each time the Windows password is changed.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><inlinemediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/webauthn.png"/>
|
|
||||||
</imageobject>
|
|
||||||
</inlinemediaobject>Webauthn</entry>
|
|
||||||
|
|
||||||
<entry>Webauthn devices</entry>
|
|
||||||
|
|
||||||
<entry>Allows the user to manage his webauthn/FIDO2 security
|
|
||||||
keys.</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="1"><inlinemediaobject>
|
<entry morerows="1"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -1153,7 +917,7 @@
|
||||||
<para>To enable this feature please activate the checkbox "Enable
|
<para>To enable this feature please activate the checkbox "Enable
|
||||||
password self reset link".</para>
|
password self reset link".</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Hint:</emphasis> Please note that LAM Pro
|
<para><emphasis role="bold">Hint:</emphasis> Plese note that LAM Pro
|
||||||
uses security questions by default. Activate confirmation mails and then
|
uses security questions by default. Activate confirmation mails and then
|
||||||
deactivate security questions if you want to use only email
|
deactivate security questions if you want to use only email
|
||||||
validation.</para>
|
validation.</para>
|
||||||
|
@ -1166,35 +930,6 @@
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para>Identification method, used LDAP attributes:</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>Email: mail</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Employee number: employeeNumber</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Self service login attribute: same as configured on first tab
|
|
||||||
of self service profile</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>User name: uid</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>User name and email address: uid and mail</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>User name or email address: uid and mail</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para>You can now configure the minimum answer length for password reset
|
<para>You can now configure the minimum answer length for password reset
|
||||||
answers. This is checked when you allow you users to specify their
|
answers. This is checked when you allow you users to specify their
|
||||||
answers via the self service. Additionally, you can specify the text of
|
answers via the self service. Additionally, you can specify the text of
|
||||||
|
@ -1224,8 +959,10 @@
|
||||||
The mail can include the new password by using the special wildcard
|
The mail can include the new password by using the special wildcard
|
||||||
"@@newPassword@@". Additionally, you may want to insert other wildcards
|
"@@newPassword@@". Additionally, you may want to insert other wildcards
|
||||||
that are replaced by the corresponding LDAP attributes. E.g. "@@uid@@"
|
that are replaced by the corresponding LDAP attributes. E.g. "@@uid@@"
|
||||||
will be replaced by the user name. See <link
|
will be replaced by the user name. Please see <link
|
||||||
linkend="mailSetup">here</link> for setting up your SMTP server.</para>
|
linkend="mailEOL">email format option</link> in case of broken mails.
|
||||||
|
See <link linkend="mailSetup">here</link> for setting up your SMTP
|
||||||
|
server.</para>
|
||||||
|
|
||||||
<literallayout> </literallayout>
|
<literallayout> </literallayout>
|
||||||
|
|
||||||
|
@ -1400,14 +1137,9 @@
|
||||||
object class in each line. If you use LAM Pro password self reset
|
object class in each line. If you use LAM Pro password self reset
|
||||||
feature then do not forget to add "passwordSelfReset" here.</para>
|
feature then do not forget to add "passwordSelfReset" here.</para>
|
||||||
|
|
||||||
<para/>
|
|
||||||
|
|
||||||
<para><emphasis>Attributes:</emphasis> This is a list of additional
|
<para><emphasis>Attributes:</emphasis> This is a list of additional
|
||||||
attributes that the user can enter. Please note that user name, password
|
attributes that the user can enter. Please note that user name, password
|
||||||
and email address (attribute "mail") are mandatory anyway and need not
|
and email address are mandatory anyway and need not be specified.</para>
|
||||||
be specified. Just in case you use the legacy attribute "email" for
|
|
||||||
account it needs to be specified (attribute "mail" will then not be
|
|
||||||
shown).</para>
|
|
||||||
|
|
||||||
<para>Each line represents one LDAP attribute. The settings are
|
<para>Each line represents one LDAP attribute. The settings are
|
||||||
separated by "::". The first setting specifies the field type. The
|
separated by "::". The first setting specifies the field type. The
|
||||||
|
@ -1509,9 +1241,7 @@
|
||||||
url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is
|
url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is
|
||||||
optional, you can leave these options blank.</para>
|
optional, you can leave these options blank.</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Examples:</emphasis></para>
|
<para><emphasis role="bold">Example:</emphasis></para>
|
||||||
|
|
||||||
<para>Unix account:</para>
|
|
||||||
|
|
||||||
<para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please enter
|
<para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please enter
|
||||||
a valid first name.</para>
|
a valid first name.</para>
|
||||||
|
@ -1526,20 +1256,6 @@
|
||||||
<para>If you use the object class "inetOrgPerson" and do not provide the
|
<para>If you use the object class "inetOrgPerson" and do not provide the
|
||||||
"cn" attribute then LAM will set it to the user name value.</para>
|
"cn" attribute then LAM will set it to the user name value.</para>
|
||||||
|
|
||||||
<literallayout>
|
|
||||||
</literallayout>
|
|
||||||
|
|
||||||
<para>Active Directory/Samba4:</para>
|
|
||||||
|
|
||||||
<para>required::cn::Common Name::/^[[:alnum:] ]+$/u::Enter common
|
|
||||||
name.</para>
|
|
||||||
|
|
||||||
<para>constant::userPrincipalName::@@uid@@@samba4.test</para>
|
|
||||||
|
|
||||||
<para>constant::sAMAccountName::@@uid@@</para>
|
|
||||||
|
|
||||||
<para>constant::userAccountControl::512</para>
|
|
||||||
|
|
||||||
<literallayout>
|
<literallayout>
|
||||||
</literallayout>
|
</literallayout>
|
||||||
|
|
||||||
|
@ -1603,6 +1319,9 @@
|
||||||
valid for 24 hours. When he clicks on this link then the account will be
|
valid for 24 hours. When he clicks on this link then the account will be
|
||||||
created in the self service user suffix. The DN will look like this:
|
created in the self service user suffix. The DN will look like this:
|
||||||
<emphasis>uid=<user name>,...</emphasis></para>
|
<emphasis>uid=<user name>,...</emphasis></para>
|
||||||
|
|
||||||
|
<para>Please see <link linkend="mailEOL">email format option</link> in
|
||||||
|
case of broken mails.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
|
@ -1883,10 +1602,6 @@
|
||||||
<para>Attribute name: The values of this attribute will be used to build
|
<para>Attribute name: The values of this attribute will be used to build
|
||||||
the selection list.</para>
|
the selection list.</para>
|
||||||
|
|
||||||
<para>Display attributes: List of attributes to show as label for the
|
|
||||||
options in select box. Attribute wildcards are surrounded by "$", e.g.
|
|
||||||
"$cn$" will be replaced by "cn" attribute. Default is "$dn$".</para>
|
|
||||||
|
|
||||||
<para>Presentation:</para>
|
<para>Presentation:</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
|
@ -1945,7 +1660,7 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>§attribute|;§; attribute values separated by ";" (you can set
|
<para>§attribute|;§; attribute values separted by ";" (you can set
|
||||||
other separators if you want)</para>
|
other separators if you want)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
|
@ -192,7 +192,7 @@
|
||||||
|
|
||||||
<para>This will run the actions against your LDAP directory. You will see
|
<para>This will run the actions against your LDAP directory. You will see
|
||||||
which accounts are edited in the progress area and also if any errors
|
which accounts are edited in the progress area and also if any errors
|
||||||
occurred.</para>
|
occured.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -420,23 +420,6 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
|
||||||
<title id="tool_webauthn">Webauthn devices</title>
|
|
||||||
|
|
||||||
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2 appendix</link>
|
|
||||||
for an overview about Webauthn/FIDO2 in LAM.</para>
|
|
||||||
|
|
||||||
<para>Here you can manage your webauthn/FIDO2 devices.</para>
|
|
||||||
|
|
||||||
<para>You can register additional security devices and remove old ones. If
|
|
||||||
no more device is registered then LAM will ask you for registration on
|
|
||||||
next login.</para>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<graphic fileref="images/tool_webauthn1.png"/>
|
|
||||||
</screenshot>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Tests</title>
|
<title>Tests</title>
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-schema.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-schema.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-security.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-security.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-ldapConfig.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-ldapConfig.xml"/>
|
||||||
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-email.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-lamdaemon.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-lamdaemon.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-selfResetSchema.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-selfResetSchema.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-design.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-design.xml"/>
|
||||||
|
|
Before Width: | Height: | Size: 72 KiB After Width: | Height: | Size: 33 KiB |
Before Width: | Height: | Size: 16 KiB |
Before Width: | Height: | Size: 32 KiB |
Before Width: | Height: | Size: 16 KiB After Width: | Height: | Size: 4.5 KiB |
Before Width: | Height: | Size: 70 KiB After Width: | Height: | Size: 13 KiB |
Before Width: | Height: | Size: 35 KiB |
Before Width: | Height: | Size: 43 KiB After Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 78 KiB After Width: | Height: | Size: 39 KiB |
Before Width: | Height: | Size: 59 KiB After Width: | Height: | Size: 26 KiB |
Before Width: | Height: | Size: 56 KiB |
Before Width: | Height: | Size: 70 KiB |
Before Width: | Height: | Size: 47 KiB |
Before Width: | Height: | Size: 39 KiB |
Before Width: | Height: | Size: 80 KiB |
Before Width: | Height: | Size: 156 KiB |
Before Width: | Height: | Size: 60 KiB |
Before Width: | Height: | Size: 52 KiB |
Before Width: | Height: | Size: 51 KiB |
Before Width: | Height: | Size: 53 KiB |
Before Width: | Height: | Size: 43 KiB |
Before Width: | Height: | Size: 37 KiB |
Before Width: | Height: | Size: 25 KiB |
Before Width: | Height: | Size: 45 KiB |
Before Width: | Height: | Size: 44 KiB |
Before Width: | Height: | Size: 46 KiB |
Before Width: | Height: | Size: 62 KiB |
Before Width: | Height: | Size: 810 B |
|
@ -5,7 +5,7 @@
|
||||||
<title>Overview</title>
|
<title>Overview</title>
|
||||||
|
|
||||||
<para>LDAP Account Manager (LAM) manages user, group and host accounts in an
|
<para>LDAP Account Manager (LAM) manages user, group and host accounts in an
|
||||||
LDAP directory. LAM runs on any webserver with PHP7 support and connects to
|
LDAP directory. LAM runs on any webserver with PHP5 support and connects to
|
||||||
your LDAP server unencrypted or via SSL/TLS.</para>
|
your LDAP server unencrypted or via SSL/TLS.</para>
|
||||||
|
|
||||||
<para>LAM supports Samba 3/4, Unix, Kopano, Kolab 3, address book entries,
|
<para>LAM supports Samba 3/4, Unix, Kopano, Kolab 3, address book entries,
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
|
url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
|
||||||
|
|
||||||
<para>Copyright (C) 2003 - 2020 Roland Gruber
|
<para>Copyright (C) 2003 - 2018 Roland Gruber
|
||||||
<post@rolandgruber.de></para>
|
<post@rolandgruber.de></para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Key features:</emphasis></para>
|
<para><emphasis role="bold">Key features:</emphasis></para>
|
||||||
|
@ -63,7 +63,7 @@
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>PHP (>= 7.0.0)</para>
|
<para>PHP (>= 5.6.0)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2009 - 2020 Roland Gruber
|
Copyright (C) 2009 - 2016 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -109,6 +109,4 @@ pre.programlisting {
|
||||||
background-color:#f3f2f1;
|
background-color:#f3f2f1;
|
||||||
}
|
}
|
||||||
|
|
||||||
img {
|
|
||||||
max-width: 100%;
|
|
||||||
}
|
|
||||||
|
|
|
@ -331,7 +331,7 @@ attributetype ( 2.16.840.1.113719.1.203.4.55
|
||||||
attributetype ( 2.16.840.1.113719.1.203.4.56
|
attributetype ( 2.16.840.1.113719.1.203.4.56
|
||||||
NAME 'dhcpComments'
|
NAME 'dhcpComments'
|
||||||
EQUALITY caseIgnoreIA5Match
|
EQUALITY caseIgnoreIA5Match
|
||||||
DESC 'Generic attribute that allows comments within any DHCP object'
|
DESC 'Generic attribute that allows coments within any DHCP object'
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
|
||||||
# Classes
|
# Classes
|
||||||
|
|
|
@ -18,5 +18,3 @@
|
||||||
/view.png
|
/view.png
|
||||||
/zarafa*.png
|
/zarafa*.png
|
||||||
/kopano*.png
|
/kopano*.png
|
||||||
/ngroup.png
|
|
||||||
/nuser.png
|
|
||||||
|
|
Before Width: | Height: | Size: 2.7 KiB |
Before Width: | Height: | Size: 856 B After Width: | Height: | Size: 856 B |
Before Width: | Height: | Size: 8.8 KiB |
Before Width: | Height: | Size: 39 KiB |
Before Width: | Height: | Size: 1.1 KiB After Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 810 B |
Before Width: | Height: | Size: 27 KiB |
Before Width: | Height: | Size: 3.4 KiB |
|
@ -5,7 +5,7 @@ use \LAM\TYPES\TypeManager;
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Michael Duergner
|
Copyright (C) 2003 - 2006 Michael Duergner
|
||||||
2003 - 2020 Roland Gruber
|
2003 - 2018 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -73,7 +73,7 @@ $helpArray = array (
|
||||||
":</b><br><br>" .
|
":</b><br><br>" .
|
||||||
_("When using ldaps:// or TLS be sure to use exactly the same IP/domain name as in your certificate!")),
|
_("When using ldaps:// or TLS be sure to use exactly the same IP/domain name as in your certificate!")),
|
||||||
"202" => array ("Headline" => _("LDAP suffix"),
|
"202" => array ("Headline" => _("LDAP suffix"),
|
||||||
"Text" => _("This is the suffix of the LDAP tree from where to search for LDAP entries. Only entries in this subtree will be displayed in the account list. When creating a new account this will be the DN where it is saved.") .
|
"Text" => _("This is the suffix of the LDAP tree from where to search for LDAP entries. Only entries in this subtree will be displayed in the account list. When creating a new accont this will be the DN where it is saved.") .
|
||||||
"<br><br><b>".
|
"<br><br><b>".
|
||||||
_("Example").
|
_("Example").
|
||||||
":</b><br><br>".
|
":</b><br><br>".
|
||||||
|
@ -120,7 +120,7 @@ $helpArray = array (
|
||||||
"218" => array ("Headline" => _("Script servers"),
|
"218" => array ("Headline" => _("Script servers"),
|
||||||
"Text" => _("This is a list of the servers where the lamdaemon scripts are stored. LDAP Account Manager will make a SSH connection to the servers with the user name and password provided at login. Multiple servers are separated by semicolons. You can append a descriptive name after a colon.") . "<br>"
|
"Text" => _("This is a list of the servers where the lamdaemon scripts are stored. LDAP Account Manager will make a SSH connection to the servers with the user name and password provided at login. Multiple servers are separated by semicolons. You can append a descriptive name after a colon.") . "<br>"
|
||||||
. _("If your server runs on another port then add a comma and the port number after the server.") . "<br><br>"
|
. _("If your server runs on another port then add a comma and the port number after the server.") . "<br><br>"
|
||||||
. _("Examples") . ": <br><b>my.server.name<br>127.0.0.1:LOCAL;192.168.0.2,12345:Servername<br>my.server.name:SERVER:/prefix</b>"),
|
. _("Example") . ": <b>127.0.0.1:LOCAL;192.168.0.2,12345:Servername;192.168.0.5</b>"),
|
||||||
"219" => array ("Headline" => _("Rights for the home directory"),
|
"219" => array ("Headline" => _("Rights for the home directory"),
|
||||||
"Text" => _("This defines the rights for the home directories which are created by lamdaemon.")),
|
"Text" => _("This defines the rights for the home directories which are created by lamdaemon.")),
|
||||||
"220" => array ("Headline" => _("Login method"),
|
"220" => array ("Headline" => _("Login method"),
|
||||||
|
@ -133,8 +133,6 @@ $helpArray = array (
|
||||||
"Text" => _("If enabled then LAM will use user and password that is provided by the web server via HTTP authentication.")),
|
"Text" => _("If enabled then LAM will use user and password that is provided by the web server via HTTP authentication.")),
|
||||||
"224" => array ("Headline" => _("Bind user and password"),
|
"224" => array ("Headline" => _("Bind user and password"),
|
||||||
"Text" => _("Here you can specify the DN and password of the bind user that will be used for the LDAP search. This is required if your LDAP server does not allow anonymous access.")),
|
"Text" => _("Here you can specify the DN and password of the bind user that will be used for the LDAP search. This is required if your LDAP server does not allow anonymous access.")),
|
||||||
"225" => array ("Headline" => _('Base URL'),
|
|
||||||
"Text" => _("Please enter the base URL of your webserver (e.g. https://www.example.com). This is used to generate links in emails.")),
|
|
||||||
"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
|
"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
|
||||||
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
|
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
|
||||||
"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),
|
"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),
|
||||||
|
@ -154,13 +152,15 @@ $helpArray = array (
|
||||||
"238" => array ("Headline" => _("Session timeout"),
|
"238" => array ("Headline" => _("Session timeout"),
|
||||||
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
|
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
|
||||||
"239" => array ("Headline" => _("Log level"),
|
"239" => array ("Headline" => _("Log level"),
|
||||||
"Text" => _("Please select your preferred log level. Messages with a lower level will not be logged.")),
|
"Text" => _("Please select your prefered log level. Messages with a lower level will not be logged.")),
|
||||||
"240" => array ("Headline" => _("Log destination"),
|
"240" => array ("Headline" => _("Log destination"),
|
||||||
"Text" => _("Here you can select where LAM should save its log messages. System logging will go to Syslog on Unix systems and event log on Windows. You can also select an extra file.")),
|
"Text" => _("Here you can select where LAM should save its log messages. System logging will go to Syslog on Unix systems and event log on Windows. You can also select an extra file.")),
|
||||||
"241" => array ("Headline" => _("Allowed hosts"),
|
"241" => array ("Headline" => _("Allowed hosts"),
|
||||||
"Text" => _("This is a list of IP addresses from hosts who may access LAM. You can use \"*\" as wildcard (e.g. 192.168.0.*).")),
|
"Text" => _("This is a list of IP addresses from hosts who may access LAM. You can use \"*\" as wildcard (e.g. 192.168.0.*).")),
|
||||||
"242" => array ("Headline" => _("Password policy"),
|
"242" => array ("Headline" => _("Password policy"),
|
||||||
"Text" => _("Here you can specify minimum requirements for passwords. The character classes are: lowercase, uppercase, numeric and symbols.")),
|
"Text" => _("Here you can specify minimum requirements for passwords. The character classes are: lowercase, uppercase, numeric and symbols.")),
|
||||||
|
"243" => array ("Headline" => _('Email format'),
|
||||||
|
"Text" => _('Please change this setting only if you experience problems in receiving emails from LAM. This defines the line ending of emails.')),
|
||||||
"244" => array ("Headline" => _('PHP error reporting'),
|
"244" => array ("Headline" => _('PHP error reporting'),
|
||||||
"Text" => _('Defines if the PHP error reporting setting from php.ini is used or the setting preferred by LAM ("E_ALL & ~E_NOTICE"). If you do not develop LAM modules please use the default. This will prevent displaying messages that are useful only for developers.')),
|
"Text" => _('Defines if the PHP error reporting setting from php.ini is used or the setting preferred by LAM ("E_ALL & ~E_NOTICE"). If you do not develop LAM modules please use the default. This will prevent displaying messages that are useful only for developers.')),
|
||||||
"245" => array ("Headline" => _('Encrypt session'),
|
"245" => array ("Headline" => _('Encrypt session'),
|
||||||
|
@ -175,16 +175,6 @@ $helpArray = array (
|
||||||
"Text" => _('Please specify the URL (e.g. "https://api.pwnedpasswords.com/range/{SHA1PREFIX}") of your external password check.')),
|
"Text" => _('Please specify the URL (e.g. "https://api.pwnedpasswords.com/range/{SHA1PREFIX}") of your external password check.')),
|
||||||
"250" => array ("Headline" => _("Filter"),
|
"250" => array ("Headline" => _("Filter"),
|
||||||
"Text" => _("Here you can input simple filter expressions (e.g. 'value' or 'v*'). The filter is case-insensitive.")),
|
"Text" => _("Here you can input simple filter expressions (e.g. 'value' or 'v*'). The filter is case-insensitive.")),
|
||||||
"251" => array ("Headline" => _("Remote server"),
|
|
||||||
"Text" => _("Please enter the syslog remote server in format \"server:port\".")),
|
|
||||||
"252" => array ("Headline" => _("User DN"),
|
|
||||||
"Text" => _("Please enter a part of the user's DN to search for registered devices.")),
|
|
||||||
"253" => array ("Headline" => _("Mail server"),
|
|
||||||
"Text" => _("Please enter the server name and port of your SMTP server (e.g. localhost:25). If this setting is left empty then LAM will try to use a locally installed mail server. The server must support TLS.")),
|
|
||||||
"254" => array ("Headline" => _("User name"),
|
|
||||||
"Text" => _("SMTP user name")),
|
|
||||||
"255" => array ("Headline" => _("Password"),
|
|
||||||
"Text" => _("SMTP password")),
|
|
||||||
"260" => array ("Headline" => _("Additional LDAP filter"),
|
"260" => array ("Headline" => _("Additional LDAP filter"),
|
||||||
"Text" => _('Use this to enter an additional LDAP filter (e.g. "(cn!=admin)") to reduce the number of visible elements for this account type.')
|
"Text" => _('Use this to enter an additional LDAP filter (e.g. "(cn!=admin)") to reduce the number of visible elements for this account type.')
|
||||||
. ' ' . _('You can use the wildcard @@LOGIN_DN@@ which will be substituted with the DN of the user who is currently logged in to LAM.')
|
. ' ' . _('You can use the wildcard @@LOGIN_DN@@ which will be substituted with the DN of the user who is currently logged in to LAM.')
|
||||||
|
@ -237,16 +227,6 @@ $helpArray = array (
|
||||||
"Text" => _('Password to unlock SSH key file.')),
|
"Text" => _('Password to unlock SSH key file.')),
|
||||||
'287' => array ("Headline" => _('Licence'),
|
'287' => array ("Headline" => _('Licence'),
|
||||||
"Text" => _('Please enter your licence key.')),
|
"Text" => _('Please enter your licence key.')),
|
||||||
'288' => array ("Headline" => _('Expiration warning'),
|
|
||||||
"Text" => _('Please select how to be warned before your licence expires.')),
|
|
||||||
'289' => array ("Headline" => _('From address'),
|
|
||||||
"Text" => _('This email address will be set as sender address of the mails.')),
|
|
||||||
'290' => array ("Headline" => _('TO address'),
|
|
||||||
"Text" => _('This email address will be set as TO address for the mails.')),
|
|
||||||
"291" => array ("Headline" => _('Hide password prompt for expired password'),
|
|
||||||
"Text" => _('Hides the password prompt when a user with expired password logs into LAM.')),
|
|
||||||
"292" => array ("Headline" => _('DN part to hide'),
|
|
||||||
"Text" => _('Hides the given part of the DN when displaying a DN. E.g. if you set this to "dc=example,dc=com" then "ou=department,dc=example,dc=com" will be displayed as "ou=department". Use this if you have very long DNs.')),
|
|
||||||
// 300 - 399
|
// 300 - 399
|
||||||
// profile editor, file upload
|
// profile editor, file upload
|
||||||
"301" => array ("Headline" => _("RDN identifier"),
|
"301" => array ("Headline" => _("RDN identifier"),
|
||||||
|
@ -263,8 +243,6 @@ $helpArray = array (
|
||||||
"Text" => _("Here you can export account profiles to other server profiles (overwrite existing). You may also export a profile to the global templates. In this case it will always be copied to all server profiles that do not yet have a profile with this name.")),
|
"Text" => _("Here you can export account profiles to other server profiles (overwrite existing). You may also export a profile to the global templates. In this case it will always be copied to all server profiles that do not yet have a profile with this name.")),
|
||||||
// 400 - 499
|
// 400 - 499
|
||||||
// account pages
|
// account pages
|
||||||
"400" => array ("Headline" => _("DN suffix") . '/' . _("RDN identifier"),
|
|
||||||
"Text" => _("The account will be saved under this LDAP suffix.") . '<br><br>' . _("This is the identifier for the relative DN value. It must be one of the given allowed LDAP attributes (e.g. user accounts usually use \"uid\" while groups use \"cn\").")),
|
|
||||||
"401" => array ("Headline" => _("Load profile"),
|
"401" => array ("Headline" => _("Load profile"),
|
||||||
"Text" => _("Here you can load an account profile to set default settings for your account. The \"default\" profile is automatically loaded for new accounts.")),
|
"Text" => _("Here you can load an account profile to set default settings for your account. The \"default\" profile is automatically loaded for new accounts.")),
|
||||||
"403" => array ("Headline" => _("Create PDF file"),
|
"403" => array ("Headline" => _("Create PDF file"),
|
||||||
|
@ -317,8 +295,6 @@ $helpArray = array (
|
||||||
"Text" => _('You can enable 2-factor authentication here (e.g. via mobile device).')),
|
"Text" => _('You can enable 2-factor authentication here (e.g. via mobile device).')),
|
||||||
"515" => array ("Headline" => _('Base URL'),
|
"515" => array ("Headline" => _('Base URL'),
|
||||||
"Text" => _('URL of external 2-factor authentication service.')),
|
"Text" => _('URL of external 2-factor authentication service.')),
|
||||||
"515a" => array ("Headline" => _('Base URLs'),
|
|
||||||
"Text" => _('URLs of external 2-factor authentication service. Enter one per line.')),
|
|
||||||
"516" => array ("Headline" => _('Disable certificate check'),
|
"516" => array ("Headline" => _('Disable certificate check'),
|
||||||
"Text" => _('This will disable the check of the SSL certificates for the 2-factor authentication service. Not recommended for production usage.')),
|
"Text" => _('This will disable the check of the SSL certificates for the 2-factor authentication service. Not recommended for production usage.')),
|
||||||
"517" => array ("Headline" => _('Label'),
|
"517" => array ("Headline" => _('Label'),
|
||||||
|
@ -335,18 +311,6 @@ $helpArray = array (
|
||||||
"Text" => _('Protect the self service login with a captcha.')),
|
"Text" => _('Protect the self service login with a captcha.')),
|
||||||
"523" => array ("Headline" => _('Base color'),
|
"523" => array ("Headline" => _('Base color'),
|
||||||
"Text" => _('Background color for self service pages.')),
|
"Text" => _('Background color for self service pages.')),
|
||||||
"524" => array ("Headline" => _('Client id'),
|
|
||||||
"Text" => _('Please enter your client id for the verification API.')),
|
|
||||||
"525" => array ("Headline" => _('Secret key'),
|
|
||||||
"Text" => _('Please enter your secret key for the verification API.')),
|
|
||||||
"526" => array ("Headline" => _('Login footer'),
|
|
||||||
"Text" => _('This text is displayed as footer on the self service login page.')),
|
|
||||||
"527" => array ("Headline" => _('Main page footer'),
|
|
||||||
"Text" => _('This text is displayed as footer on the self service main page.')),
|
|
||||||
"528" => array ("Headline" => _('User name attribute'),
|
|
||||||
"Text" => _('The attribute (e.g. "uid") that contains the user name for the 2-factor service.')),
|
|
||||||
"529" => array ("Headline" => _('Domain'),
|
|
||||||
"Text" => _('Please enter the WebAuthn domain. This is the public domain of the webserver (e.g. "example.com"). Do not include protocol or port.')),
|
|
||||||
"550" => array ("Headline" => _("From address"),
|
"550" => array ("Headline" => _("From address"),
|
||||||
"Text" => _("This email address will be set as sender address of all password mails. If empty the system default (php.ini) will be used.")),
|
"Text" => _("This email address will be set as sender address of all password mails. If empty the system default (php.ini) will be used.")),
|
||||||
"551" => array ("Headline" => _("Subject"),
|
"551" => array ("Headline" => _("Subject"),
|
||||||
|
@ -383,7 +347,7 @@ $helpArray = array (
|
||||||
"751" => array ("Headline" => _('Base DN'),
|
"751" => array ("Headline" => _('Base DN'),
|
||||||
"Text" => _('The export will read entries of this DN.')),
|
"Text" => _('The export will read entries of this DN.')),
|
||||||
"752" => array ("Headline" => _('Search filter'),
|
"752" => array ("Headline" => _('Search filter'),
|
||||||
"Text" => _('Please enter an LDAP filter to specify the exported entries.')),
|
"Text" => _('Please enter an LDAP filter to specifiy the exported entries.')),
|
||||||
"753" => array ("Headline" => _('Attributes'),
|
"753" => array ("Headline" => _('Attributes'),
|
||||||
"Text" => _('Please enter a comma separated list of attributes to export. Using "*" will export all attributes.')),
|
"Text" => _('Please enter a comma separated list of attributes to export. Using "*" will export all attributes.')),
|
||||||
"754" => array ("Headline" => _('Include system attributes'),
|
"754" => array ("Headline" => _('Include system attributes'),
|
||||||
|
@ -392,7 +356,7 @@ $helpArray = array (
|
||||||
// jobs
|
// jobs
|
||||||
'800' => array(
|
'800' => array(
|
||||||
"Headline" => _('From address'),
|
"Headline" => _('From address'),
|
||||||
"Text" => _('This email address will be set as sender address of the mails.')
|
"Text" => _('This email address will be set as sender address of all mails. If empty the system default (php.ini) will be used.')
|
||||||
),
|
),
|
||||||
'801' => array(
|
'801' => array(
|
||||||
"Headline" => _('Reply-to address'),
|
"Headline" => _('Reply-to address'),
|
||||||
|
@ -432,16 +396,6 @@ $helpArray = array (
|
||||||
"Headline" => _('Target DN'),
|
"Headline" => _('Target DN'),
|
||||||
"Text" => _('The expired accounts will be moved to this DN.')
|
"Text" => _('The expired accounts will be moved to this DN.')
|
||||||
),
|
),
|
||||||
'810' => array(
|
|
||||||
"Headline" => _('Text'),
|
|
||||||
"Text" => _('The mail text of all mails.') .
|
|
||||||
_('You can use wildcards for LDAP attributes in the form @@attribute@@ (e.g. @@uid@@ for the user name).')
|
|
||||||
. ' ' . _('The managed groups need to be added with @@LAM_MANAGED_GROUPS@@.')
|
|
||||||
),
|
|
||||||
'811' => array(
|
|
||||||
"Headline" => _('Period'),
|
|
||||||
"Text" => _('This defines how often the email is sent (e.g. each month).')
|
|
||||||
),
|
|
||||||
);
|
);
|
||||||
|
|
||||||
/* This is a sample help entry. Just copy this line an modify the values between the [] brackets.
|
/* This is a sample help entry. Just copy this line an modify the values between the [] brackets.
|
||||||
|
|
|
@ -1,23 +1,11 @@
|
||||||
<?php
|
<?php
|
||||||
namespace LAM\LIB\TWO_FACTOR;
|
namespace LAM\LIB\TWO_FACTOR;
|
||||||
use \htmlResponsiveRow;
|
|
||||||
use \LAM\LOGIN\WEBAUTHN\WebauthnManager;
|
|
||||||
use \selfServiceProfile;
|
use \selfServiceProfile;
|
||||||
use \LAMConfig;
|
use \LAMConfig;
|
||||||
use \htmlScript;
|
|
||||||
use \htmlIframe;
|
|
||||||
use \htmlImage;
|
|
||||||
use \htmlButton;
|
|
||||||
use \htmlJavaScript;
|
|
||||||
use \htmlStatusMessage;
|
|
||||||
use \htmlOutputText;
|
|
||||||
use \htmlDiv;
|
|
||||||
use \LAMException;
|
|
||||||
use \Webauthn\PublicKeyCredentialCreationOptions;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2017 - 2020 Roland Gruber
|
Copyright (C) 2017 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -48,7 +36,6 @@ interface TwoFactorProvider {
|
||||||
*
|
*
|
||||||
* @param string $user user name
|
* @param string $user user name
|
||||||
* @param string $password password
|
* @param string $password password
|
||||||
* @return string[] serials
|
|
||||||
* @throws \Exception error getting serials
|
* @throws \Exception error getting serials
|
||||||
*/
|
*/
|
||||||
public function getSerials($user, $password);
|
public function getSerials($user, $password);
|
||||||
|
@ -65,87 +52,14 @@ interface TwoFactorProvider {
|
||||||
*/
|
*/
|
||||||
public function verify2ndFactor($user, $password, $serial, $twoFactorInput);
|
public function verify2ndFactor($user, $password, $serial, $twoFactorInput);
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns if the service has a custom input form.
|
|
||||||
* In this case the token field is not displayed.
|
|
||||||
*
|
|
||||||
* @return has custom input form
|
|
||||||
*/
|
|
||||||
public function hasCustomInputForm();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Adds the custom input fields to the form.
|
|
||||||
*
|
|
||||||
* @param htmlResponsiveRow $row row where to add the input fields
|
|
||||||
* @param string user DN
|
|
||||||
*/
|
|
||||||
public function addCustomInput(&$row, $userDn);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns if the submit button should be shown.
|
|
||||||
*
|
|
||||||
* @return bool show submit button
|
|
||||||
*/
|
|
||||||
public function isShowSubmitButton();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Base class for 2-factor authentication providers.
|
|
||||||
*
|
|
||||||
* @author Roland Gruber
|
|
||||||
*/
|
|
||||||
abstract class BaseProvider implements TwoFactorProvider {
|
|
||||||
|
|
||||||
protected $config;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::hasCustomInputForm()
|
|
||||||
*/
|
|
||||||
public function hasCustomInputForm() {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::addCustomInput()
|
|
||||||
*/
|
|
||||||
public function addCustomInput(&$row, $userDn) {
|
|
||||||
// must be filled by subclass if used
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the value of the user attribute in LDAP.
|
|
||||||
*
|
|
||||||
* @param string $userDn user DN
|
|
||||||
* @return string user name
|
|
||||||
*/
|
|
||||||
protected function getLoginAttributeValue($userDn) {
|
|
||||||
$attrName = $this->config->twoFactorAuthenticationSerialAttributeName;
|
|
||||||
$userData = ldapGetDN($userDn, array($attrName));
|
|
||||||
if (empty($userData[$attrName])) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
if (is_array($userData[$attrName])) {
|
|
||||||
return $userData[$attrName][0];
|
|
||||||
}
|
|
||||||
return $userData[$attrName];
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::isShowSubmitButton()
|
|
||||||
*/
|
|
||||||
public function isShowSubmitButton() {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Provider for privacyIDEA.
|
* Provider for privacyIDEA.
|
||||||
*/
|
*/
|
||||||
class PrivacyIDEAProvider extends BaseProvider {
|
class PrivacyIDEAProvider implements TwoFactorProvider {
|
||||||
|
|
||||||
|
private $config;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
|
@ -162,9 +76,8 @@ class PrivacyIDEAProvider extends BaseProvider {
|
||||||
*/
|
*/
|
||||||
public function getSerials($user, $password) {
|
public function getSerials($user, $password) {
|
||||||
logNewMessage(LOG_DEBUG, 'PrivacyIDEAProvider: Getting serials for ' . $user);
|
logNewMessage(LOG_DEBUG, 'PrivacyIDEAProvider: Getting serials for ' . $user);
|
||||||
$loginAttribute = $this->getLoginAttributeValue($user);
|
$token = $this->authenticate($user, $password);
|
||||||
$token = $this->authenticate($loginAttribute, $password);
|
return $this->getSerialsForUser($user, $token);
|
||||||
return $this->getSerialsForUser($loginAttribute, $token);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -173,8 +86,7 @@ class PrivacyIDEAProvider extends BaseProvider {
|
||||||
*/
|
*/
|
||||||
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
|
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
|
||||||
logNewMessage(LOG_DEBUG, 'PrivacyIDEAProvider: Checking 2nd factor for ' . $user);
|
logNewMessage(LOG_DEBUG, 'PrivacyIDEAProvider: Checking 2nd factor for ' . $user);
|
||||||
$loginAttribute = $this->getLoginAttributeValue($user);
|
$token = $this->authenticate($user, $password);
|
||||||
$token = $this->authenticate($loginAttribute, $password);
|
|
||||||
return $this->verify($token, $serial, $twoFactorInput);
|
return $this->verify($token, $serial, $twoFactorInput);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -239,7 +151,6 @@ class PrivacyIDEAProvider extends BaseProvider {
|
||||||
*
|
*
|
||||||
* @param string $user user name
|
* @param string $user user name
|
||||||
* @param string $token login token
|
* @param string $token login token
|
||||||
* @return string[] serials
|
|
||||||
* @throws \Exception error during serial reading
|
* @throws \Exception error during serial reading
|
||||||
*/
|
*/
|
||||||
private function getSerialsForUser($user, $token) {
|
private function getSerialsForUser($user, $token) {
|
||||||
|
@ -302,318 +213,14 @@ class PrivacyIDEAProvider extends BaseProvider {
|
||||||
if (($status == 'true') && ($value == 'true')) {
|
if (($status == 'true') && ($value == 'true')) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
$errCode = isset($output->result->error) && isset($output->result->error->code) ? $output->result->error->code : '';
|
||||||
|
$errMessage = isset($output->result->error) && isset($output->result->error->message) ? $output->result->error->message : '';
|
||||||
logNewMessage(LOG_DEBUG, "Unable to verify token: " . print_r($output, true));
|
logNewMessage(LOG_DEBUG, "Unable to verify token: " . print_r($output, true));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Authentication via YubiKeys.
|
|
||||||
*
|
|
||||||
* @author Roland Gruber
|
|
||||||
*/
|
|
||||||
class YubicoProvider extends BaseProvider {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructor.
|
|
||||||
*
|
|
||||||
* @param TwoFactorConfiguration $config configuration
|
|
||||||
*/
|
|
||||||
public function __construct(&$config) {
|
|
||||||
$this->config = $config;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::getSerials()
|
|
||||||
*/
|
|
||||||
public function getSerials($user, $password) {
|
|
||||||
$keyAttributeName = strtolower($this->config->twoFactorAuthenticationSerialAttributeName);
|
|
||||||
if (isset($_SESSION['selfService_clientDN'])) {
|
|
||||||
$loginDn = lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService');
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$loginDn = $_SESSION['ldap']->getUserName();
|
|
||||||
}
|
|
||||||
$handle = getLDAPServerHandle();
|
|
||||||
$ldapData = ldapGetDN($loginDn, array($keyAttributeName), $handle);
|
|
||||||
if (empty($ldapData[$keyAttributeName])) {
|
|
||||||
return array();
|
|
||||||
}
|
|
||||||
return array(implode(', ', $ldapData[$keyAttributeName]));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::verify2ndFactor()
|
|
||||||
*/
|
|
||||||
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
|
|
||||||
include_once(__DIR__ . "/3rdParty/yubico/Yubico.php");
|
|
||||||
$serialData = $this->getSerials($user, $password);
|
|
||||||
if (empty($serialData)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$serials = explode(', ', $serialData[0]);
|
|
||||||
$serialMatched = false;
|
|
||||||
foreach ($serials as $serial) {
|
|
||||||
if (strpos($twoFactorInput, $serial) === 0) {
|
|
||||||
$serialMatched = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (!$serialMatched) {
|
|
||||||
throw new \Exception(_('YubiKey id does not match allowed list of key ids.'));
|
|
||||||
}
|
|
||||||
$urls = $this->config->twoFactorAuthenticationURL;
|
|
||||||
shuffle($urls);
|
|
||||||
$httpsverify = !$this->config->twoFactorAuthenticationInsecure;
|
|
||||||
$clientId = $this->config->twoFactorAuthenticationClientId;
|
|
||||||
$secretKey = $this->config->twoFactorAuthenticationSecretKey;
|
|
||||||
foreach ($urls as $url) {
|
|
||||||
try {
|
|
||||||
$auth = new \Auth_Yubico($clientId, $secretKey, $url, $httpsverify);
|
|
||||||
$auth->verify($twoFactorInput);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
catch (LAMException $e) {
|
|
||||||
logNewMessage(LOG_DEBUG, 'Unable to verify 2FA: ' . $e->getMessage());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Provider for DUO.
|
|
||||||
*/
|
|
||||||
class DuoProvider extends BaseProvider {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructor.
|
|
||||||
*
|
|
||||||
* @param TwoFactorConfiguration $config configuration
|
|
||||||
*/
|
|
||||||
public function __construct(&$config) {
|
|
||||||
$this->config = $config;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::getSerials()
|
|
||||||
*/
|
|
||||||
public function getSerials($user, $password) {
|
|
||||||
return array('DUO');
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::isShowSubmitButton()
|
|
||||||
*/
|
|
||||||
public function isShowSubmitButton() {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::hasCustomInputForm()
|
|
||||||
*/
|
|
||||||
public function hasCustomInputForm() {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\BaseProvider::addCustomInput()
|
|
||||||
*/
|
|
||||||
public function addCustomInput(&$row, $userDn) {
|
|
||||||
$loginAttribute = $this->getLoginAttributeValue($userDn);
|
|
||||||
$aKey = $this->getAKey();
|
|
||||||
include_once(__DIR__ . "/3rdParty/duo/Web.php");
|
|
||||||
$signedRequest = \Duo\Web::signRequest($this->config->twoFactorAuthenticationClientId,
|
|
||||||
$this->config->twoFactorAuthenticationSecretKey,
|
|
||||||
$aKey,
|
|
||||||
$loginAttribute);
|
|
||||||
if ($this->config->isSelfService) {
|
|
||||||
$row->add(new htmlScript("../lib/extra/duo/Duo-Web-v2.js", false, false), 12);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$row->add(new htmlScript("lib/extra/duo/Duo-Web-v2.js", false, false), 12);
|
|
||||||
}
|
|
||||||
$iframe = new htmlIframe('duo_iframe');
|
|
||||||
$iframe->addDataAttribute('host', $this->config->twoFactorAuthenticationURL);
|
|
||||||
$iframe->addDataAttribute('sig-request', $signedRequest);
|
|
||||||
$row->add($iframe, 12);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the aKey.
|
|
||||||
*
|
|
||||||
* @return String aKey
|
|
||||||
*/
|
|
||||||
private function getAKey() {
|
|
||||||
if (empty($_SESSION['duo_akey'])) {
|
|
||||||
$_SESSION['duo_akey'] = generateRandomPassword(40);
|
|
||||||
}
|
|
||||||
return $_SESSION['duo_akey'];
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::verify2ndFactor()
|
|
||||||
*/
|
|
||||||
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
|
|
||||||
logNewMessage(LOG_DEBUG, 'DuoProvider: Checking 2nd factor for ' . $user);
|
|
||||||
$loginAttribute = $this->getLoginAttributeValue($user);
|
|
||||||
$response = $_POST['sig_response'];
|
|
||||||
include_once(__DIR__ . "/3rdParty/duo/Web.php");
|
|
||||||
$result = \Duo\Web::verifyResponse(
|
|
||||||
$this->config->twoFactorAuthenticationClientId,
|
|
||||||
$this->config->twoFactorAuthenticationSecretKey,
|
|
||||||
$this->getAKey(),
|
|
||||||
$response);
|
|
||||||
if ($result === $loginAttribute) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
logNewMessage(LOG_ERR, 'DUO authentication failed');
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Provider for Webauthn.
|
|
||||||
*/
|
|
||||||
class WebauthnProvider extends BaseProvider {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructor.
|
|
||||||
*
|
|
||||||
* @param TwoFactorConfiguration $config configuration
|
|
||||||
*/
|
|
||||||
public function __construct($config) {
|
|
||||||
$this->config = $config;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::getSerials()
|
|
||||||
*/
|
|
||||||
public function getSerials($user, $password) {
|
|
||||||
return array('WEBAUTHN');
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::isShowSubmitButton()
|
|
||||||
*/
|
|
||||||
public function isShowSubmitButton() {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::hasCustomInputForm()
|
|
||||||
*/
|
|
||||||
public function hasCustomInputForm() {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\BaseProvider::addCustomInput()
|
|
||||||
*/
|
|
||||||
public function addCustomInput(&$row, $userDn) {
|
|
||||||
if (version_compare(phpversion(), '7.2.0') < 0) {
|
|
||||||
$row->add(new htmlStatusMessage('ERROR', 'WebAuthn requires PHP 7.2.'), 12);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (!extension_loaded('PDO')) {
|
|
||||||
$row->add(new htmlStatusMessage('ERROR', 'WebAuthn requires the PDO extension for PHP.'), 12);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
$pdoDrivers = \PDO::getAvailableDrivers();
|
|
||||||
if (!in_array('sqlite', $pdoDrivers)) {
|
|
||||||
$row->add(new htmlStatusMessage('ERROR', 'WebAuthn requires the sqlite PDO driver for PHP.'), 12);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
include_once __DIR__ . '/webauthn.inc';
|
|
||||||
$webauthnManager = $this->getWebauthnManager();
|
|
||||||
$hasTokens = $webauthnManager->isRegistered($userDn);
|
|
||||||
if ($hasTokens) {
|
|
||||||
$row->add(new htmlStatusMessage('INFO', _('Please authenticate with your security device.')), 12);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$row->add(new htmlStatusMessage('INFO', _('Please register a security device.')), 12);
|
|
||||||
}
|
|
||||||
$row->addVerticalSpacer('2rem');
|
|
||||||
$pathPrefix = $this->config->isSelfService ? '../' : '';
|
|
||||||
$selfServiceParam = $this->config->isSelfService ? 'true' : 'false';
|
|
||||||
$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
|
|
||||||
$row->addVerticalSpacer('1rem');
|
|
||||||
$registerButton = new htmlButton('register_webauthn', _('Register new key'));
|
|
||||||
$registerButton->setCSSClasses(array('fullwidth hidden'));
|
|
||||||
$row->add($registerButton, 12);
|
|
||||||
$loginButton = new htmlButton('login_webauthn', _('Login'));
|
|
||||||
$loginButton->setCSSClasses(array('fullwidth hidden'));
|
|
||||||
$row->add($loginButton, 12);
|
|
||||||
$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.'));
|
|
||||||
$row->add(new htmlDiv(null, $errorMessage, array('hidden webauthn-error')), 12);
|
|
||||||
if (($this->config->twoFactorAuthenticationOptional === true) && !$hasTokens) {
|
|
||||||
$skipButton = new htmlButton('skip_webauthn', _('Skip'));
|
|
||||||
$skipButton->setCSSClasses(array('fullwidth'));
|
|
||||||
$row->add($skipButton, 12);
|
|
||||||
}
|
|
||||||
$errorMessageDiv = new htmlDiv('generic-webauthn-error', new htmlOutputText(''));
|
|
||||||
$errorMessageDiv->addDataAttribute('button', _('Ok'));
|
|
||||||
$errorMessageDiv->addDataAttribute('title', _('WebAuthn failed'));
|
|
||||||
$row->add($errorMessageDiv, 12);
|
|
||||||
$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', ' . $selfServiceParam . ');'), 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the webauthn manager.
|
|
||||||
*
|
|
||||||
* @return WebauthnManager manager
|
|
||||||
*/
|
|
||||||
public function getWebauthnManager() {
|
|
||||||
return new WebauthnManager();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::verify2ndFactor()
|
|
||||||
*/
|
|
||||||
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
|
|
||||||
logNewMessage(LOG_DEBUG, 'WebauthnProvider: Checking 2nd factor for ' . $user);
|
|
||||||
include_once __DIR__ . '/webauthn.inc';
|
|
||||||
$webauthnManager = $this->getWebauthnManager();
|
|
||||||
if (!empty($_SESSION['ldap'])) {
|
|
||||||
$userDn = $_SESSION['ldap']->getUserName();
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$userDn = lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService');
|
|
||||||
}
|
|
||||||
$hasTokens = $webauthnManager->isRegistered($userDn);
|
|
||||||
if (!$hasTokens) {
|
|
||||||
if ($this->config->twoFactorAuthenticationOptional && !$webauthnManager->isRegistered($user) && ($_POST['sig_response'] === 'skip')) {
|
|
||||||
logNewMessage(LOG_DEBUG, 'Skipped 2FA for ' . $user . ' as no devices are registered and 2FA is optional.');
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
$response = base64_decode($_POST['sig_response']);
|
|
||||||
$registrationObject = PublicKeyCredentialCreationOptions::createFromString($_SESSION['webauthn_registration']);
|
|
||||||
return $webauthnManager->storeNewRegistration($registrationObject, $response);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
logNewMessage(LOG_DEBUG, 'Checking WebAuthn response of ' . $userDn);
|
|
||||||
$response = base64_decode($_POST['sig_response']);
|
|
||||||
return $webauthnManager->isValidAuthentication($response, $userDn);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the correct 2 factor provider.
|
* Returns the correct 2 factor provider.
|
||||||
*/
|
*/
|
||||||
|
@ -623,12 +230,6 @@ class TwoFactorProviderService {
|
||||||
const TWO_FACTOR_NONE = 'none';
|
const TWO_FACTOR_NONE = 'none';
|
||||||
/** 2factor authentication via privacyIDEA */
|
/** 2factor authentication via privacyIDEA */
|
||||||
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
|
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
|
||||||
/** 2factor authentication via YubiKey */
|
|
||||||
const TWO_FACTOR_YUBICO = 'yubico';
|
|
||||||
/** 2factor authentication via DUO */
|
|
||||||
const TWO_FACTOR_DUO = 'duo';
|
|
||||||
/** 2factor authentication via webauthn */
|
|
||||||
const TWO_FACTOR_WEBAUTHN = 'webauthn';
|
|
||||||
|
|
||||||
private $config;
|
private $config;
|
||||||
|
|
||||||
|
@ -657,15 +258,6 @@ class TwoFactorProviderService {
|
||||||
if ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) {
|
if ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) {
|
||||||
return new PrivacyIDEAProvider($this->config);
|
return new PrivacyIDEAProvider($this->config);
|
||||||
}
|
}
|
||||||
elseif ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
|
|
||||||
return new YubicoProvider($this->config);
|
|
||||||
}
|
|
||||||
elseif ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_DUO) {
|
|
||||||
return new DuoProvider($this->config);
|
|
||||||
}
|
|
||||||
elseif ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_WEBAUTHN) {
|
|
||||||
return new WebauthnProvider($this->config);
|
|
||||||
}
|
|
||||||
throw new \Exception('Invalid provider: ' . $this->config->twoFactorAuthentication);
|
throw new \Exception('Invalid provider: ' . $this->config->twoFactorAuthentication);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -676,37 +268,11 @@ class TwoFactorProviderService {
|
||||||
* @return TwoFactorConfiguration configuration
|
* @return TwoFactorConfiguration configuration
|
||||||
*/
|
*/
|
||||||
private function getConfigSelfService(&$profile) {
|
private function getConfigSelfService(&$profile) {
|
||||||
$tfConfig = new TwoFactorConfiguration();
|
$config = new TwoFactorConfiguration();
|
||||||
$tfConfig->isSelfService = true;
|
$config->twoFactorAuthentication = $profile->twoFactorAuthentication;
|
||||||
$tfConfig->twoFactorAuthentication = $profile->twoFactorAuthentication;
|
$config->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
|
||||||
$tfConfig->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
|
$config->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
|
||||||
$tfConfig->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
|
return $config;
|
||||||
if ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
|
|
||||||
$tfConfig->twoFactorAuthenticationURL = explode("\r\n", $profile->twoFactorAuthenticationURL);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$tfConfig->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
|
|
||||||
}
|
|
||||||
$tfConfig->twoFactorAuthenticationClientId = $profile->twoFactorAuthenticationClientId;
|
|
||||||
$tfConfig->twoFactorAuthenticationSecretKey = $profile->twoFactorAuthenticationSecretKey;
|
|
||||||
if ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
|
|
||||||
$moduleSettings = $profile->moduleSettings;
|
|
||||||
if (!empty($moduleSettings['yubiKeyUser_attributeName'][0])) {
|
|
||||||
$tfConfig->twoFactorAuthenticationSerialAttributeName = $moduleSettings['yubiKeyUser_attributeName'][0];
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$tfConfig->twoFactorAuthenticationSerialAttributeName = 'yubiKeyId';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA)
|
|
||||||
|| ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_DUO)) {
|
|
||||||
$attrName = $profile->twoFactorAuthenticationAttribute;
|
|
||||||
if (empty($attrName)) {
|
|
||||||
$attrName = 'uid';
|
|
||||||
}
|
|
||||||
$tfConfig->twoFactorAuthenticationSerialAttributeName = strtolower($attrName);
|
|
||||||
}
|
|
||||||
return $tfConfig;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -716,33 +282,11 @@ class TwoFactorProviderService {
|
||||||
* @return TwoFactorConfiguration configuration
|
* @return TwoFactorConfiguration configuration
|
||||||
*/
|
*/
|
||||||
private function getConfigAdmin($conf) {
|
private function getConfigAdmin($conf) {
|
||||||
$tfConfig = new TwoFactorConfiguration();
|
$config = new TwoFactorConfiguration();
|
||||||
$tfConfig->isSelfService = false;
|
$config->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
|
||||||
$tfConfig->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
|
$config->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
|
||||||
$tfConfig->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
|
$config->twoFactorAuthenticationURL = $conf->getTwoFactorAuthenticationURL();
|
||||||
$tfConfig->twoFactorAuthenticationOptional = $conf->getTwoFactorAuthenticationOptional();
|
return $config;
|
||||||
if ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
|
|
||||||
$tfConfig->twoFactorAuthenticationURL = explode("\r\n", $conf->getTwoFactorAuthenticationURL());
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$tfConfig->twoFactorAuthenticationURL = $conf->getTwoFactorAuthenticationURL();
|
|
||||||
}
|
|
||||||
$tfConfig->twoFactorAuthenticationClientId = $conf->getTwoFactorAuthenticationClientId();
|
|
||||||
$tfConfig->twoFactorAuthenticationSecretKey = $conf->getTwoFactorAuthenticationSecretKey();
|
|
||||||
if ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
|
|
||||||
$moduleSettings = $conf->get_moduleSettings();
|
|
||||||
if (!empty($moduleSettings['yubiKeyUser_attributeName'][0])) {
|
|
||||||
$tfConfig->twoFactorAuthenticationSerialAttributeName = $moduleSettings['yubiKeyUser_attributeName'][0];
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$tfConfig->twoFactorAuthenticationSerialAttributeName = 'yubiKeyId';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA)
|
|
||||||
|| ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_DUO)) {
|
|
||||||
$tfConfig->twoFactorAuthenticationSerialAttributeName = strtolower($conf->getTwoFactorAuthenticationAttribute());
|
|
||||||
}
|
|
||||||
return $tfConfig;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -753,45 +297,7 @@ class TwoFactorProviderService {
|
||||||
* @author Roland Gruber
|
* @author Roland Gruber
|
||||||
*/
|
*/
|
||||||
class TwoFactorConfiguration {
|
class TwoFactorConfiguration {
|
||||||
|
|
||||||
/**
|
|
||||||
* @var bool is self service
|
|
||||||
*/
|
|
||||||
public $isSelfService = false;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var string provider id
|
|
||||||
*/
|
|
||||||
public $twoFactorAuthentication = null;
|
public $twoFactorAuthentication = null;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var string|array service URL(s)
|
|
||||||
*/
|
|
||||||
public $twoFactorAuthenticationURL = null;
|
public $twoFactorAuthenticationURL = null;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var disable certificate check
|
|
||||||
*/
|
|
||||||
public $twoFactorAuthenticationInsecure = false;
|
public $twoFactorAuthenticationInsecure = false;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var client ID for API access
|
|
||||||
*/
|
|
||||||
public $twoFactorAuthenticationClientId = null;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var secret key for API access
|
|
||||||
*/
|
|
||||||
public $twoFactorAuthenticationSecretKey = null;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var LDAP attribute name that stores the token serials
|
|
||||||
*/
|
|
||||||
public $twoFactorAuthenticationSerialAttributeName = null;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var bool 2FA is optional
|
|
||||||
*/
|
|
||||||
public $twoFactorAuthenticationOptional = false;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,239 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This file is part of the Monolog package.
|
|
||||||
*
|
|
||||||
* (c) Jordi Boggiano <j.boggiano@seld.be>
|
|
||||||
*
|
|
||||||
* For the full copyright and license information, please view the LICENSE
|
|
||||||
* file that was distributed with this source code.
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace Monolog;
|
|
||||||
|
|
||||||
use Psr\Log\LoggerInterface;
|
|
||||||
use Psr\Log\LogLevel;
|
|
||||||
use Monolog\Handler\AbstractHandler;
|
|
||||||
use Monolog\Registry;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Monolog error handler
|
|
||||||
*
|
|
||||||
* A facility to enable logging of runtime errors, exceptions and fatal errors.
|
|
||||||
*
|
|
||||||
* Quick setup: <code>ErrorHandler::register($logger);</code>
|
|
||||||
*
|
|
||||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
|
||||||
*/
|
|
||||||
class ErrorHandler
|
|
||||||
{
|
|
||||||
private $logger;
|
|
||||||
|
|
||||||
private $previousExceptionHandler;
|
|
||||||
private $uncaughtExceptionLevel;
|
|
||||||
|
|
||||||
private $previousErrorHandler;
|
|
||||||
private $errorLevelMap;
|
|
||||||
private $handleOnlyReportedErrors;
|
|
||||||
|
|
||||||
private $hasFatalErrorHandler;
|
|
||||||
private $fatalLevel;
|
|
||||||
private $reservedMemory;
|
|
||||||
private $lastFatalTrace;
|
|
||||||
private static $fatalErrors = array(E_ERROR, E_PARSE, E_CORE_ERROR, E_COMPILE_ERROR, E_USER_ERROR);
|
|
||||||
|
|
||||||
public function __construct(LoggerInterface $logger)
|
|
||||||
{
|
|
||||||
$this->logger = $logger;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Registers a new ErrorHandler for a given Logger
|
|
||||||
*
|
|
||||||
* By default it will handle errors, exceptions and fatal errors
|
|
||||||
*
|
|
||||||
* @param LoggerInterface $logger
|
|
||||||
* @param array|false $errorLevelMap an array of E_* constant to LogLevel::* constant mapping, or false to disable error handling
|
|
||||||
* @param int|false $exceptionLevel a LogLevel::* constant, or false to disable exception handling
|
|
||||||
* @param int|false $fatalLevel a LogLevel::* constant, or false to disable fatal error handling
|
|
||||||
* @return ErrorHandler
|
|
||||||
*/
|
|
||||||
public static function register(LoggerInterface $logger, $errorLevelMap = array(), $exceptionLevel = null, $fatalLevel = null)
|
|
||||||
{
|
|
||||||
//Forces the autoloader to run for LogLevel. Fixes an autoload issue at compile-time on PHP5.3. See https://github.com/Seldaek/monolog/pull/929
|
|
||||||
class_exists('\\Psr\\Log\\LogLevel', true);
|
|
||||||
|
|
||||||
$handler = new static($logger);
|
|
||||||
if ($errorLevelMap !== false) {
|
|
||||||
$handler->registerErrorHandler($errorLevelMap);
|
|
||||||
}
|
|
||||||
if ($exceptionLevel !== false) {
|
|
||||||
$handler->registerExceptionHandler($exceptionLevel);
|
|
||||||
}
|
|
||||||
if ($fatalLevel !== false) {
|
|
||||||
$handler->registerFatalHandler($fatalLevel);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $handler;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function registerExceptionHandler($level = null, $callPrevious = true)
|
|
||||||
{
|
|
||||||
$prev = set_exception_handler(array($this, 'handleException'));
|
|
||||||
$this->uncaughtExceptionLevel = $level;
|
|
||||||
if ($callPrevious && $prev) {
|
|
||||||
$this->previousExceptionHandler = $prev;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public function registerErrorHandler(array $levelMap = array(), $callPrevious = true, $errorTypes = -1, $handleOnlyReportedErrors = true)
|
|
||||||
{
|
|
||||||
$prev = set_error_handler(array($this, 'handleError'), $errorTypes);
|
|
||||||
$this->errorLevelMap = array_replace($this->defaultErrorLevelMap(), $levelMap);
|
|
||||||
if ($callPrevious) {
|
|
||||||
$this->previousErrorHandler = $prev ?: true;
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->handleOnlyReportedErrors = $handleOnlyReportedErrors;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function registerFatalHandler($level = null, $reservedMemorySize = 20)
|
|
||||||
{
|
|
||||||
register_shutdown_function(array($this, 'handleFatalError'));
|
|
||||||
|
|
||||||
$this->reservedMemory = str_repeat(' ', 1024 * $reservedMemorySize);
|
|
||||||
$this->fatalLevel = $level;
|
|
||||||
$this->hasFatalErrorHandler = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function defaultErrorLevelMap()
|
|
||||||
{
|
|
||||||
return array(
|
|
||||||
E_ERROR => LogLevel::CRITICAL,
|
|
||||||
E_WARNING => LogLevel::WARNING,
|
|
||||||
E_PARSE => LogLevel::ALERT,
|
|
||||||
E_NOTICE => LogLevel::NOTICE,
|
|
||||||
E_CORE_ERROR => LogLevel::CRITICAL,
|
|
||||||
E_CORE_WARNING => LogLevel::WARNING,
|
|
||||||
E_COMPILE_ERROR => LogLevel::ALERT,
|
|
||||||
E_COMPILE_WARNING => LogLevel::WARNING,
|
|
||||||
E_USER_ERROR => LogLevel::ERROR,
|
|
||||||
E_USER_WARNING => LogLevel::WARNING,
|
|
||||||
E_USER_NOTICE => LogLevel::NOTICE,
|
|
||||||
E_STRICT => LogLevel::NOTICE,
|
|
||||||
E_RECOVERABLE_ERROR => LogLevel::ERROR,
|
|
||||||
E_DEPRECATED => LogLevel::NOTICE,
|
|
||||||
E_USER_DEPRECATED => LogLevel::NOTICE,
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @private
|
|
||||||
*/
|
|
||||||
public function handleException($e)
|
|
||||||
{
|
|
||||||
$this->logger->log(
|
|
||||||
$this->uncaughtExceptionLevel === null ? LogLevel::ERROR : $this->uncaughtExceptionLevel,
|
|
||||||
sprintf('Uncaught Exception %s: "%s" at %s line %s', Utils::getClass($e), $e->getMessage(), $e->getFile(), $e->getLine()),
|
|
||||||
array('exception' => $e)
|
|
||||||
);
|
|
||||||
|
|
||||||
if ($this->previousExceptionHandler) {
|
|
||||||
call_user_func($this->previousExceptionHandler, $e);
|
|
||||||
}
|
|
||||||
|
|
||||||
exit(255);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @private
|
|
||||||
*/
|
|
||||||
public function handleError($code, $message, $file = '', $line = 0, $context = array())
|
|
||||||
{
|
|
||||||
if ($this->handleOnlyReportedErrors && !(error_reporting() & $code)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// fatal error codes are ignored if a fatal error handler is present as well to avoid duplicate log entries
|
|
||||||
if (!$this->hasFatalErrorHandler || !in_array($code, self::$fatalErrors, true)) {
|
|
||||||
$level = isset($this->errorLevelMap[$code]) ? $this->errorLevelMap[$code] : LogLevel::CRITICAL;
|
|
||||||
$this->logger->log($level, self::codeToString($code).': '.$message, array('code' => $code, 'message' => $message, 'file' => $file, 'line' => $line));
|
|
||||||
} else {
|
|
||||||
// http://php.net/manual/en/function.debug-backtrace.php
|
|
||||||
// As of 5.3.6, DEBUG_BACKTRACE_IGNORE_ARGS option was added.
|
|
||||||
// Any version less than 5.3.6 must use the DEBUG_BACKTRACE_IGNORE_ARGS constant value '2'.
|
|
||||||
$trace = debug_backtrace((PHP_VERSION_ID < 50306) ? 2 : DEBUG_BACKTRACE_IGNORE_ARGS);
|
|
||||||
array_shift($trace); // Exclude handleError from trace
|
|
||||||
$this->lastFatalTrace = $trace;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($this->previousErrorHandler === true) {
|
|
||||||
return false;
|
|
||||||
} elseif ($this->previousErrorHandler) {
|
|
||||||
return call_user_func($this->previousErrorHandler, $code, $message, $file, $line, $context);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @private
|
|
||||||
*/
|
|
||||||
public function handleFatalError()
|
|
||||||
{
|
|
||||||
$this->reservedMemory = null;
|
|
||||||
|
|
||||||
$lastError = error_get_last();
|
|
||||||
if ($lastError && in_array($lastError['type'], self::$fatalErrors, true)) {
|
|
||||||
$this->logger->log(
|
|
||||||
$this->fatalLevel === null ? LogLevel::ALERT : $this->fatalLevel,
|
|
||||||
'Fatal Error ('.self::codeToString($lastError['type']).'): '.$lastError['message'],
|
|
||||||
array('code' => $lastError['type'], 'message' => $lastError['message'], 'file' => $lastError['file'], 'line' => $lastError['line'], 'trace' => $this->lastFatalTrace)
|
|
||||||
);
|
|
||||||
|
|
||||||
if ($this->logger instanceof Logger) {
|
|
||||||
foreach ($this->logger->getHandlers() as $handler) {
|
|
||||||
if ($handler instanceof AbstractHandler) {
|
|
||||||
$handler->close();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static function codeToString($code)
|
|
||||||
{
|
|
||||||
switch ($code) {
|
|
||||||
case E_ERROR:
|
|
||||||
return 'E_ERROR';
|
|
||||||
case E_WARNING:
|
|
||||||
return 'E_WARNING';
|
|
||||||
case E_PARSE:
|
|
||||||
return 'E_PARSE';
|
|
||||||
case E_NOTICE:
|
|
||||||
return 'E_NOTICE';
|
|
||||||
case E_CORE_ERROR:
|
|
||||||
return 'E_CORE_ERROR';
|
|
||||||
case E_CORE_WARNING:
|
|
||||||
return 'E_CORE_WARNING';
|
|
||||||
case E_COMPILE_ERROR:
|
|
||||||
return 'E_COMPILE_ERROR';
|
|
||||||
case E_COMPILE_WARNING:
|
|
||||||
return 'E_COMPILE_WARNING';
|
|
||||||
case E_USER_ERROR:
|
|
||||||
return 'E_USER_ERROR';
|
|
||||||
case E_USER_WARNING:
|
|
||||||
return 'E_USER_WARNING';
|
|
||||||
case E_USER_NOTICE:
|
|
||||||
return 'E_USER_NOTICE';
|
|
||||||
case E_STRICT:
|
|
||||||
return 'E_STRICT';
|
|
||||||
case E_RECOVERABLE_ERROR:
|
|
||||||
return 'E_RECOVERABLE_ERROR';
|
|
||||||
case E_DEPRECATED:
|
|
||||||
return 'E_DEPRECATED';
|
|
||||||
case E_USER_DEPRECATED:
|
|
||||||
return 'E_USER_DEPRECATED';
|
|
||||||
}
|
|
||||||
|
|
||||||
return 'Unknown PHP error';
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,78 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This file is part of the Monolog package.
|
|
||||||
*
|
|
||||||
* (c) Jordi Boggiano <j.boggiano@seld.be>
|
|
||||||
*
|
|
||||||
* For the full copyright and license information, please view the LICENSE
|
|
||||||
* file that was distributed with this source code.
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace Monolog\Formatter;
|
|
||||||
|
|
||||||
use Monolog\Logger;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Formats a log message according to the ChromePHP array format
|
|
||||||
*
|
|
||||||
* @author Christophe Coevoet <stof@notk.org>
|
|
||||||
*/
|
|
||||||
class ChromePHPFormatter implements FormatterInterface
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Translates Monolog log levels to Wildfire levels.
|
|
||||||
*/
|
|
||||||
private $logLevels = array(
|
|
||||||
Logger::DEBUG => 'log',
|
|
||||||
Logger::INFO => 'info',
|
|
||||||
Logger::NOTICE => 'info',
|
|
||||||
Logger::WARNING => 'warn',
|
|
||||||
Logger::ERROR => 'error',
|
|
||||||
Logger::CRITICAL => 'error',
|
|
||||||
Logger::ALERT => 'error',
|
|
||||||
Logger::EMERGENCY => 'error',
|
|
||||||
);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritdoc}
|
|
||||||
*/
|
|
||||||
public function format(array $record)
|
|
||||||
{
|
|
||||||
// Retrieve the line and file if set and remove them from the formatted extra
|
|
||||||
$backtrace = 'unknown';
|
|
||||||
if (isset($record['extra']['file'], $record['extra']['line'])) {
|
|
||||||
$backtrace = $record['extra']['file'].' : '.$record['extra']['line'];
|
|
||||||
unset($record['extra']['file'], $record['extra']['line']);
|
|
||||||
}
|
|
||||||
|
|
||||||
$message = array('message' => $record['message']);
|
|
||||||
if ($record['context']) {
|
|
||||||
$message['context'] = $record['context'];
|
|
||||||
}
|
|
||||||
if ($record['extra']) {
|
|
||||||
$message['extra'] = $record['extra'];
|
|
||||||
}
|
|
||||||
if (count($message) === 1) {
|
|
||||||
$message = reset($message);
|
|
||||||
}
|
|
||||||
|
|
||||||
return array(
|
|
||||||
$record['channel'],
|
|
||||||
$message,
|
|
||||||
$backtrace,
|
|
||||||
$this->logLevels[$record['level']],
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function formatBatch(array $records)
|
|
||||||
{
|
|
||||||
$formatted = array();
|
|
||||||
|
|
||||||
foreach ($records as $record) {
|
|
||||||
$formatted[] = $this->format($record);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $formatted;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,89 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This file is part of the Monolog package.
|
|
||||||
*
|
|
||||||
* (c) Jordi Boggiano <j.boggiano@seld.be>
|
|
||||||
*
|
|
||||||
* For the full copyright and license information, please view the LICENSE
|
|
||||||
* file that was distributed with this source code.
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace Monolog\Formatter;
|
|
||||||
|
|
||||||
use Elastica\Document;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Format a log message into an Elastica Document
|
|
||||||
*
|
|
||||||
* @author Jelle Vink <jelle.vink@gmail.com>
|
|
||||||
*/
|
|
||||||
class ElasticaFormatter extends NormalizerFormatter
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* @var string Elastic search index name
|
|
||||||
*/
|
|
||||||
protected $index;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var string Elastic search document type
|
|
||||||
*/
|
|
||||||
protected $type;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param string $index Elastic Search index name
|
|
||||||
* @param string $type Elastic Search document type
|
|
||||||
*/
|
|
||||||
public function __construct($index, $type)
|
|
||||||
{
|
|
||||||
// elasticsearch requires a ISO 8601 format date with optional millisecond precision.
|
|
||||||
parent::__construct('Y-m-d\TH:i:s.uP');
|
|
||||||
|
|
||||||
$this->index = $index;
|
|
||||||
$this->type = $type;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritdoc}
|
|
||||||
*/
|
|
||||||
public function format(array $record)
|
|
||||||
{
|
|
||||||
$record = parent::format($record);
|
|
||||||
|
|
||||||
return $this->getDocument($record);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Getter index
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getIndex()
|
|
||||||
{
|
|
||||||
return $this->index;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Getter type
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getType()
|
|
||||||
{
|
|
||||||
return $this->type;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Convert a log message into an Elastica Document
|
|
||||||
*
|
|
||||||
* @param array $record Log message
|
|
||||||
* @return Document
|
|
||||||
*/
|
|
||||||
protected function getDocument($record)
|
|
||||||
{
|
|
||||||
$document = new Document();
|
|
||||||
$document->setData($record);
|
|
||||||
$document->setType($this->type);
|
|
||||||
$document->setIndex($this->index);
|
|
||||||
|
|
||||||
return $document;
|
|
||||||
}
|
|
||||||
}
|
|