WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: WMDE:develop
Branches Tags
WMDE:develop
WMDE:master
WMDE:gh-pages
WMDE:lam_7_3_RC1
WMDE:lam_7_2
WMDE:lam_7_2_RC1
WMDE:lam_7_1
WMDE:lam_7_1_RC1
WMDE:lam_7_0
WMDE:lam_7_0_RC1
WMDE:lam_6_9
WMDE:lam_6_9_RC1
WMDE:lam_6_8
WMDE:lam_6_8_RC1
WMDE:lam_6_7
WMDE:lam_6_7_RC1
WMDE:lam_6_6
WMDE:lam_6_6_RC1
WMDE:lam_6_5
WMDE:lam_6_5_RC1
WMDE:untagged-0f11e4b04e249cac51c5
WMDE:lam_6_4
WMDE:lam_6_4_RC1
WMDE:lam_6_3
WMDE:lam_6_3_RC1
WMDE:lam_6_2_1
WMDE:lam_6_2
WMDE:lam_6_2_RC1
WMDE:lam_6_1
WMDE:lam_6_1_RC1
WMDE:lam_6_0_1
WMDE:lam_6_0
WMDE:lam_6_0_RC2
WMDE:lam_6_0_RC1
WMDE:lam_5_7
WMDE:lam_5_7_RC1
WMDE:lam_5_6
WMDE:lam_5_6_RC1
WMDE:lam_5_5
WMDE:lam_5_5_RC1
WMDE:lam_5_4
WMDE:lam_5_4_RC1
WMDE:origin/tags/mb_moveDN
WMDE:origin/tags/start
WMDE:origin/tags/trunk
WMDE:origin/tags/lam_0_4_7
WMDE:origin/tags/lam_0_4_8
WMDE:origin/tags/lam_0_4_9
WMDE:origin/tags/lam_0_4_10
WMDE:origin/tags/lam_0_5_alpha1
WMDE:origin/tags/lam_0_5_alpha2
WMDE:origin/tags/lam_0_5_rc1
WMDE:origin/tags/lam_0_5_rc2
WMDE:origin/tags/lam_0_5_rc3
WMDE:origin/tags/lam_0_5_0
WMDE:origin/tags/lam_0_5_1
WMDE:origin/tags/lam_0_5_2
WMDE:origin/tags/lam_0_5_3
WMDE:origin/tags/after_0_6_merge
WMDE:origin/tags/before_0_6_merge
WMDE:origin/tags/lam_1_0_rc1
WMDE:origin/tags/lam_1_0_rc2
WMDE:origin/tags/lam_1_0_0
WMDE:origin/tags/lam_1_0_1
WMDE:origin/tags/lam_1_0_2
WMDE:origin/tags/lam_1_0_3
WMDE:origin/tags/lam_1_0_4RC1
WMDE:origin/tags/lam_1_0_4
WMDE:origin/tags/lam_1_1_0_RC1
WMDE:origin/tags/lam_1_1_0
WMDE:origin/tags/lam_1_1_1_rc1
WMDE:origin/tags/lam_1_1_1
WMDE:origin/tags/lam_1_2_0_RC1
WMDE:origin/tags/lam_1_2_0
WMDE:origin/tags/lam_1_3_0_RC1
WMDE:origin/tags/lam_1_3_0
WMDE:origin/tags/lam_2_0_0_RC1
WMDE:origin/tags/lam_2_0_0
WMDE:origin/tags/lam_2_1_0_RC1
WMDE:origin/tags/lam_2_1_0
WMDE:origin/tags/lam_2_2_0_RC1
WMDE:origin/tags/lam_2_2_0
WMDE:origin/tags/lam_2_3_0RC1
WMDE:origin/tags/lam_2_3_0
WMDE:origin/tags/lam_2_4_0
WMDE:origin/tags/lam_2_5_0_RC1
WMDE:origin/tags/lam_2_5_0
WMDE:origin/tags/lam_2_6_0_RC1
WMDE:origin/tags/lam_2_6_0
WMDE:origin/tags/lam_2_7_0_RC1
WMDE:origin/tags/lam_2_7_0
WMDE:origin/tags/lam_2_8_0_RC1
WMDE:origin/tags/lam_2_8_0
WMDE:origin/tags/lam_2_9_0_RC1
WMDE:origin/tags/lam_2_9_0
WMDE:origin/tags/lam_3_0_0_RC1
WMDE:origin/tags/lam_3_0_0
WMDE:origin/tags/lam_3_1_0_RC1
WMDE:origin/tags/lam_3_1_0
WMDE:origin/tags/lam_3_1_1
WMDE:origin/tags/lam_3_2_0_RC1
WMDE:origin/tags/lam_3_2_0
WMDE:origin/tags/lam_3_3_0_RC1
WMDE:origin/tags/lam_3_3_0
WMDE:origin/tags/lam_3_4_0_RC1
WMDE:origin/tags/lam_3_4_0
WMDE:origin/tags/lam_3_5_0_RC1
WMDE:origin/tags/lam_3_5_0
WMDE:origin/tags/lam_3_6_RC1
WMDE:origin/tags/lam_3_6
WMDE:origin/tags/lam_3_6_1
WMDE:origin/tags/lam_3_7_RC1
WMDE:origin/tags/lam_3_7
WMDE:origin/tags/lam_3_8_RC1
WMDE:origin/tags/lam_3_8
WMDE:origin/tags/lam_3_9_RC1
WMDE:origin/tags/lam_3_9
WMDE:origin/tags/lam_4_0_RC1
WMDE:origin/tags/lam_4_0
WMDE:origin/tags/lam_4_0_1
WMDE:origin/tags/lam_4_1_RC1
WMDE:origin/tags/lam_4_2_RC1
WMDE:origin/tags/lam_4_2
WMDE:origin/tags/lam_4_2_1
WMDE:origin/tags/lam_4_3_RC1
WMDE:origin/tags/lam_4_3
WMDE:origin/tags/lam_4_4_RC1
WMDE:origin/tags/lam_4_4
WMDE:origin/tags/lam_4_5_RC1
WMDE:origin/tags/lam_4_5
WMDE:origin/tags/lam_4_6_RC1
WMDE:origin/tags/lam_4_6
WMDE:origin/tags/lam_4_7_RC1
WMDE:origin/tags/lam_4_7
WMDE:origin/tags/lam_4_7_1
WMDE:origin/tags/lam_4_8_RC1
WMDE:origin/tags/lam_4_8
WMDE:origin/tags/lam_4_9_RC1
WMDE:origin/tags/lam_4_9
WMDE:origin/tags/lam_5_0
WMDE:origin/tags/lam_5_1_RC1
WMDE:origin/tags/lam_5_1
WMDE:origin/tags/lam_5_2_RC1
WMDE:origin/tags/lam_5_2
WMDE:origin/tags/lam_5_3_RC1
WMDE:origin/tags/lam_5_3
..
compare: WMDE:lam_6_7
Branches Tags
WMDE:develop
WMDE:master
WMDE:gh-pages
WMDE:lam_7_3_RC1
WMDE:lam_7_2
WMDE:lam_7_2_RC1
WMDE:lam_7_1
WMDE:lam_7_1_RC1
WMDE:lam_7_0
WMDE:lam_7_0_RC1
WMDE:lam_6_9
WMDE:lam_6_9_RC1
WMDE:lam_6_8
WMDE:lam_6_8_RC1
WMDE:lam_6_7
WMDE:lam_6_7_RC1
WMDE:lam_6_6
WMDE:lam_6_6_RC1
WMDE:lam_6_5
WMDE:lam_6_5_RC1
WMDE:untagged-0f11e4b04e249cac51c5
WMDE:lam_6_4
WMDE:lam_6_4_RC1
WMDE:lam_6_3
WMDE:lam_6_3_RC1
WMDE:lam_6_2_1
WMDE:lam_6_2
WMDE:lam_6_2_RC1
WMDE:lam_6_1
WMDE:lam_6_1_RC1
WMDE:lam_6_0_1
WMDE:lam_6_0
WMDE:lam_6_0_RC2
WMDE:lam_6_0_RC1
WMDE:lam_5_7
WMDE:lam_5_7_RC1
WMDE:lam_5_6
WMDE:lam_5_6_RC1
WMDE:lam_5_5
WMDE:lam_5_5_RC1
WMDE:lam_5_4
WMDE:lam_5_4_RC1
WMDE:origin/tags/mb_moveDN
WMDE:origin/tags/start
WMDE:origin/tags/trunk
WMDE:origin/tags/lam_0_4_7
WMDE:origin/tags/lam_0_4_8
WMDE:origin/tags/lam_0_4_9
WMDE:origin/tags/lam_0_4_10
WMDE:origin/tags/lam_0_5_alpha1
WMDE:origin/tags/lam_0_5_alpha2
WMDE:origin/tags/lam_0_5_rc1
WMDE:origin/tags/lam_0_5_rc2
WMDE:origin/tags/lam_0_5_rc3
WMDE:origin/tags/lam_0_5_0
WMDE:origin/tags/lam_0_5_1
WMDE:origin/tags/lam_0_5_2
WMDE:origin/tags/lam_0_5_3
WMDE:origin/tags/after_0_6_merge
WMDE:origin/tags/before_0_6_merge
WMDE:origin/tags/lam_1_0_rc1
WMDE:origin/tags/lam_1_0_rc2
WMDE:origin/tags/lam_1_0_0
WMDE:origin/tags/lam_1_0_1
WMDE:origin/tags/lam_1_0_2
WMDE:origin/tags/lam_1_0_3
WMDE:origin/tags/lam_1_0_4RC1
WMDE:origin/tags/lam_1_0_4
WMDE:origin/tags/lam_1_1_0_RC1
WMDE:origin/tags/lam_1_1_0
WMDE:origin/tags/lam_1_1_1_rc1
WMDE:origin/tags/lam_1_1_1
WMDE:origin/tags/lam_1_2_0_RC1
WMDE:origin/tags/lam_1_2_0
WMDE:origin/tags/lam_1_3_0_RC1
WMDE:origin/tags/lam_1_3_0
WMDE:origin/tags/lam_2_0_0_RC1
WMDE:origin/tags/lam_2_0_0
WMDE:origin/tags/lam_2_1_0_RC1
WMDE:origin/tags/lam_2_1_0
WMDE:origin/tags/lam_2_2_0_RC1
WMDE:origin/tags/lam_2_2_0
WMDE:origin/tags/lam_2_3_0RC1
WMDE:origin/tags/lam_2_3_0
WMDE:origin/tags/lam_2_4_0
WMDE:origin/tags/lam_2_5_0_RC1
WMDE:origin/tags/lam_2_5_0
WMDE:origin/tags/lam_2_6_0_RC1
WMDE:origin/tags/lam_2_6_0
WMDE:origin/tags/lam_2_7_0_RC1
WMDE:origin/tags/lam_2_7_0
WMDE:origin/tags/lam_2_8_0_RC1
WMDE:origin/tags/lam_2_8_0
WMDE:origin/tags/lam_2_9_0_RC1
WMDE:origin/tags/lam_2_9_0
WMDE:origin/tags/lam_3_0_0_RC1
WMDE:origin/tags/lam_3_0_0
WMDE:origin/tags/lam_3_1_0_RC1
WMDE:origin/tags/lam_3_1_0
WMDE:origin/tags/lam_3_1_1
WMDE:origin/tags/lam_3_2_0_RC1
WMDE:origin/tags/lam_3_2_0
WMDE:origin/tags/lam_3_3_0_RC1
WMDE:origin/tags/lam_3_3_0
WMDE:origin/tags/lam_3_4_0_RC1
WMDE:origin/tags/lam_3_4_0
WMDE:origin/tags/lam_3_5_0_RC1
WMDE:origin/tags/lam_3_5_0
WMDE:origin/tags/lam_3_6_RC1
WMDE:origin/tags/lam_3_6
WMDE:origin/tags/lam_3_6_1
WMDE:origin/tags/lam_3_7_RC1
WMDE:origin/tags/lam_3_7
WMDE:origin/tags/lam_3_8_RC1
WMDE:origin/tags/lam_3_8
WMDE:origin/tags/lam_3_9_RC1
WMDE:origin/tags/lam_3_9
WMDE:origin/tags/lam_4_0_RC1
WMDE:origin/tags/lam_4_0
WMDE:origin/tags/lam_4_0_1
WMDE:origin/tags/lam_4_1_RC1
WMDE:origin/tags/lam_4_2_RC1
WMDE:origin/tags/lam_4_2
WMDE:origin/tags/lam_4_2_1
WMDE:origin/tags/lam_4_3_RC1
WMDE:origin/tags/lam_4_3
WMDE:origin/tags/lam_4_4_RC1
WMDE:origin/tags/lam_4_4
WMDE:origin/tags/lam_4_5_RC1
WMDE:origin/tags/lam_4_5
WMDE:origin/tags/lam_4_6_RC1
WMDE:origin/tags/lam_4_6
WMDE:origin/tags/lam_4_7_RC1
WMDE:origin/tags/lam_4_7
WMDE:origin/tags/lam_4_7_1
WMDE:origin/tags/lam_4_8_RC1
WMDE:origin/tags/lam_4_8
WMDE:origin/tags/lam_4_9_RC1
WMDE:origin/tags/lam_4_9
WMDE:origin/tags/lam_5_0
WMDE:origin/tags/lam_5_1_RC1
WMDE:origin/tags/lam_5_1
WMDE:origin/tags/lam_5_2_RC1
WMDE:origin/tags/lam_5_2
WMDE:origin/tags/lam_5_3_RC1
WMDE:origin/tags/lam_5_3

No commits in common. "develop" and "lam_6_7" have entirely different histories.
develop ... lam_6_7

1387 changed files with 69984 additions and 237009 deletions
Show Stats Expand all files Collapse all files

3
.github/FUNDING.yml vendored
View File

@ -1,3 +0,0 @@
github: [LDAPAccountManager]

11
.github/codeql/codeql-config.yml vendored
View File

@ -1,11 +0,0 @@
name: "LAM CodeQL config"
queries:
- uses: security-and-quality
paths-ignore:
- '**/3rdParty/**/*.*'
- '**/lib/extra/**/*.*'
- '**/lib/*jquery*.js'
paths:
- lam

56
.github/workflows/codeql-analysis.yml vendored
View File

@ -1,56 +0,0 @@
name: "CodeQL"
on:
push:
branches: [develop]
pull_request:
# The branches below must be a subset of the branches above
branches: [develop]
schedule:
- cron: '0 10 * * 0'
jobs:
analyse:
name: Analyse
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java
with:
config-file: ./.github/codeql/codeql-config.yml
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

2
.gitignore vendored
View File

@ -5,5 +5,3 @@
/vendor/
/composer.lock
/code-coverage/
/.phpunit.result.cache
/lam/lib/3rdParty/composer/bin/

5
.travis.yml
View File

@ -3,7 +3,7 @@ addons:
sonarcloud:
organization: "ldap-account-manager"
php:
- '7.3'
- '5.6'
cache:
directories:
@ -13,6 +13,3 @@ script:
- phpunit
- ls -l code-coverage/*
- sonar-scanner
- pip install --user codespell
- cd lam
- ./codespell.sh

2
Readme.md
View File

@ -25,4 +25,4 @@ There are two modules. Usually, you only need the files inside "lam".
LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.
Copyright (C) 2003 - 2020 Roland Gruber <post@rolandgruber.de>
Copyright (C) 2003 - 2019 Roland Gruber <post@rolandgruber.de>

9
SECURITY.md
View File

@ -1,9 +0,0 @@
# Security Policy
## Supported Versions
Security updates are always created based on the latest release.
## Reporting a Vulnerability
Please report all security issues to post@rolandgruber.de. Reports will be answered within 48h.

8
composer.json
View File

@ -1,10 +1,6 @@
{
"require-dev" : {
"phpunit/phpunit" : "8.5.2",
"phpunit/phpunit" : "5.7.27",
"squizlabs/php_codesniffer" : "3.4.0"
},
"require": {
"ext-ldap": "*",
"ext-json": "*"
}
}
}

4
lam-packaging/autoconf/Makefile.in
View File

@ -39,7 +39,7 @@ DOCS = COPYING HISTORY README copyright docs/schema/dhcp.schema
HTML_DOCS = devel manual
LIST1 = graphics help index.html lib locale style templates VERSION pwa_worker.js
LIST1 = graphics help index.html lib locale style templates VERSION
LIST2 = sess tmp tmp/internal
LIST3 = config
@ -72,7 +72,7 @@ install-lam:
LIST4="`(cd $(srcdir)/$(LIST3) ; ls -d *)`" ; \
(cd $(srcdir)/$(LIST3) ; $(TAR) cf - .) | \
(cd $(DESTDIR)$(sysconfdir) ; $(TAR) xf -) ; \
[ -e ${LIST3} ] || $(LN_S) $(sysconfdir) ${LIST3} ; \
$(LN_S) $(sysconfdir) ${LIST3} ; \
(cd $(srcdir) ; $(TAR) cf - $(LIST1)) | $(TAR) xf - ; \
[ -d $(DESTDIR)$(prefix)/docs ] || \
$(MKDIR) -p $(DESTDIR)$(prefix)/docs || exit 1 ; \

20
lam-packaging/buildPackages
View File

@ -44,24 +44,23 @@ function minifyCSS {
echo "Minify CSS files in $dir"
local outFile=$dir/100_lam.${VERSION}.min.css
local files=`ls $dir/*.css`
cat $files | cleancss --skip-rebase -o $outFile
cat $files | cleancss -o $outFile
rm $files
# add final new line to supress Debian warnings
echo "" >> $outFile
}
echo "Getting files..."
git clone --depth 1 -b $REPO_BRANCH --single-branch git@github.com:LDAPAccountManager/lam.git github
git clone -b $REPO_BRANCH --single-branch git@github.com:LDAPAccountManager/lam.git github
cd github
mv lam ../
mv lam-packaging ../
cd ..
rm -rf github
git clone --depth 1 -b $REPO_BRANCH --single-branch git@gitlab.com:LDAPAccountManager/lamPro.git lamPro
git clone -b $REPO_BRANCH --single-branch git@gitlab.com:LDAPAccountManager/lamPro.git lamPro
cd lamPro
rm -rf .git
rm -rf docker
cd ..
cp lam-packaging/getVersion ./
@ -70,8 +69,7 @@ export VERSION=`./getVersion`
# remove files which are not in the final release
rm -r lam/po
rm -r lam/tests
rm -f lam/lib/3rdParty/tcpdf/fonts/*.ttf
rm -r lam/templates/lib/extra/ckeditor/plugins/*/dev
rm lam/lib/3rdParty/tcpdf/fonts/*.ttf
find . -name .svnignore -exec rm {} \;
find . -name .gitignore -exec rm {} \;
mv lam ldap-account-manager-$VERSION
@ -137,14 +135,8 @@ cd ..
# Debian
cp -r lam-packaging/debian Debian/ldap-account-manager-$VERSION/
cp -ar Debian Debian-Upload
cd Debian/ldap-account-manager-$VERSION
debuild -k478730308FBD512ADF09D38E7F3D136B2BCD7990
cd ..
rm -r ldap-account-manager-$VERSION
cd ..
cd Debian-Upload/ldap-account-manager-$VERSION
debuild -S -k478730308FBD512ADF09D38E7F3D136B2BCD7990
debuild
cd ..
rm -r ldap-account-manager-$VERSION
cd ..
@ -153,7 +145,7 @@ cd ..
cd LAMPro
cp -r ../lam-packaging/debian Debian/ldap-account-manager-$VERSION/
cd Debian/ldap-account-manager-$VERSION
debuild -k478730308FBD512ADF09D38E7F3D136B2BCD7990
debuild
cd ..
rm -r ldap-account-manager-$VERSION
cd ..

38
lam-packaging/debian/changelog
View File

@ -1,43 +1,7 @@
ldap-account-manager (7.3.RC1-1) unstable; urgency=medium
* new upstream release
-- Roland Gruber <post@rolandgruber.de> Mon, 10 Aug 2020 19:25:33 +0200
ldap-account-manager (7.2-1) unstable; urgency=medium
* new upstream release
-- Roland Gruber <post@rolandgruber.de> Fri, 01 May 2020 08:04:56 +0200
ldap-account-manager (7.1-1) unstable; urgency=medium
* new upstream release
-- Roland Gruber <post@rolandgruber.de> Mon, 16 Mar 2020 21:24:23 +0100
ldap-account-manager (7.0-1) unstable; urgency=medium
* new upstream release
-- Roland Gruber <post@rolandgruber.de> Sat, 21 Dec 2019 19:53:45 +0100
ldap-account-manager (6.9-1) unstable; urgency=medium
* new upstream release
-- Roland Gruber <post@rolandgruber.de> Sun, 29 Sep 2019 09:12:37 +0200
ldap-account-manager (6.8-1) unstable; urgency=medium
* new upstream release
-- Roland Gruber <post@rolandgruber.de> Tue, 02 Jul 2019 12:26:45 +0200
ldap-account-manager (6.7-1) unstable; urgency=medium
* new upstream release
* Fix "Depends on tcpdf which is considered unfit for buster" removed
* Fix "Depends on tcpdf which is considered unfit for buster" removed
dependency and embedded required parts (Closes: #923736)
-- Roland Gruber <post@rolandgruber.de> Mon, 25 Mar 2019 17:21:36 +0100

19
lam-packaging/debian/control
View File

@ -2,26 +2,25 @@ Source: ldap-account-manager
Maintainer: Roland Gruber <post@rolandgruber.de>
Section: web
Priority: optional
Standards-Version: 4.5.0
Standards-Version: 4.3.0
Build-Depends: debhelper (>= 9), po-debconf, cleancss, node-uglify
Homepage: https://www.ldap-account-manager.org/
Package: ldap-account-manager
Architecture: all
Depends: php (>= 7), php-ldap,
php-gd | php-imagick,
php-json, php-curl,
php-zip, php-xml, php-gmp,
libapache2-mod-php | libapache2-mod-fcgid | php-fpm,
Depends: php5 (>= 5.4.26) | php (>= 7), php5-ldap | php-ldap,
php5-gd | php-gd | php5-imagick | php-imagick,
php5-json | php-json, php5-curl | php-curl,
php5 | php-zip, php5 | php-xml,
libapache2-mod-php5 | libapache2-mod-php | libapache2-mod-fcgid | php5-fpm | php-fpm,
php-phpseclib (>= 2.0), php-monolog,
apache2 (>= 2.4.0) | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
Recommends: php-opcache
Suggests: ldap-server, php-mcrypt, ldap-account-manager-lamdaemon, perl
Conflicts: libapache2-mod-php5, php5, php5-fpm
Recommends: php-apc | php-opcache
Suggests: ldap-server, php5-mcrypt | php-mcrypt, ldap-account-manager-lamdaemon, perl
Description: webfrontend for managing accounts in an LDAP directory
LDAP Account Manager (LAM) runs on an existing webserver.
It manages user, group and host accounts. Currently LAM
supports these account types: Samba 3/4, Unix, Kolab,
supports these account types: Samba 3/4, Unix, Kolab 2/3,
address book entries, NIS mail aliases and MAC addresses.
There is an integrated LDAP browser to allow access to the
raw LDAP attributes. You can use templates

622
lam-packaging/debian/copyright
View File

@ -1,4 +1,4 @@
This software is copyright (c) 2003 - 2020 by Roland Gruber
This software is copyright (c) 2003 - 2019 by Roland Gruber
If you purchased a copy of LDAP Account Manager Pro then the following
files are licensed under the conditions which you accepted at purchase
@ -87,6 +87,7 @@ The complete license can be found in the file COPYING or in
Some parts of this package have other, compatible licences. These are:
A:
DejaVu Fonts — License
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
@ -177,9 +178,7 @@ A:
Software without prior written authorization from Tavmjong Bah. For further
information, contact: tavmjong @ free . fr.
B:
MIT License
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
@ -200,9 +199,7 @@ B:
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
C:
New BSD License
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
@ -225,8 +222,8 @@ C:
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
D:
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
@ -394,599 +391,28 @@ D:
Library.
E:
Duo
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
F:
3-Clause BSD License
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
G:
2-Clause BSD License
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
H:
GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License, version 2, hence
the version number 2.1.]
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
Licenses are intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some
specially designated software packages--typically libraries--of the
Free Software Foundation and other authors who decide to use it. You
can use it too, but we suggest you first think carefully about whether
this license or the ordinary General Public License is the better
strategy to use in any particular case, based on the explanations below.
When we speak of free software, we are referring to freedom of use,
not price. Our General Public Licenses are designed to make sure that
you have the freedom to distribute copies of free software (and charge
for this service if you wish); that you receive source code or can get
it if you want it; that you can change the software and use pieces of
it in new free programs; and that you are informed that you can do
these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis
or for a fee, you must give the recipients all the rights that we gave
you. You must make sure that they, too, receive or can get the source
code. If you link other code with the library, you must provide
complete object files to the recipients, so that they can relink them
with the library after making changes to the library and recompiling
it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that
there is no warranty for the free library. Also, if the library is
modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be
introduced by others.
Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a
restrictive license from a patent holder. Therefore, we insist that
any patent license obtained for a version of the library must be
consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the
ordinary GNU General Public License. This license, the GNU Lesser
General Public License, applies to certain designated libraries, and
is quite different from the ordinary General Public License. We use
this license for certain libraries in order to permit linking those
libraries into non-free programs.
When a program is linked with a library, whether statically or using
a shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library. The ordinary
General Public License therefore permits such linking only if the
entire combination fits its criteria of freedom. The Lesser General
Public License permits more lax criteria for linking other code with
the library.
We call this license the "Lesser" General Public License because it
does Less to protect the user's freedom than the ordinary General
Public License. It also provides other free software developers Less
of an advantage over competing non-free programs. These disadvantages
are the reason we use the ordinary General Public License for many
libraries. However, the Lesser license provides advantages in certain
special circumstances.
For example, on rare occasions, there may be a special need to
encourage the widest possible use of a certain library, so that it becomes
a de-facto standard. To achieve this, non-free programs must be
allowed to use the library. A more frequent case is that a free
library does the same job as widely used non-free libraries. In this
case, there is little to gain by limiting the free library to free
software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of
free software. For example, permission to use the GNU C Library in
non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other
program which contains a notice placed by the copyright holder or
other authorized party saying it may be distributed under the terms of
this Lesser General Public License (also called "this License").
Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs
(which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work
which has been distributed under these terms. A "work based on the
Library" means either the Library or any derivative work under
copyright law: that is to say, a work containing the Library or a
portion of it, either verbatim or with modifications and/or translated
straightforwardly into another language. (Hereinafter, translation is
included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for
making modifications to it. For a library, complete source code means
all the source code for all modules it contains, plus any associated
interface definition files, plus the scripts used to control compilation
and installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running a program using the Library is not restricted, and output from
such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
appropriate copyright notice and disclaimer of warranty; keep intact
all the notices that refer to this License and to the absence of any
warranty; and distribute a copy of this License along with the
Library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) The modified work must itself be a software library.
b) You must cause the files modified to carry prominent notices
stating that you changed the files and the date of any change.
c) You must cause the whole of the work to be licensed at no
charge to all third parties under the terms of this License.
d) If a facility in the modified Library refers to a function or a
table of data to be supplied by an application program that uses
the facility, other than as an argument passed when the facility
is invoked, then you must make a good faith effort to ensure that,
in the event an application does not supply such function or
table, the facility still operates, and performs whatever part of
its purpose remains meaningful.
(For example, a function in a library to compute square roots has
a purpose that is entirely well-defined independent of the
application. Therefore, Subsection 2d requires that any
application-supplied function or table used by this function must
be optional: if the application does not supply it, the square
root function must still compute square roots.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Library,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Library, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Library.
In addition, mere aggregation of another work not based on the Library
with the Library (or with a work based on the Library) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public
License instead of this License to a given copy of the Library. To do
this, you must alter all the notices that refer to this License, so
that they refer to the ordinary GNU General Public License, version 2,
instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in
these notices.
Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of
the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or
derivative of it, under Section 2) in object code or executable form
under the terms of Sections 1 and 2 above provided that you accompany
it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange.
If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the
Library, but is designed to work with the Library by being compiled or
linked with it, is called a "work that uses the Library". Such a
work, in isolation, is not a derivative work of the Library, and
therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library
creates an executable that is a derivative of the Library (because it
contains portions of the Library), rather than a "work that uses the
library". The executable is therefore covered by this License.
Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file
that is part of the Library, the object code for the work may be a
derivative work of the Library even though the source code is not.
Whether this is true is especially significant if the work can be
linked without the Library, or if the work is itself a library. The
threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data
structure layouts and accessors, and small macros and small inline
functions (ten lines or less in length), then the use of the object
file is unrestricted, regardless of whether it is legally a derivative
work. (Executables containing this object code plus portions of the
Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may
distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work
under terms of your choice, provided that the terms permit
modification of the work for the customer's own use and reverse
engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the
Library is used in it and that the Library and its use are covered by
this License. You must supply a copy of this License. If the work
during execution displays copyright notices, you must include the
copyright notice for the Library among them, as well as a reference
directing the user to the copy of this License. Also, you must do one
of these things:
a) Accompany the work with the complete corresponding
machine-readable source code for the Library including whatever
changes were used in the work (which must be distributed under
Sections 1 and 2 above); and, if the work is an executable linked
with the Library, with the complete machine-readable "work that
uses the Library", as object code and/or source code, so that the
user can modify the Library and then relink to produce a modified
executable containing the modified Library. (It is understood
that the user who changes the contents of definitions files in the
Library will not necessarily be able to recompile the application
to use the modified definitions.)
b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a
copy of the library already present on the user's computer system,
rather than copying library functions into the executable, and (2)
will operate properly with a modified version of the library, if
the user installs one, as long as the modified version is
interface-compatible with the version that the work was made with.
c) Accompany the work with a written offer, valid for at
least three years, to give the same user the materials
specified in Subsection 6a, above, for a charge no more
than the cost of performing this distribution.
d) If distribution of the work is made by offering access to copy
from a designated place, offer equivalent access to copy the above
specified materials from the same place.
e) Verify that the user has already received a copy of these
materials or that you have already sent this user a copy.
For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it. However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
It may happen that this requirement contradicts the license
restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you
distribute.
7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined
library, provided that the separate distribution of the work based on
the Library and of the other library facilities is otherwise
permitted, and provided that you do these two things:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities. This must be distributed under the terms of the
Sections above.
b) Give prominent notice with the combined library of the fact
that part of it is a work based on the Library, and explaining
where to find the accompanying uncombined form of the same work.
8. You may not copy, modify, sublicense, link with, or distribute
the Library except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense, link with, or
distribute the Library is void, and will automatically terminate your
rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses
terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Library or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Library (or any work based on the
Library), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the
Library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the Library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Library at all. For example, if a patent
license would not permit royalty-free redistribution of the Library by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply,
and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Library under this License may add
an explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
13. The Free Software Foundation may publish revised and/or new
versions of the Lesser General Public License from time to time.
Such new versions will be similar in spirit to the present version,
but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by
the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is
copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status
of all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
Programs and licenses with other licenses and/or authors than the
main license and authors:
lib/3rdParty/composer/beberlei G 2013 Benjamin Eberlei
lib/3rdParty/composer/composer B Nils Adermann, Jordi Boggiano
lib/3rdParty/composer/fgrosse B 2015 Friedrich Große
lib/3rdParty/composer/nyholm B 2016 Tobias Nyholm
lib/3rdParty/composer/paragonie B 2015 Paragon Initiative Enterprises
lib/3rdParty/composer/pear-pear.horde.org/Horde_Crypt_Blowfish H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Exception H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Idna G
lib/3rdParty/composer/pear-pear.horde.org/Horde_Imap_Client H
lib/3rdParty/composer/pear-pear.horde.org/Horde_ListHeaders H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mail G
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mime H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Secret H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Socket_Client H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Filter H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Wrapper G
lib/3rdParty/composer/pear-pear.horde.org/Horde_Support G
lib/3rdParty/composer/pear-pear.horde.org/Horde_Text_Flowed H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Translation H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Util H
lib/3rdParty/composer/php-http B 2015 PHP HTTP Team
lib/3rdParty/composer/phpmailer H
lib/3rdParty/composer/psr B 2018 PHP Framework Interoperability Group
lib/3rdParty/composer/ramsey B 2018 Ben Ramsey
lib/3rdParty/composer/spomky-labs B 2018 Spomky-Labs
lib/3rdParty/composer/symfony B 2019 Fabien Potencier
lib/3rdParty/composer/web-auth B 2018 Spomky-Labs
lib/3rdParty/tcpdf D 2020 Nicola Asuni - Tecnick.com LTD
lib/3rdParty/tcpdf/fonts/dejavu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
lib/3rdParty/phpseclib B 2019 TerraFrost and other contributors
lib/3rdParty/Monolog B 2011 Jordi Boggiano
lib/3rdParty/Psr B 2012 PHP Framework Interoperability Group
lib/3rdParty/yubico/Yubico.php C 2015 Yubico AB
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
style/150_jquery-dropmenu*.css B 2010 Fred Heusschen
templates/lib/*jquery-fineuploader-*.js B 2010 Andrew Valums
style/150_jquery-fineuploader*.css B 2010 Andrew Valums
templates/lib/*jquery-validationEngine-*.js B 2010 Cedric Dugas and Olivier Refalo
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
style/600_cropper*.css B 2018 Chen Fengyuan
templates/lib/extra/duo/*.js E 2019 Duo Security
lib/3rdParty/duo/*.php E 2019 Duo Security
graphics/webauthn.svg F 2017 Duo Security, Inc.
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
style/610_magnific-popup.css B 2016 Dmitry Semenov
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
style/responsive/110_grid.css B
lib/3rdParty/tcpdf D 2018 Nicola Asuni - Tecnick.com LTD
lib/3rdParty/tcpdf/fonts/DejaVu*.ttf A Public Domain, Bitstream, Inc., Tavmjong Bah
lib/3rdParty/tcpdf/fonts/DejaVu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
lib/3rdParty/phpseclib B Jim Wigginton
lib/3rdParty/Monolog B 2011 Jordi Boggiano
lib/3rdParty/Psr B 2012 PHP Framework Interoperability Group
lib/3rdParty/yubico/Yubico.php C 2015 Yubico AB
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
style/150_jquery-dropmenu*.css B 2010 Fred Heusschen
templates/lib/*jquery-fineuploader-*.js B 2010 Andrew Valums
style/150_jquery-fineuploader*.css B 2010 Andrew Valums
templates/lib/*jquery-validationEngine-*.js B 2010 Cedric Dugas and Olivier Refalo
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
style/600_cropper*.css B 2018 Chen Fengyuan
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
style/610_magnific-popup.css B 2016 Dmitry Semenov
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
style/responsive/110_grid.css B

2
lam-packaging/debian/minify
View File

@ -17,7 +17,7 @@ fi
files=`ls style/*.css`
outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css
if [ ! -e $outFile ]; then
cat $files | cleancss --skip-rebase -o ${outFile}
cat $files | cleancss -o ${outFile}
rm $files
# add final new line to supress Debian warnings
echo "" >> $outFile

26
lam-packaging/debian/postinst
View File

@ -36,15 +36,12 @@ files=`ls -a *.jpg`
for file in $files; do
cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
done
if [ ! -h /usr/share/ldap-account-manager/config ]; then
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
fi
if [ ! -h /usr/share/ldap-account-manager/sess ]; then
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
fi
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
fi
if [ ! -h /usr/share/ldap-account-manager/config ]; then\
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi
if [ ! -h /usr/share/ldap-account-manager/sess ]; then\
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi
chown www-data /etc/ldap-account-manager/config.cfg
chmod 600 /etc/ldap-account-manager/config.cfg
chown www-data /var/lib/ldap-account-manager/sess
@ -54,14 +51,9 @@ chown www-data /var/lib/ldap-account-manager/tmp/internal
chmod 700 /var/lib/ldap-account-manager/tmp
chown -R www-data /var/lib/ldap-account-manager/config
chmod 700 /var/lib/ldap-account-manager/config
set +e
ls -l /var/lib/ldap-account-manager/config/*.conf &> /dev/null
cfgFilesExist=$?
set -e
if [ $cfgFilesExist -ne 0 ]; then
cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf
chown www-data /var/lib/ldap-account-manager/config/lam.conf
fi
if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \
then cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf; \
chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi
chmod 600 /var/lib/ldap-account-manager/config/*.conf
if [ "$1" = "configure" ]; then
db_get "ldap-account-manager/alias"

1
lam-packaging/debian/preinst
View File

@ -14,4 +14,3 @@ for phpThirdPartyLib in $phpThirdPartyLibs; do
fi
done
#DEBHELPER#

3
lam-packaging/debian/rules
View File

@ -23,7 +23,6 @@ install:
install -D --mode=644 index.html debian/ldap-account-manager/usr/share/ldap-account-manager/index.html
install -D --mode=644 VERSION debian/ldap-account-manager/usr/share/ldap-account-manager/VERSION
install -D --mode=644 pwa_worker.js debian/ldap-account-manager/usr/share/ldap-account-manager/pwa_worker.js
install -D --mode=644 tmp/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/.htaccess
install -D --mode=644 tmp/internal/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/internal/.htaccess
install -D --mode=644 config/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/config/.htaccess
@ -47,10 +46,8 @@ install:
# 3rd party libs are linked
install -d --mode=755 debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty
cp -r lib/3rdParty/composer debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
cp -r lib/3rdParty/yubico debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
cp -r lib/3rdParty/tcpdf debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
cp -r lib/3rdParty/duo debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
cp -r locale debian/ldap-account-manager/usr/share/ldap-account-manager/
install -D --mode=644 sess/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/sess/.htaccess

36
lam-packaging/docker/.env
View File

@ -1,36 +0,0 @@
#
# LAM setup
#
# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false)
# If set to false the other variables below have no effect.
LAM_SKIP_PRECONFIGURE=false
# domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_DOMAIN=my-domain.com
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_BASE_DN=dc=my-domain,dc=com
# LDAP users DN to overwrite value provided by LDAP_BASE_DN
LDAP_USERS_DN=ou=people,dc=my-domain,dc=com
# LDAP groups DN to overwrite value provided by LDAP_BASE_DN
LDAP_GROUPS_DN=ou=groups,dc=my-domain,dc=com
# LDAP server URL
LDAP_SERVER=ldap://ldap:389
# LDAP admin user (set as login user for LAM)
LDAP_USER=cn=admin,dc=my-domain,dc=com
# default language, e.g. en_US, de_DE, fr_FR, ...
LAM_LANG=en_US
# LAM configuration master password and password for server profile "lam"
LAM_PASSWORD=lam
# deactivate TLS certificate checks, activate for development only
LAM_DISABLE_TLS_CHECK=false
#
# docker-compose only, LDAP server setup
#
# LDAP organisation name for OpenLDAP
LDAP_ORGANISATION="LDAP Account Manager Demo"
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw
# password for LDAP read-only user
LDAP_READONLY_USER_PASSWORD=readonlypw

88
lam-packaging/docker/Dockerfile
View File

@ -2,7 +2,7 @@
# Docker image for LDAP Account Manager
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
# Copyright (C) 2019 - 2020 Roland Gruber
# Copyright (C) 2019 Roland Gruber
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -23,90 +23,34 @@
#
# Then access LAM at http://localhost:8080/
# You can change the port 8080 if needed.
# See possible environment variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
#
FROM debian:buster-slim
LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
FROM debian:stretch
MAINTAINER Roland Gruber <post@rolandgruber.de>
ARG LAM_RELEASE=7.3.RC1
EXPOSE 80
ARG LAM_RELEASE=6.6
ENV \
DEBIAN_FRONTEND=noninteractive \
DEBUG=''
# update OS
RUN apt-get update \
&& apt-get upgrade -y
RUN apt-get update && \
apt-get upgrade -y
# install locales
RUN apt-get install -y locales
RUN sed -i 's/^# *\(ca_ES.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(cz_CZ.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(de_DE.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(en_GB.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(es_ES.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(fr_FR.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(it_IT.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(hu_HU.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(nl_NL.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(pl_PL.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(pt_BR.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(ru_RU.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(sk_SK.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(tr_TR.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(uk_UA.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(ja_JP.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(zh_TW.UTF-8\)/\1/' /etc/locale.gen && \
sed -i 's/^# *\(zh_CN.UTF-8\)/\1/' /etc/locale.gen && \
locale-gen
RUN apt-get install --no-install-recommends -y \
apache2 \
ca-certificates \
dumb-init \
fonts-dejavu \
libapache2-mod-php \
php \
php-curl \
php-gd \
php-imagick \
php-ldap \
php-monolog \
php-phpseclib \
php-xml \
php-zip \
php-imap \
php-gmp \
wget \
&& \
rm /etc/apache2/sites-enabled/*default* && \
rm -rf /var/cache/apt /var/lib/apt/lists/*
# install requirements
RUN apt-get install -y wget apache2 libapache2-mod-php php php-ldap php-zip php-xml php-curl php-gd php-imagick php-mcrypt php-tcpdf php-phpseclib fonts-dejavu
# install LAM
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \
-O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \
&& dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
# redirect Apache logging
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
# because there is no logging set in the lam vhost logging goes to other_vhost_access.log
RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
# cleanup
RUN apt-get autoremove -y && apt-get clean all \
&& rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \
&& rm /etc/apache2/sites-enabled/*default*
# add redirect for /
RUN a2enmod rewrite
RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
&& echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
COPY start.sh /usr/local/bin/start.sh
WORKDIR /var/lib/ldap-account-manager/config
# start Apache when container starts
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD [ "/usr/local/bin/start.sh" ]
ENTRYPOINT service apache2 start && sleep infinity
HEALTHCHECK --interval=1m --timeout=10s \
CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>'

42
lam-packaging/docker/docker-compose.yml
View File

@ -1,42 +0,0 @@
version: '3.5'
services:
ldap-account-manager:
build:
context: .
image: ldapaccountmanager/lam:7.3.RC1
restart: unless-stopped
ports:
- "8080:80"
volumes:
- lametc/:/etc/ldap-account-manager
- lamconfig/:/var/lib/ldap-account-manager/config
- lamsession/:/var/lib/ldap-account-manager/sess
environment:
- LAM_PASSWORD=${LAM_PASSWORD}
- LAM_LANG=en_US
- LDAP_SERVER=${LDAP_SERVER}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
- DEBUG=true
ldap:
image: osixia/openldap:latest
restart: unless-stopped
environment:
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
command: "--loglevel info --copy-service"
volumes:
- ldap:/var/lib/ldap
- slapd:/etc/ldap/slapd.d
volumes:
lametc:
lamconfig:
lamsession:
ldap:
slapd:

66
lam-packaging/docker/start.sh
View File

@ -1,66 +0,0 @@
#!/bin/bash
#
# Docker start script for LDAP Account Manager
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
# Copyright (C) 2019 Felix Bartels
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
if [ "${LAM_DISABLE_TLS_CHECK:-}" == "true" ]; then
ln -s /etc/ldap/ldap.conf /etc/ldap.conf
echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf
fi
LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}"
if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_USERS_DN="${LDAP_USERS_DN:-${LDAP_BASE_DN}}"
LDAP_GROUPS_DN="${LDAP_GROUPS_DN:-${LDAP_BASE_DN}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
EOF
unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|;
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_USERS_DN}|;
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_GROUPS_DN}|;
EOF
fi
echo "Starting Apache"
rm -f /run/apache2/apache2.pid
set +u
# shellcheck disable=SC1091
source /etc/apache2/envvars
exec /usr/sbin/apache2 -DFOREGROUND

90
lam/HISTORY
View File

@ -1,78 +1,3 @@
September 2020
- PHP 7.4 compatibility
- Configuration export and import
- Server profiles support to specify a part of the DN to hide
- Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2)
- Better error messages on login when account is expired/deactivated/...
- Personal/Windows: photo can be uploaded via webcam
- Windows users: group display format can be configured (cn/dn)
- LAM Pro:
-> Windows: new cron job to send users a summary of their managed groups
- Fixed bugs:
-> Unix groups: memberUid was not deleted correctly when forced sync with group of names is active
01.05.2020 7.2
- Unix: allow to create group with same name during user creation
- LAM Pro:
-> EMail sending can be done via SMTP without local mail server
-> License expiration warning can be sent via email or disabled
- Fixed bugs:
-> Captcha don't show anymore in Self Service login page (213)
-> Unix memberships cannot be changed. This issue can also affect other membership relations.
-> Missing locales on Docker image
17.03.2020 7.1
- PHP 7 required
- WebAuthn/FIDO2 support for 2-factor-authentication (requires PHP 7.2)
- IMAP: changed library to support latest TLS versions
- Personal: support display name (hidden by default in server profile)
- Windows users: support allowed workstations, more profile options
- Reactivated Polish translation
- LAM Pro:
-> PPolicy: support for password check module
-> Windows AD LDS support (users and groups)
-> User self registration: support Active Directory/Samba4
21.12.2019 7.0
- Lamdaemon can be configured with directory prefix for homedirs
- Account list filters match on substrings instead of whole value
- YubiKey: support to configure multiple verification servers
- Windows hosts: added last password change and last login
- Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish
Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included).
- Docker updates
- Fixed bugs:
-> Missing CSS for Duo
-> Editing of DNs with comma on Windows (210)
29.09.2019 6.9
- Group account types can show member+owner count in list view
- 2-factor authentication:
-> Duo support
-> user name attribute for privacyIDEA can be specified
- LAM Pro:
-> New self service settings for login and main page footer
-> Custom fields: custom labels for LDAP search select list
- Fixed bugs:
-> Configuration issue with Unix user/host module (206)
02.07.2019 6.8
- Parallel editing of multiple entries in different browser tabs supported
- LAM supports the progressive web app standard which allows to install LAM as an icon on home screen
- Windows: added home drive and force password change to profile editor
- Unix: password management can be disabled in module settings
- LAM Pro:
-> Bind DLZ: entry table can show record data (use special attribute "#records" in server profile)
-> Self service: support legacy attribute "email" for password self reset and user self registration
- Fixed bugs:
-> Users: No drop-down filter box for account status (200)
-> Custom fields: Account type "Groups" not saving/deleting fields (66)
25.03.2019 6.7
- Added YubiKey as 2-factor authentication provider
- Support logging to remote syslog server
@ -90,7 +15,6 @@ September 2020
- Fixed bugs:
-> Allow tree-only configurations without any other tab
28.12.2018 6.6
- New import/export in tools menu
- YubiKey support
@ -338,7 +262,7 @@ September 2020
- LAM Pro:
-> Password self reset and user self registration support to set a header text
-> Sudo roles: support latest schema
-> Bind DLZ: automatic PTR management (disabled by default) and better formatting of e.g. TTL values
-> Bind DLZ: automatic PTR management (disabled by default) and better formating of e.g. TTL values
18.03.2014 4.5
@ -530,7 +454,7 @@ September 2020
-> support to read user name from uid attribute
-> added quota management
- Personal: added additional options for account profiles
- Mail aliases: sort recipients (RFE 3170336)
- Mail aliases: sort receipients (RFE 3170336)
- Asterisk: support all attributes (can be disabled in configuration)
- Samba 3/Shadow: allow to sync expiration date (RFE 3147751)
- LAM Pro:
@ -657,7 +581,7 @@ September 2020
21.01.2009 2.5.0
- LAM Pro:
-> supports rfc2307bis schema for Unix groups (RFE 2111694)
-> added alias management (object classes alias + uidObject) (RFE 1912779)
-> added alias manangement (object classes alias + uidObject) (RFE 1912779)
- Shadow: module is now optional when creating new accounts
- Kolab:
-> account extension is now optional
@ -846,7 +770,7 @@ September 2020
- security: LAM checks the session id and client IP
- fixed bugs:
-> Samba 3: hash values were wrong in some rare cases (1440021)
-> Samba 3: re-added time zone selection for logon hours (1407761)
-> Samba 3: readded time zone selection for logon hours (1407761)
-> Unix: call of unknown function (1450464)
@ -983,7 +907,7 @@ September 2020
-> dynamic configuration options (based on modules)
- all pages in UTF-8
- added developer documentation
- PHPDoc formatted comments
- PHPDoc formated comments
- new plugin for managing MAC addresses (RFE 926017)
- new plugin for managing NIS mail aliases (RFE 1050036)
- new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137)
@ -1045,7 +969,7 @@ September 2020
if magic_quotes_gpc in php.ini is was set to "Off", several pages did not work
some smaller bugs in mass upload
Samba hash values for hosts were not correct
Unix passwords could be disabled but not re-enabled
Unix passwords could be disabled but not reenabled
fixed problem with eval() in status.inc (894433)
@ -1068,7 +992,7 @@ September 2020
- better error handling at login
- support spaces in DNs
- PDF text for users
- create missing OUs recursively
- create missing OUs recursivly
- fixed bugs:
SMD5 passwords were wrong
primaryGroupSID wrong if SID has no relation to Algorithmic RID Base

9
lam/README
View File

@ -3,16 +3,19 @@ LAM - Readme
============
LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
directory. LAM runs on any webserver with PHP7 support and connects to your
directory. LAM runs on any webserver with PHP5 support and connects to your
LDAP server unencrypted or via SSL/TLS.
Currently LAM supports these account types: Samba 3/4, Unix, Kolab,
Currently LAM supports these account types: Samba 3/4, Unix, Kolab 2,
address book entries, NIS mail aliases and MAC addresses. There is a tree
viewer included to allow access to the raw LDAP attributes. You can use
templates for account creation and use multiple configuration profiles.
LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech,
Dutch, English, French, German, Hungarian, Italian, Japanese, Polish,
Portuguese, Russian, Slovak, Spanish, Turkish and Ukrainian.
https://www.ldap-account-manager.org/
Copyright (C) 2003 - 2020 Roland Gruber <post@rolandgruber.de>
Copyright (C) 2003 - 2019 Roland Gruber <post@rolandgruber.de>
Installation and documentation:
Please see the LAM manual in docs/manual/index.html.

2
lam/VERSION
View File

@ -1 +1 @@
7.3.RC1
6.7

3
lam/codespell.sh
View File

@ -1,3 +0,0 @@
#!/bin/bash
~/.local/bin/codespell --skip '*3rdParty*,*/ckeditor/*,*/po/*,*/locale/*,tmp,sess,config,graphics,*/style/images/*,*/style/*.gif,*/style/*.png,*/docs/manual-onePage/*,*/docs/manual-sources/images/*,*/templates/lib/*jquery*,*~,*/docs/phpdoc/*,*/docs/manual/*,*/docs/devel/images/*,*/docs/manual-pdf/*,*.sh,*/cropper.js,*/lib/extra/duo/*' --ignore-words-list "tim,te,pres,files'"

18
lam/composer.json
View File

@ -1,18 +0,0 @@
{
"config": {
"vendor-dir": "lib/3rdParty/composer"
},
"repositories": [
{
"type": "pear",
"url": "https://pear.horde.org"
}
],
"require" : {
"web-auth/webauthn-lib" : "2.1.7",
"symfony/http-foundation" : "5.0.7",
"symfony/psr-http-message-bridge" : "1.3.0",
"pear-pear.horde.org/Horde_Imap_Client" : "2.30.1",
"phpmailer/phpmailer": "~6.1"
}
}

1804
lam/composer.lock generated
View File

File diff suppressed because it is too large Load Diff

1
lam/config/.gitignore vendored
View File

@ -3,4 +3,3 @@ config.cfg
/serverCerts.pem
/pdf/
/profiles/
*.sqlite

8
lam/config/language
View File

@ -6,10 +6,10 @@
# the second is the character encoding and the third the language name.
# Catalan
# ca_ES.utf8:UTF-8:Català (Catalunya)
ca_ES.utf8:UTF-8:Català (Catalunya)
# Czech
# cs_CZ.utf8:UTF-8:Čeština (Česko)
cs_CZ.utf8:UTF-8:Čeština (Česko)
# German
de_DE.utf8:UTF-8:Deutsch (Deutschland)
@ -30,7 +30,7 @@ fr_FR.utf8:UTF-8:Français (France)
it_IT.utf8:UTF-8:Italiano (Italia)
# Hungarian
# hu_HU.utf8:UTF-8:Magyar (Magyarország)
hu_HU.utf8:UTF-8:Magyar (Magyarország)
# Dutch
nl_NL.utf8:UTF-8:Nederlands (Nederland)
@ -48,7 +48,7 @@ ru_RU.utf8:UTF-8:Русский (Россия)
sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
# Turkish
# tr_TR.utf8:UTF-8:Türkçe (Türkiye)
tr_TR.utf8:UTF-8:Türkçe (Türkiye)
# Ukrainian
uk_UA.utf8:UTF-8:Українська (Україна)

622
lam/copyright
View File

@ -1,4 +1,4 @@
This software is copyright (c) 2003 - 2020 by Roland Gruber
This software is copyright (c) 2003 - 2019 by Roland Gruber
If you purchased a copy of LDAP Account Manager Pro then the following
files are licensed under the conditions which you accepted at purchase
@ -86,6 +86,7 @@ The complete license can be found in the file COPYING.
Some parts of this package have other, compatible licences. These are:
A:
DejaVu Fonts — License
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
@ -176,9 +177,7 @@ A:
Software without prior written authorization from Tavmjong Bah. For further
information, contact: tavmjong @ free . fr.
B:
MIT License
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
@ -199,9 +198,7 @@ B:
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
C:
New BSD License
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
@ -224,8 +221,8 @@ C:
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
D:
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
@ -393,599 +390,28 @@ D:
Library.
E:
Duo
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
F:
3-Clause BSD License
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
G:
2-Clause BSD License
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
H:
GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License, version 2, hence
the version number 2.1.]
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
Licenses are intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some
specially designated software packages--typically libraries--of the
Free Software Foundation and other authors who decide to use it. You
can use it too, but we suggest you first think carefully about whether
this license or the ordinary General Public License is the better
strategy to use in any particular case, based on the explanations below.
When we speak of free software, we are referring to freedom of use,
not price. Our General Public Licenses are designed to make sure that
you have the freedom to distribute copies of free software (and charge
for this service if you wish); that you receive source code or can get
it if you want it; that you can change the software and use pieces of
it in new free programs; and that you are informed that you can do
these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis
or for a fee, you must give the recipients all the rights that we gave
you. You must make sure that they, too, receive or can get the source
code. If you link other code with the library, you must provide
complete object files to the recipients, so that they can relink them
with the library after making changes to the library and recompiling
it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that
there is no warranty for the free library. Also, if the library is
modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be
introduced by others.
Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a
restrictive license from a patent holder. Therefore, we insist that
any patent license obtained for a version of the library must be
consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the
ordinary GNU General Public License. This license, the GNU Lesser
General Public License, applies to certain designated libraries, and
is quite different from the ordinary General Public License. We use
this license for certain libraries in order to permit linking those
libraries into non-free programs.
When a program is linked with a library, whether statically or using
a shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library. The ordinary
General Public License therefore permits such linking only if the
entire combination fits its criteria of freedom. The Lesser General
Public License permits more lax criteria for linking other code with
the library.
We call this license the "Lesser" General Public License because it
does Less to protect the user's freedom than the ordinary General
Public License. It also provides other free software developers Less
of an advantage over competing non-free programs. These disadvantages
are the reason we use the ordinary General Public License for many
libraries. However, the Lesser license provides advantages in certain
special circumstances.
For example, on rare occasions, there may be a special need to
encourage the widest possible use of a certain library, so that it becomes
a de-facto standard. To achieve this, non-free programs must be
allowed to use the library. A more frequent case is that a free
library does the same job as widely used non-free libraries. In this
case, there is little to gain by limiting the free library to free
software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of
free software. For example, permission to use the GNU C Library in
non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other
program which contains a notice placed by the copyright holder or
other authorized party saying it may be distributed under the terms of
this Lesser General Public License (also called "this License").
Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs
(which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work
which has been distributed under these terms. A "work based on the
Library" means either the Library or any derivative work under
copyright law: that is to say, a work containing the Library or a
portion of it, either verbatim or with modifications and/or translated
straightforwardly into another language. (Hereinafter, translation is
included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for
making modifications to it. For a library, complete source code means
all the source code for all modules it contains, plus any associated
interface definition files, plus the scripts used to control compilation
and installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running a program using the Library is not restricted, and output from
such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
appropriate copyright notice and disclaimer of warranty; keep intact
all the notices that refer to this License and to the absence of any
warranty; and distribute a copy of this License along with the
Library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) The modified work must itself be a software library.
b) You must cause the files modified to carry prominent notices
stating that you changed the files and the date of any change.
c) You must cause the whole of the work to be licensed at no
charge to all third parties under the terms of this License.
d) If a facility in the modified Library refers to a function or a
table of data to be supplied by an application program that uses
the facility, other than as an argument passed when the facility
is invoked, then you must make a good faith effort to ensure that,
in the event an application does not supply such function or
table, the facility still operates, and performs whatever part of
its purpose remains meaningful.
(For example, a function in a library to compute square roots has
a purpose that is entirely well-defined independent of the
application. Therefore, Subsection 2d requires that any
application-supplied function or table used by this function must
be optional: if the application does not supply it, the square
root function must still compute square roots.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Library,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Library, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Library.
In addition, mere aggregation of another work not based on the Library
with the Library (or with a work based on the Library) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public
License instead of this License to a given copy of the Library. To do
this, you must alter all the notices that refer to this License, so
that they refer to the ordinary GNU General Public License, version 2,
instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in
these notices.
Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of
the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or
derivative of it, under Section 2) in object code or executable form
under the terms of Sections 1 and 2 above provided that you accompany
it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange.
If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the
Library, but is designed to work with the Library by being compiled or
linked with it, is called a "work that uses the Library". Such a
work, in isolation, is not a derivative work of the Library, and
therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library
creates an executable that is a derivative of the Library (because it
contains portions of the Library), rather than a "work that uses the
library". The executable is therefore covered by this License.
Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file
that is part of the Library, the object code for the work may be a
derivative work of the Library even though the source code is not.
Whether this is true is especially significant if the work can be
linked without the Library, or if the work is itself a library. The
threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data
structure layouts and accessors, and small macros and small inline
functions (ten lines or less in length), then the use of the object
file is unrestricted, regardless of whether it is legally a derivative
work. (Executables containing this object code plus portions of the
Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may
distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work
under terms of your choice, provided that the terms permit
modification of the work for the customer's own use and reverse
engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the
Library is used in it and that the Library and its use are covered by
this License. You must supply a copy of this License. If the work
during execution displays copyright notices, you must include the
copyright notice for the Library among them, as well as a reference
directing the user to the copy of this License. Also, you must do one
of these things:
a) Accompany the work with the complete corresponding
machine-readable source code for the Library including whatever
changes were used in the work (which must be distributed under
Sections 1 and 2 above); and, if the work is an executable linked
with the Library, with the complete machine-readable "work that
uses the Library", as object code and/or source code, so that the
user can modify the Library and then relink to produce a modified
executable containing the modified Library. (It is understood
that the user who changes the contents of definitions files in the
Library will not necessarily be able to recompile the application
to use the modified definitions.)
b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a
copy of the library already present on the user's computer system,
rather than copying library functions into the executable, and (2)
will operate properly with a modified version of the library, if
the user installs one, as long as the modified version is
interface-compatible with the version that the work was made with.
c) Accompany the work with a written offer, valid for at
least three years, to give the same user the materials
specified in Subsection 6a, above, for a charge no more
than the cost of performing this distribution.
d) If distribution of the work is made by offering access to copy
from a designated place, offer equivalent access to copy the above
specified materials from the same place.
e) Verify that the user has already received a copy of these
materials or that you have already sent this user a copy.
For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it. However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
It may happen that this requirement contradicts the license
restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you
distribute.
7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined
library, provided that the separate distribution of the work based on
the Library and of the other library facilities is otherwise
permitted, and provided that you do these two things:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities. This must be distributed under the terms of the
Sections above.
b) Give prominent notice with the combined library of the fact
that part of it is a work based on the Library, and explaining
where to find the accompanying uncombined form of the same work.
8. You may not copy, modify, sublicense, link with, or distribute
the Library except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense, link with, or
distribute the Library is void, and will automatically terminate your
rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses
terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Library or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Library (or any work based on the
Library), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the
Library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the Library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Library at all. For example, if a patent
license would not permit royalty-free redistribution of the Library by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply,
and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Library under this License may add
an explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
13. The Free Software Foundation may publish revised and/or new
versions of the Lesser General Public License from time to time.
Such new versions will be similar in spirit to the present version,
but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by
the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is
copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status
of all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
Programs and licenses with other licenses and/or authors than the
main license and authors:
lib/3rdParty/composer/beberlei G 2013 Benjamin Eberlei
lib/3rdParty/composer/composer B Nils Adermann, Jordi Boggiano
lib/3rdParty/composer/fgrosse B 2015 Friedrich Große
lib/3rdParty/composer/nyholm B 2016 Tobias Nyholm
lib/3rdParty/composer/paragonie B 2015 Paragon Initiative Enterprises
lib/3rdParty/composer/pear-pear.horde.org/Horde_Crypt_Blowfish H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Exception H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Idna G
lib/3rdParty/composer/pear-pear.horde.org/Horde_Imap_Client H
lib/3rdParty/composer/pear-pear.horde.org/Horde_ListHeaders H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mail G
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mime H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Secret H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Socket_Client H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Filter H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Wrapper G
lib/3rdParty/composer/pear-pear.horde.org/Horde_Support G
lib/3rdParty/composer/pear-pear.horde.org/Horde_Text_Flowed H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Translation H
lib/3rdParty/composer/pear-pear.horde.org/Horde_Util H
lib/3rdParty/composer/php-http B 2015 PHP HTTP Team
lib/3rdParty/composer/phpmailer H
lib/3rdParty/composer/psr B 2018 PHP Framework Interoperability Group
lib/3rdParty/composer/ramsey B 2018 Ben Ramsey
lib/3rdParty/composer/spomky-labs B 2018 Spomky-Labs
lib/3rdParty/composer/symfony B 2019 Fabien Potencier
lib/3rdParty/composer/web-auth B 2018 Spomky-Labs
lib/3rdParty/tcpdf D 2020 Nicola Asuni - Tecnick.com LTD
lib/3rdParty/tcpdf/fonts/dejavu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
lib/3rdParty/phpseclib B 2019 TerraFrost and other contributors
lib/3rdParty/Monolog B 2011 Jordi Boggiano
lib/3rdParty/Psr B 2012 PHP Framework Interoperability Group
lib/3rdParty/yubico/Yubico.php C 2015 Yubico AB
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
style/150_jquery-dropmenu*.css B 2010 Fred Heusschen
templates/lib/*jquery-fineuploader-*.js B 2010 Andrew Valums
style/150_jquery-fineuploader*.css B 2010 Andrew Valums
templates/lib/*jquery-validationEngine-*.js B 2010 Cedric Dugas and Olivier Refalo
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
style/600_cropper*.css B 2018 Chen Fengyuan
templates/lib/extra/duo/*.js E 2019 Duo Security
lib/3rdParty/duo/*.php E 2019 Duo Security
graphics/webauthn.svg F 2017 Duo Security, Inc.
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
style/610_magnific-popup.css B 2016 Dmitry Semenov
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
style/responsive/110_grid.css B
lib/3rdParty/tcpdf D 2018 Nicola Asuni - Tecnick.com LTD
lib/3rdParty/tcpdf/fonts/DejaVu*.ttf A Public Domain, Bitstream, Inc., Tavmjong Bah
lib/3rdParty/tcpdf/fonts/DejaVu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
lib/3rdParty/phpseclib B Jim Wigginton
lib/3rdParty/Monolog B 2011 Jordi Boggiano
lib/3rdParty/Psr B 2012 PHP Framework Interoperability Group
lib/3rdParty/yubico/Yubico.php C 2015 Yubico AB
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
style/150_jquery-dropmenu*.css B 2010 Fred Heusschen
templates/lib/*jquery-fineuploader-*.js B 2010 Andrew Valums
style/150_jquery-fineuploader*.css B 2010 Andrew Valums
templates/lib/*jquery-validationEngine-*.js B 2010 Cedric Dugas and Olivier Refalo
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
style/600_cropper*.css B 2018 Chen Fengyuan
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
style/610_magnific-popup.css B 2016 Dmitry Semenov
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
style/responsive/110_grid.css B

4
lam/docs/devel/account_pages.htm
View File

@ -21,11 +21,11 @@ The main script for the account pages is located in <span
a very simple content. If the page is loaded for the first time it
creates a new <span style="font-weight: bold;">accountContainer</span>
inside the session and tells it to load/create an LDAP account. Then it
calls the <span style="font-weight: bold;">continue_main()</span>
calles the <span style="font-weight: bold;">continue_main()</span>
function of the <span style="font-weight: bold;">accountContainer</span>
object which prints all HTML output.<br>
<br>
Managing of user input etc. is completely made by the <span
Managing of user input etc. is completly made by the <span
style="font-weight: bold;">accountContainer</span>.<br>
<br>
</body>

2
lam/docs/devel/config.htm
View File

@ -54,7 +54,7 @@ to make it easier for the user to modify the values. The dynamic
options provided by the modules do not include a comment.<br>
<br>
<h2>Master configuration file</h2>
LAM stores the default configuration profile and a master password in <span
LAM stores the default configuartion profile and a master password in <span
style="font-style: italic;">config/config.cfg</span>.<br>
The master password is verified when the user wants to create/delete
configuration profiles.<br>

2
lam/docs/devel/mod_accountPages.htm
View File

@ -39,7 +39,7 @@ attribute. Therefore we will save these two values.<br>
&nbsp;&nbsp;&nbsp; * This function loads all needed attributes into the
object.<br>
&nbsp;&nbsp;&nbsp; *<br>
&nbsp;&nbsp;&nbsp; * @param array $attr an array as it is returned from
&nbsp;&nbsp;&nbsp; * @param array $attr an array as it is retured from
ldap_get_attributes<br>
&nbsp;&nbsp;&nbsp; */<br>
&nbsp;&nbsp;&nbsp; <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_attributes</span>($attr) {<br>

2
lam/docs/devel/mod_basics.htm
View File

@ -58,7 +58,7 @@ class</span> <span style="color: rgb(255, 0, 0);">ieee802Device</span>
</table>
<br>
<h2>4. Meta data</h2>
The module interface includes a lot of required and optional functions.
The module interface inludes a lot of required and optional functions.
Many of these functions do not need to be implemented directly in the
module, you can define <span style="font-weight: bold;">meta data</span>
for them and the <span style="font-weight: bold;">baseModule</span>

2
lam/docs/devel/mod_config.htm
View File

@ -137,7 +137,7 @@ the <span style="font-style: italic;">baseModule</span> will use the <span style
check. This function already contains regular expressions for the most
common cases.<br>
To check if the minimum GID is smaller than the maximum GID we define a
check for the nonexistent option "cmpGID" and define it as optional.
check for the nonexistant option "cmpGID" and define it as optional.
This will do the comparison check.<br>
<br>
<br>

4
lam/docs/devel/mod_general.htm
View File

@ -122,7 +122,7 @@ get_metaData() {<br>
<br>
<br>
<h2>4. Dependencies</h2>
Modules can depend on each other. This is useful if you need to access
Modules can depend on eachother. This is useful if you need to access
attributes from other modules or the managed object classes of your
module are not structural.<br>
<br>
@ -198,7 +198,7 @@ is set dynamically<br>
You can tell LAM what object classes are managed by your module.<br>
LAM will then check the spelling of the objectClass attributes and
correct it automatically. This is useful if other applications (e.g.
smbldap-tools) also create accounts and the spelling is different.<br>
smbldap-tools) also create accounts and the spelling is differnt.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
<br>

4
lam/docs/devel/mod_jobs.htm
View File

@ -21,7 +21,7 @@ They are configured on tab "Jobs" in LAM server profile.<br>
<div style="text-align: left;">See ppolicyUser module for an example.<br>
<br>
<h2>Adding the job class</h2>
The module defines the list of supported jobs with function
The module defines the list of suuported jobs with function
getSupportedJobs().<br>
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
<tbody>
@ -77,7 +77,7 @@ If your job requires any configuration options then use get/checkConfigOptions()
<br>
<h2>Database</h2>
Jobs can access a database to read and store data about job runs. Use
this e.g. if you need to save any status information across job runs.<br>
this e.g. if you need to save any status information accross job runs.<br>
Database access is specified with needsDatabaseAccess().<br>
<br>
There is a built-in database upgrade mechanism. Your job must return

2
lam/docs/devel/profile_files.htm
View File

@ -18,7 +18,7 @@ designed to be editable by hand. They do not allow to add comments and
have a simpler format.<br>
<br>
<h2>Format</h2>
There is one option per line which is formatted: &lt;identifier&gt;:
There is one option per line which is formated: &lt;identifier&gt;:
&lt;value&gt;<br>
<br>
Identifier is the option's name, value is the rest of the line after

4
lam/docs/devel/tools.htm
View File

@ -88,10 +88,10 @@ class <span style="font-weight: bold;">toolProfileEditor</span> implements <span
&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; <br>
&nbsp;&nbsp;&nbsp; /**<br>
&nbsp;&nbsp;&nbsp; &nbsp;* Returns the preferred position of this tool on the tools page.<br>
&nbsp;&nbsp;&nbsp; &nbsp;* Returns the prefered position of this tool on the tools page.<br>
&nbsp;&nbsp;&nbsp; &nbsp;* The position may be between 0 and 1000. 0 is the top position.<br>
&nbsp;&nbsp;&nbsp; &nbsp;*<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @return int preferred position<br>
&nbsp;&nbsp;&nbsp; &nbsp;* @return int prefered position<br>
&nbsp;&nbsp;&nbsp; &nbsp;*/<br>
&nbsp;&nbsp;&nbsp; function <span style="font-weight: bold;">getPosition</span>() {<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return 100;<br>

4
lam/docs/devel/toolsHowTo.htm
View File

@ -91,10 +91,10 @@ Example:<br>
<pre>&nbsp;&nbsp;&nbsp; }</pre>
<pre>&nbsp;&nbsp;&nbsp; </pre>
<pre>&nbsp;&nbsp;&nbsp; /**</pre>
<pre>&nbsp;&nbsp;&nbsp; &nbsp;* Returns the preferred position of this tool on the tools page.</pre>
<pre>&nbsp;&nbsp;&nbsp; &nbsp;* Returns the prefered position of this tool on the tools page.</pre>
<pre>&nbsp;&nbsp;&nbsp; &nbsp;* The position may be between 0 and 1000. 0 is the top position.</pre>
<pre>&nbsp;&nbsp;&nbsp; &nbsp;*</pre>
<pre>&nbsp;&nbsp;&nbsp; &nbsp;* @return int preferred position</pre>
<pre>&nbsp;&nbsp;&nbsp; &nbsp;* @return int prefered position</pre>
<pre>&nbsp;&nbsp;&nbsp; &nbsp;*/</pre>
<pre>&nbsp;&nbsp;&nbsp; function getPosition() {</pre>
<pre>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; return 600;</pre>

2
lam/docs/devel/type_list.htm
View File

@ -115,7 +115,7 @@ If you want to change more than just the labels, take a look at <span
style="font-weight: bold;">lib/types/user.inc</span>. When a list is
displayed then the <span style="font-weight: bold;">showPage()</span>
function is called. You can overwrite this function to display a
completely new list or just one of the other functions.<br>
completly new list or just one of the other functions.<br>
<br>
<table style="width: 100%; text-align: left;" class="mod-code"
border="0" cellpadding="2" cellspacing="2">

8
lam/docs/devel/upgrade.htm
View File

@ -60,14 +60,6 @@ This is a list of API changes for all LAM releases.
<br>
<h2>6.7 -&gt; 6.8</h2>
<ul>
<li>Module API
<ul>
<li>display_html_attributes(): use responsive HTML elements instead of tables</li>
</ul>
</li>
</ul>
<h2>6.3 -&gt; 6.4</h2>
<ul>
<li>Module API

28
lam/docs/manual-sources/appendix-email.xml Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<appendix id="mailSetup">
<title>Setup of email (SMTP) server</title>
<para>LAM always uses a local SMTP email server on the machine where LAM
is installed. Therefore, there is no need to configure any SMTP settings
inside LAM itself.</para>
<para>The local email server should be configured to forward all emails to
your company mail server (so-called smarthost). You can use any SMTP
software that ships with a Sendmail wrapper (e.g. Exim, Postfix, QMail or
Sendmail itself).</para>
<literallayout>
</literallayout>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/lam_mail.png" />
</imageobject>
</mediaobject>
</screenshot>
</appendix>

18
lam/docs/manual-sources/appendix-schema.xml
View File

@ -104,24 +104,6 @@
<entry/>
</row>
<row>
<entry><inlinemediaobject>
<imageobject>
<imagedata fileref="images/schema_samba.png"/>
</imageobject>
</inlinemediaobject></entry>
<entry>AD LDS</entry>
<entry>user, group</entry>
<entry/>
<entry>AD LDS built-in</entry>
<entry/>
</row>
<row>
<entry><inlinemediaobject>
<imageobject>

51
lam/docs/manual-sources/appendix-security.xml
View File

@ -34,7 +34,7 @@
<section>
<title>Use of SSL</title>
<para>The data which is transferred between you and LAM is very sensitive.
<para>The data which is transfered between you and LAM is very sensitive.
Please always use SSL encrypted connections between LAM and your browser
to protect yourself against network sniffers.</para>
</section>
@ -257,7 +257,7 @@ semodule -i httpdlocal.pp</programlisting>
<listitem>
<para>directory contents must be accessible by browser but directory
itself needs not to be browsable</para>
itself needs not to be browseable</para>
</listitem>
</itemizedlist>
</section>
@ -445,51 +445,4 @@ semodule -i httpdlocal.pp</programlisting>
</programlisting>
</section>
</section>
<section id="a_webauthn">
<title>Webauthn/FIDO2</title>
<para>LAM allows to secure logins via <ulink
url="https://en.wikipedia.org/wiki/WebAuthn">Webauthn/FIDO2</ulink>. This
means your users login with their LDAP password and an additional hardware
token (e.g. Yubico Security Key, Windows Hello and many more).</para>
<para>Webauthn/FIDO2 is a very strong 2-factor-authentication method as it
also checks the website domain. This prevents attacks via web
proxies.</para>
<para>To use this feature you need to activate the 2-factor authentication
in LAM.</para>
<para><emphasis role="bold">LAM admin interface</emphasis></para>
<para>Please activate Webauthn/FIDO2 in your <link
linkend="conf_serverprofile_2fa">LAM server profile</link>. Then users
will be asked to authenticate via Webauthn/FIDO2 on each login.</para>
<para>If no device is registered for a user then LAM will ask for this
during login. Afterwards, users can manage their devices with the <link
linkend="tool_webauthn">Webauthn tool</link>.</para>
<para><emphasis role="bold">LAM Self Service</emphasis></para>
<para>Please activate Webauthn/FIDO2 in your <link
linkend="selfservice_2fa">LAM self service profile</link>. Then users will
be asked to authenticate via Webauthn/FIDO2 on each login.</para>
<para>If no device is registered for a user then LAM will ask for this
during login. Afterwards, users can manage their devices with the <link
linkend="selfservice_fields">Webauthn field</link>.</para>
<para><emphasis role="bold">Global device management</emphasis></para>
<para>This is for cases where one of your users has no more access to his
device and cannot login anymore. In this case you can delete his device(s)
in the <link linkend="confmain_webauthn">LAM main
configuration</link>.</para>
<para>Note that devices can only be deleted. Registration of devices can
only be done by the user during login or on the management pages listed
above.</para>
</section>
</appendix>

2
lam/docs/manual-sources/appendix-troubleshooting.xml
View File

@ -85,7 +85,7 @@
<para>If there are any object classes or attributes missing you will get
a notice. See <link linkend="a_schema">LDAP schema files</link> for a
list of used schemas. You may also want to deactivate unused modules in
list of used schemas. You may also want to deactive unused modules in
your LAM server profile (tab "Modules").</para>
<screenshot>

4
lam/docs/manual-sources/chapter-accessLevel.xml
View File

@ -93,7 +93,9 @@
<para>If the user account has set the mail attribute then LAM can
send your user a mail with the new password. You can change the mail
template to fit your needs. Please configure your LAM server profile
to setup the sender address, subject and mail body. See <link linkend="mailSetup">here</link> for setting up your
to setup the sender address, subject and mail body. Please see <link
linkend="mailEOL">email format option</link> in case of broken
mails. See <link linkend="mailSetup">here</link> for setting up your
SMTP server.</para>
<para>Using this method will prevent that your support staff knows

2
lam/docs/manual-sources/chapter-bigPicture.xml
View File

@ -292,7 +292,7 @@
<para><emphasis role="bold">LAM runtime environment:</emphasis></para>
<para>LAM runs on PHP. Therefore, it is independent of CPU architecture
<para>LAM runs on PHP. Therefore, it is independant of CPU architecture
and operating system (OS). You can run LAM on any OS which supports
Apache, Nginx or other PHP compatible web servers.</para>

342
lam/docs/manual-sources/chapter-configuration.xml
View File

@ -60,10 +60,6 @@
<para>When you entered the license key then the license details can be
seen on LAM configuration overview page.</para>
<para>By default, LAM Pro will show a warning message on the login page
3 weeks before expiration. You can disable this here and/or send out an
email instead.</para>
<screenshot>
<mediaobject>
<imageobject>
@ -211,7 +207,7 @@
<itemizedlist>
<listitem>
<para>File: all messages will be written to the given file. LAM will
<para>File: all messages will be writen to the given file. LAM will
create it if not yet existing.</para>
</listitem>
@ -241,23 +237,18 @@
</screenshot>
</section>
<section id="mailSetup">
<title>Mail options (LAM Pro)</title>
<section>
<title>Additional options</title>
<para>Here you can configure the mail server settings. If you do not set
a mail server then LAM will try to use a locally installed one (e.g.
postfix, exim, sendmail).</para>
<para id="mailEOL"><emphasis role="bold">Email format</emphasis></para>
<para>SMTP setup:</para>
<para>Some email servers are not standards compatible. If you receive
mails that look broken you can change the line endings for sent mails
here. Default is to use "\r\n".</para>
<para>Mail server: enter name + port separated by ":". E.g. "server:25"
will use "server" on port 25. Please note that your mail server
<emphasis role="bold">must</emphasis> support TLS encryption.</para>
<para>User name: enter the user name if your SMTP server requires
authentication</para>
<para>Password: enter the password for the user above</para>
<para>At the moment, this option is only available in LAM Pro as there
is no mail sending in the free version. See <link
linkend="mailSetup">here</link> for setting up your SMTP server.</para>
<screenshot>
<mediaobject>
@ -268,33 +259,6 @@
</screenshot>
</section>
<section id="confmain_webauthn">
<title>Webauthn/FIDO2 devices</title>
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2 appendix</link>
for an overview about Webauthn/FIDO2 in LAM.</para>
<para>Here you can delete any webauthn device registrations. This
section is only shown if at least one device is registered.</para>
<para>Enter a part of the user's DN in the input box and perform a
search. LAM will show users and devices that match the search. You can
then delete a device registration. If the user has no more registered
devices then LAM will ask for registration on next login.</para>
<para>Note: You cannot add any device here. This can only be done by the
user during login, <link linkend="tool_webauthn">webauthn tool</link> or
self service.</para>
<para><screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/configGeneral8.png"/>
</imageobject>
</mediaobject>
</screenshot></para>
</section>
<section>
<title>Change master password</title>
@ -503,9 +467,6 @@
</listitem>
</itemizedlist>
<para>Hide password prompt for expired password: Hides the password
prompt when a user with expired password logs into LAM.</para>
<literallayout>
</literallayout>
@ -528,30 +489,6 @@
is located. The default rights for new home directories can be set,
too.</para>
<para><emphasis role="bold">Note:</emphasis> This requires lamdaemon
to be installed on the remote server. This comes as separate package
for DEB/RPM. See <link linkend="a_lamdaemon">here</link>.</para>
<para>Script server format:</para>
<itemizedlist>
<listitem>
<para>"server": "server" is the DNS name of your script
server</para>
</listitem>
<listitem>
<para>"server:NAME": NAME is the display name of this
server</para>
</listitem>
<listitem>
<para>"server:NAME:/prefix": /prefix is the directory prefix for
all operations. E.g. creating a home directory "/home/user" would
create "/prefix/home/user" then.</para>
</listitem>
</itemizedlist>
<para>You can provide a fixed user name. If you leave the field empty
then LAM will use your current account (the account you used to login
to LAM).</para>
@ -564,9 +501,7 @@
<para>SSH key (recommended): Please generate a SSH key pair and
provide the location to the <emphasis
role="bold">private</emphasis> key file. If the key is protected
by a password you can also specify it here. Please note that only
RSA keys (with "-----BEGIN RSA PRIVATE KEY-----" at the beginning
of the file) are supported.</para>
by a password you can also specify it here.</para>
</listitem>
<listitem>
@ -670,8 +605,7 @@
</mediaobject>
</screenshot>
<para id="conf_serverprofile_2fa"><emphasis role="bold">2-factor
authentication</emphasis></para>
<para><emphasis role="bold">2-factor authentication</emphasis></para>
<para>LAM supports 2-factor authentication for your users. This means
the user will not only authenticate by user+password but also with
@ -691,61 +625,29 @@
<listitem>
<para><ulink url="https://www.yubico.com/">YubiKey</ulink></para>
</listitem>
<listitem>
<para><ulink url="https://duo.com/">Duo</ulink></para>
</listitem>
<listitem>
<para><ulink
url="https://webauthn.io/">Webauthn/FIDO2</ulink></para>
</listitem>
</itemizedlist>
<para>Configuration options:</para>
<para><emphasis role="bold">privacyIDEA</emphasis></para>
<para>privacyIDEA:</para>
<itemizedlist>
<listitem>
<para>Base URL: please enter the URL of your privacyIDEA
instance</para>
</listitem>
<listitem>
<para>User name attribute: please enter the LDAP attribute name
that contains the user ID (e.g. "uid").</para>
</listitem>
<listitem>
<para>Optional: By default LAM will enforce to use a token and
reject users that did not setup one. You can set this check to
optional. But if a user has setup a token then this will always be
required.</para>
</listitem>
<listitem>
<para>Disable certificate check: This should be used on
development instances only. It skips the certificate check when
connecting to verification server.</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">YubiKey</emphasis></para>
<para>YubiKey:</para>
<itemizedlist>
<listitem>
<para>Base URLs: please enter the URL(s) of your YubiKey
verification server(s). If you run a custom verification API such
as yubiserver then enter its URL (e.g.
<para>Base URL: please enter the URL of your YubiKey verfication
server. For YubiKey cloud this is
"https://api.yubico.com/wsapi/2.0/verify". If you run a custom
verification API such as yubiserver then enter its URL (e.g.
http://www.example.com:8000/wsapi/2.0/verify). The URL needs to
end with "/wsapi/2.0/verify". For YubiKey cloud these are
"https://api.yubico.com/wsapi/2.0/verify",
"https://api2.yubico.com/wsapi/2.0/verify",
"https://api3.yubico.com/wsapi/2.0/verify",
"https://api4.yubico.com/wsapi/2.0/verify" and
"https://api5.yubico.com/wsapi/2.0/verify". Enter one URL per
line.</para>
end with "/wsapi/2.0/verify".</para>
</listitem>
<listitem>
@ -757,69 +659,15 @@
<para>Secret key: this is only required for YubiKey cloud. You can
register here: https://upgrade.yubico.com/getapikey/</para>
</listitem>
<listitem>
<para>Optional: By default LAM will enforce to use a token and
reject users that did not setup one. You can set this check to
optional. But if a user has setup a token then this will always be
required.</para>
</listitem>
<listitem>
<para>Disable certificate check: This should be used on
development instances only. It skips the certificate check when
connecting to verification server.</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">Duo</emphasis></para>
<para>Optional: By default LAM will enforce to use a token and reject
users that did not setup one. You can set this check to optional. But
if a user has setup a token then this will always be required.</para>
<para>This requires to register a new "Web SDK" application in your
Duo admin panel.</para>
<itemizedlist>
<listitem>
<para>User name attribute: please enter the LDAP attribute name
that contains the user ID (e.g. "uid").</para>
</listitem>
<listitem>
<para>Base URL: please enter the API-URL of your Duo instance
(e.g. api-12345.duosecurity.com).</para>
</listitem>
<listitem>
<para>Client id: please enter your integration key.</para>
</listitem>
<listitem>
<para>Secret key: please enter your secret key.</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">Webauthn/FIDO2</emphasis></para>
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2
appendix</link> for an overview about Webauthn/FIDO2 in LAM.</para>
<para>Users will be asked to register a device during login if no
device is setup.</para>
<itemizedlist>
<listitem>
<para>Domain: Please enter the WebAuthn domain. This is the public
domain of the web server (e.g. "example.com"). Do not include
protocol or port. Browsers will reject authentication if the
domain does not match the web server domain.</para>
</listitem>
<listitem>
<para>Optional: By default LAM will enforce to use a 2FA device
and reject users that do not setup one. You can set this check to
optional. But if a user has setup a device then this will always
be required.</para>
</listitem>
</itemizedlist>
<para>Disable certificate check: This should be used on development
instances only. It skips the certificate check when connecting to
verification server.</para>
<screenshot>
<mediaobject>
@ -1141,11 +989,6 @@ mysql&gt; GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
move expired accounts</link></para>
</listitem>
<listitem>
<para><link linkend="job_windows_notify_groups">Windows: Notify
users about their managed groups</link></para>
</listitem>
<listitem>
<para><link linkend="job_freeradius_move_expired">FreeRadius:
Delete or move expired accounts</link></para>
@ -1834,95 +1677,6 @@ mysql&gt; GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
</table>
</section>
<section id="job_windows_notify_groups">
<title>Windows: Notify users about their managed groups</title>
<para>This will send your users an email with the groups they
manage. This also includes a list of users in these groups. The
users and groups are searched using the user+group account types
that are specified in server profile.</para>
<para>You need to activate the Windows module for users to be able
to add this job. The job can be added multiple times.</para>
<screenshot>
<graphic fileref="images/jobs_windowsNotifyGroups.png"/>
</screenshot>
<para><table>
<title>Options</title>
<tgroup cols="2">
<tbody>
<row>
<entry><emphasis role="bold">Option</emphasis></entry>
<entry><emphasis
role="bold">Description</emphasis></entry>
</row>
<row>
<entry>From address</entry>
<entry>The email address to set as FROM.</entry>
</row>
<row>
<entry>Reply-to address</entry>
<entry>Optional Reply-to address for email.</entry>
</row>
<row>
<entry>CC address</entry>
<entry>Optional CC mail address.</entry>
</row>
<row>
<entry>BCC address</entry>
<entry>Optional BCC mail address.</entry>
</row>
<row>
<entry>Subject</entry>
<entry>The email subject line. Supports wildcards, see
below.</entry>
</row>
<row>
<entry>HTML format</entry>
<entry>Send email as HTML instead of plain text.</entry>
</row>
<row>
<entry>Text</entry>
<entry>The email body text. Supports wildcards, see
below.</entry>
</row>
<row>
<entry>Period</entry>
<entry>Defines how often the mail is sent (e.g.
quarterly).</entry>
</row>
</tbody>
</tgroup>
</table>Wildcards:</para>
<para>You can enter LDAP attributes as wildcards in the form
@@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
For the common name it would be "@@cn@@".</para>
<para>Use the wildcard "@@LAM_MANAGED_GROUPS@@" to insert the group
listing. This wildcard is mandatory.</para>
</section>
<section id="job_freeradius_move_expired">
<title>FreeRadius: Delete or move expired accounts</title>
@ -2305,50 +2059,4 @@ mysql&gt; GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
</section>
</section>
</section>
<section>
<title>Self Service (LAM Pro)</title>
<para>See <link linkend="a_selfService">Self Service
chapter</link>.</para>
</section>
<section>
<title>Import and export configuration</title>
<para>Here you can export and import LAM's whole configuration. You can
use this to backup the configuration or migrate from one server to
another.</para>
<para>You will need to login with the configuration master password to use
this feature.</para>
<screenshot>
<graphic fileref="images/confImportExport1.png"/>
</screenshot>
<para><emphasis role="bold">Export</emphasis></para>
<para>This will dump the whole configuration to one big single file. It is
not possible to dump only parts of the configuration. During import you
can select what exactly to import.</para>
<para><emphasis role="bold">Import</emphasis></para>
<para>Please select the import file first and submit. LAM will then
present you possible import data. You can select what to import using the
checkboxes.</para>
<para>Please note that LAM will not delete e.g. server profiles that are
not in the import file.</para>
<para>Example: You have profile1+profile2 in your LAM installation and
profile2+profile3 in your import file. When you select to import all
server profiles then profile1 stays untouched, profile2 will be
overwritten and profile3 will be added.</para>
<screenshot>
<graphic fileref="images/confImportExport2.png"/>
</screenshot>
</section>
</chapter>

61
lam/docs/manual-sources/chapter-installation.xml
View File

@ -15,7 +15,7 @@
<itemizedlist>
<listitem>
<para>Apache/Nginx webserver (SSL recommended) with PHP module (PHP
(&gt;= 7.0.0) with ldap, gettext, xml, openssl and optional
(&gt;= 5.6.0) with ldap, gettext, xml, openssl and optional
OpenSSL)</para>
</listitem>
@ -313,45 +313,6 @@
</section>
</section>
<section>
<title>Docker</title>
<para>You can run LAM inside Docker.</para>
<para>Possible environment variables are documented in the <ulink
url="https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env">sample
.env</ulink> file.</para>
<para>See here:</para>
<para><ulink
url="https://hub.docker.com/r/ldapaccountmanager/lam">https://hub.docker.com/r/ldapaccountmanager/lam</ulink></para>
<para/>
<para>LAM Pro:</para>
<para>Please request access at support providing your Docker Hub user
ID.</para>
<para><ulink
url="https://hub.docker.com/r/ldapaccountmanager/lampro">https://hub.docker.com/r/ldapaccountmanager/lampro</ulink></para>
<para><emphasis role="bold">Configuration files</emphasis></para>
<para>All configuration files are stored in:</para>
<itemizedlist>
<listitem>
<para>/etc/ldap-account-manager</para>
</listitem>
<listitem>
<para>/var/lib/ldap-account-manager</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>System configuration</title>
@ -613,26 +574,6 @@
version. Unless explicitly noticed there is no need to install an
intermediate release.</para>
<section>
<title>7.2 -&gt; 7.3</title>
<para>No actions required.</para>
</section>
<section>
<title>7.1 -&gt; 7.2</title>
<para>LAM Pro: All emails need a specified FROM address. This affects
password email, self registration, password self reset and cron
emails.</para>
</section>
<section>
<title>6.7 -&gt; 7.1</title>
<para>No actions required.</para>
</section>
<section>
<title>6.6 -&gt; 6.7</title>

287
lam/docs/manual-sources/chapter-modules.xml
View File

@ -1349,146 +1349,6 @@
</screenshot>
</section>
<section>
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
<para>Please activate the account type "Users" in your LAM server
profile and then add the user module "AD LDS
(windowsLDSUser)(*)".</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_windowsUser4.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>The default list attributes are for Unix and not suitable for AD
LDS (blank lines in account table). Please use
"#cn;#givenName;#sn;#mail" or select your own attributes to display in
the account list.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds1.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>On tab "Module settings" you can specify the possible Windows
domain names.</para>
<para>You can also set maximum values for user photos in advanced
options.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata contentwidth="1172" fileref="images/mod_adLds3.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>Now you can manage your AD LDS users and e.g. assign groups. You
might want to set the default domain name in the <link
linkend="a_accountProfile">profile editor</link>.</para>
<para><emphasis role="bold">Attention:</emphasis></para>
<para>Password changes require a secure connection via ldaps://. Check
your LAM server profile if password changes are refused by the
server.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds4a.png"/>
</imageobject>
</mediaobject>
</screenshot>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds4b.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Wildcards</emphasis></para>
<para>This module provides the following wildcards (others may be
provided by other modules):</para>
<itemizedlist>
<listitem>
<para>$firstname: First name</para>
</listitem>
<listitem>
<para>$lastname: Last name</para>
</listitem>
<listitem>
<para>$user: User name</para>
</listitem>
<listitem>
<para>$commonname: Common name</para>
</listitem>
<listitem>
<para>$email: Email address</para>
</listitem>
</itemizedlist>
<para>You can use them in the following input fields on user edit
screen:</para>
<itemizedlist>
<listitem>
<para>Common name</para>
</listitem>
<listitem>
<para>Display name</para>
</listitem>
<listitem>
<para>Email</para>
</listitem>
<listitem>
<para>Email alias</para>
</listitem>
</itemizedlist>
<para>Use this when some of your data always follows the same schema.
E.g. using "$firstname $lastname" in common name field can be used like
this to get "Demo User". You can set the wildcards in profile editor so
they are automatically applied for new users.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds5a.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para/>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds5b.png"/>
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>Filesystem quota (lamdaemon)</title>
@ -1807,7 +1667,7 @@
<para><emphasis role="bold">Setup password changing</emphasis></para>
<para>LAM Pro cannot generate the password hashes itself because Heimdal
uses a proprietary format for them. Therefore, LAM Pro needs to call e.g.
uses a propietary format for them. Therefore, LAM Pro needs to call e.g.
kadmin to set the password.</para>
<para>The wildcards @@password@@ and @@principal@@ are replaced with
@ -1856,7 +1716,7 @@
<para><emphasis role="bold">Setup password changing</emphasis></para>
<para>LAM Pro cannot generate the password hashes itself because MIT
uses a proprietary format for them. Therefore, LAM Pro needs to call
uses a propietary format for them. Therefore, LAM Pro needs to call
kadmin/kadmin.local to set the password.</para>
<para>LAM will add "-q 'cpw -pw PASSWORD PRINCIPAL'" to the command to
@ -1870,9 +1730,9 @@
password change.</para>
<para>Please note that kadmin/kadmin.local often returns a successful
command even if errors occurred (e.g. password policy violations). You
command even if errors occured (e.g. password policy violations). You
need to test this before and if affected then write a wrapper script
around kadmin that returns non-zero return codes for errors.</para>
arround kadmin that returns non-zero return codes for errors.</para>
<para>Example commands:</para>
@ -1956,7 +1816,7 @@
</mediaobject>
</screenshot>
<para>You can add the user to existing alias entries or create completely
<para>You can add the user to existing alias entries or create completly
new ones.</para>
<screenshot>
@ -2283,7 +2143,7 @@ AuthorizedKeysCommandUser root</literallayout>
security reasons.</para>
<para>The user name can either be a fixed name (e.g. "admin") or it can
be generated with LDAP attributes of the LAM admin user. E.g. $uid$ will
be generated with LDAP attributes of the LAM admn user. E.g. $uid$ will
be transformed to "myUser" if you login with
"uid=myUser,ou=people,dc=example,dc=com".</para>
@ -2399,8 +2259,8 @@ AuthorizedKeysCommandUser root</literallayout>
<para><emphasis role="bold">Configuration</emphasis></para>
<para>Special Please add the account type "Groups" and then select
account module "Unix (posixGroup)".</para>
<para>Please add the account type "Groups" and then select account
module "Unix (posixGroup)".</para>
<screenshot>
<mediaobject>
@ -2410,43 +2270,6 @@ AuthorizedKeysCommandUser root</literallayout>
</mediaobject>
</screenshot>
<para>Virtual list attributes:</para>
<screenshot>
<graphic fileref="images/mod_unixGroupConfig2.png"/>
</screenshot>
<para>The following virtual attributes can be shown in the group list.
These are no real LDAP attributes but extra data that can be shown by
LAM.</para>
<itemizedlist>
<listitem>
<para>memberuid_count: number of entries in attribute
"memberuid"</para>
</listitem>
<listitem>
<para>member_count: number of entries in attribute "member"</para>
</listitem>
<listitem>
<para>uniqueMember_count: number of entries in attribute
"uniquemember"</para>
</listitem>
<listitem>
<para>owner_count: number of entries in attribute "owner"</para>
</listitem>
<listitem>
<para>roleOccupant_count: number of entries in attribute
"roleOccupant"</para>
</listitem>
</itemizedlist>
<para>Module settings:</para>
<para>GID generator: LAM will suggest GID numbers for your accounts.
Please note that it may happen that there are duplicate IDs assigned if
users create groups at the same time. Use an <ulink
@ -2720,52 +2543,6 @@ AuthorizedKeysCommandUser root</literallayout>
</screenshot>
</section>
<section>
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
<para>LAM can manage your AD LDS groups. Please enable the account type
"Groups" in your LAM server profile and then add the group module "AD
LDS (windowsLDSGroup)(*)".</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_windowsGroup3.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>The default list attributes are for Unix and not suitable for AD
LDS (blank lines in account table). Please use
"#cn;#member;#description" or select your own attributes to display in
the account list.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds2.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para/>
<para>Now you can edit your groups inside LAM. You can manage the group
name, description and its type. Of course, you can also set the group
members.</para>
<para>With "Show effective members" you can show a list of all members
of this group including members of subgroups and their subgroups.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_adLds6.png"/>
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>Kolab</title>
@ -3259,38 +3036,6 @@ AuthorizedKeysCommandUser root</literallayout>
</mediaobject>
</screenshot>
<para>Virtual list attributes:</para>
<screenshot>
<graphic fileref="images/mod_gon.png"/>
</screenshot>
<para>The following virtual attributes can be shown in the group list.
These are no real LDAP attributes but extra data that can be shown by
LAM.</para>
<itemizedlist>
<listitem>
<para>member_count: number of entries in attribute "member"</para>
</listitem>
<listitem>
<para>uniqueMember_count: number of entries in attribute
"uniquemember"</para>
</listitem>
<listitem>
<para>owner_count: number of entries in attribute "owner"</para>
</listitem>
<listitem>
<para>roleOccupant_count: number of entries in attribute
"roleOccupant"</para>
</listitem>
</itemizedlist>
<para>Module settings:</para>
<para>On the module settings tab you set some options like the display
format for members/owners and if fields like description should not be
displayed.</para>
@ -4737,7 +4482,7 @@ Run slapindex to rebuild the index.
please skip the "@" entry in the CSV file below. LAM creates this entry
with sample data.</para>
<para>In this example we assume that the following zone entry
<para>In this example we assume that the following zone extry
exists:</para>
<literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com
@ -5360,7 +5105,7 @@ OK (10 msec)</programlisting>
<para>LAM will display a default icon and "Custom fields" as label if you
do not enter any values.</para>
<para>You may also specify how LAM displays custom fields when there are
<para>You may also specify how LAM displays cutom fields when there are
multiple field groups. The default is accordion view where you can switch
field groups by clicking on the title. You may also deactivate this mode.
Then all field groups are displayed one below the other.</para>
@ -5375,7 +5120,7 @@ OK (10 msec)</programlisting>
<para><emphasis role="bold">Defining groups:</emphasis></para>
<para>All input fields are divided into groups. A group may contain one or
<para>All input fields are devided into groups. A group may contain one or
more object classes and allows you to add/remove a certain set of input
fields.</para>
@ -5665,10 +5410,6 @@ OK (10 msec)</programlisting>
<para>Attribute name: The values of this attribute will be used to build
the selection list.</para>
<para>Display attributes: List of attributes to show as label for the
options in select box. Attribute wildcards are surrounded by "$", e.g.
"$cn$" will be replaced by "cn" attribute. Default is "$dn$".</para>
<para>Presentation:</para>
<screenshot>
@ -5724,7 +5465,7 @@ OK (10 msec)</programlisting>
</listitem>
<listitem>
<para>§attribute|;§; attribute values separated by ";" (you can set
<para>§attribute|;§; attribute values separted by ";" (you can set
other separators if you want)</para>
</listitem>
</itemizedlist>
@ -5840,7 +5581,7 @@ OK (10 msec)</programlisting>
<para>LAM Pro allows you to execute scripts whenever an account is
created, modified or deleted. This can be useful to automate processes
which needed manual work afterwards (e.g. sending your user a welcome mail
or register a mailbox). Additionally, you can specify manual scripts that
or register a mailbox). Additionally, you can specify manual scipts that
can be executed from within LAM Pro.</para>
<para>To activate this feature please add the "Custom scripts" module to
@ -5974,7 +5715,7 @@ OK (10 msec)</programlisting>
<para>You can switch LAM's logging to debug mode if you are unsure which
attributes with which values are available.</para>
<para>The following special wildcards are available for automatic
<para>The following special wildcards are available for automatical
scripts:</para>
<itemizedlist>

225
lam/docs/manual-sources/chapter-selfService.xml
View File

@ -250,29 +250,15 @@
<row>
<entry>Login caption</entry>
<entry>This text is displayed on the login page inside the login
mask.</entry>
</row>
<row>
<entry>Login footer</entry>
<entry>This text is displayed on the login page below the login
mask.</entry>
<entry>This text is displayed at the login page. You can input
HTML, too.</entry>
</row>
<row>
<entry>Main page caption</entry>
<entry>This text is displayed on the self service main page
where your users change their data.</entry>
</row>
<row>
<entry>Main page footer</entry>
<entry>This text is displayed as footer on the self service main
page where your users change their data.</entry>
<entry>This text is displayed at self service main page where
your users change their data. You can input HTML, too.</entry>
</row>
<row>
@ -304,7 +290,7 @@
<para/>
<section id="selfservice_2fa">
<section>
<title>2-factor authentication</title>
<para>LAM supports 2-factor authentication for your users. This means
@ -325,59 +311,27 @@
<listitem>
<para><ulink url="https://www.yubico.com/">YubiKey</ulink></para>
</listitem>
<listitem>
<para><ulink url="https://duo.com/">Duo</ulink></para>
</listitem>
<listitem>
<para><ulink
url="https://en.wikipedia.org/wiki/WebAuthn">Webauthn/FIDO2</ulink></para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">privacyIDEA</emphasis></para>
<para>privacyIDEA:</para>
<itemizedlist>
<listitem>
<para>Base URL: please enter the URL of your privacyIDEA
instance</para>
</listitem>
<listitem>
<para>User name attribute: please enter the LDAP attribute name
that contains the user ID (e.g. "uid")</para>
</listitem>
<listitem>
<para>Optional: By default LAM will enforce to use a token and
reject users that did not setup one. You can set this check to
optional. But if a user has setup a token then this will always be
required.</para>
</listitem>
<listitem>
<para>Disable certificate check: This should be used on
development instances only. It skips the certificate check when
connecting to verification server.</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">YubiKey</emphasis></para>
<para>YubiKey:</para>
<itemizedlist>
<listitem>
<para>Base URLs: please enter the URL(s) of your YubiKey
verification server(s). If you run a custom verification API such
as yubiserver then enter its URL (e.g.
<para>Base URL: please enter the URL of your YubiKey verfication
server. For YubiKey cloud this is
"https://api.yubico.com/wsapi/2.0/verify". If you run a custom
verification API such as yubiserver then enter its URL (e.g.
http://www.example.com:8000/wsapi/2.0/verify). The URL needs to
end with "/wsapi/2.0/verify". For YubiKey cloud these are
"https://api.yubico.com/wsapi/2.0/verify",
"https://api2.yubico.com/wsapi/2.0/verify",
"https://api3.yubico.com/wsapi/2.0/verify",
"https://api4.yubico.com/wsapi/2.0/verify" and
"https://api5.yubico.com/wsapi/2.0/verify". Enter one URL per
line.</para>
end with "/wsapi/2.0/verify".</para>
</listitem>
<listitem>
@ -389,69 +343,15 @@
<para>Secret key: this is only required for YubiKey cloud. You can
register here: https://upgrade.yubico.com/getapikey/</para>
</listitem>
<listitem>
<para>Optional: By default LAM will enforce to use a token and
reject users that did not setup one. You can set this check to
optional. But if a user has setup a token then this will always be
required.</para>
</listitem>
<listitem>
<para>Disable certificate check: This should be used on
development instances only. It skips the certificate check when
connecting to verification server.</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">Duo</emphasis></para>
<para>Optional: By default LAM will enforce to use a token and reject
users that did not setup one. You can set this check to optional. But
if a user has setup a token then this will always be required.</para>
<para>This requires to register a new "Web SDK" application in your
Duo admin panel.</para>
<itemizedlist>
<listitem>
<para>User name attribute: please enter the LDAP attribute name
that contains the user ID (e.g. "uid").</para>
</listitem>
<listitem>
<para>Base URL: please enter the API-URL of your Duo instance
(e.g. api-12345.duosecurity.com).</para>
</listitem>
<listitem>
<para>Client id: please enter your integration key.</para>
</listitem>
<listitem>
<para>Secret key: please enter your secret key.</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">Webauthn/FIDO2</emphasis></para>
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2
appendix</link> for an overview about Webauthn/FIDO2 in LAM.</para>
<para>Users will be asked to register a device during login if no
device is setup.</para>
<itemizedlist>
<listitem>
<para>Domain: Please enter the WebAuthn domain. This is the public
domain of the web server (e.g. "example.com"). Do not include
protocol or port. Browsers will reject authentication if the
domain does not match the web server domain.</para>
</listitem>
<listitem>
<para>Optional: By default LAM will enforce to use a 2FA device
and reject users that do not setup one. You can set this check to
optional. But if a user has setup a device then this will always
be required.</para>
</listitem>
</itemizedlist>
<para>Disable certificate check: This should be used on development
instances only. It skips the certificate check when connecting to
verification server.</para>
<screenshot>
<mediaobject>
@ -524,8 +424,7 @@
</mediaobject>
</screenshot>
<para id="selfservice_fields"><emphasis role="bold">Possible input
fields</emphasis></para>
<para><emphasis role="bold">Possible input fields</emphasis></para>
<para>This is a list of input fields you may add to the self service
page.</para>
@ -910,7 +809,7 @@
<imageobject>
<imagedata fileref="images/schema_samba.png"/>
</imageobject>
</inlinemediaobject> Windows (AD, AD LDS, Samba 4)</entry>
</inlinemediaobject> Windows</entry>
<entry>Password</entry>
@ -1015,19 +914,6 @@
each time the Windows password is changed.</entry>
</row>
<row>
<entry><inlinemediaobject>
<imageobject>
<imagedata fileref="images/webauthn.png"/>
</imageobject>
</inlinemediaobject>Webauthn</entry>
<entry>Webauthn devices</entry>
<entry>Allows the user to manage his webauthn/FIDO2 security
keys.</entry>
</row>
<row>
<entry morerows="1"><inlinemediaobject>
<imageobject>
@ -1153,7 +1039,7 @@
<para>To enable this feature please activate the checkbox "Enable
password self reset link".</para>
<para><emphasis role="bold">Hint:</emphasis> Please note that LAM Pro
<para><emphasis role="bold">Hint:</emphasis> Plese note that LAM Pro
uses security questions by default. Activate confirmation mails and then
deactivate security questions if you want to use only email
validation.</para>
@ -1166,35 +1052,6 @@
</mediaobject>
</screenshot>
<para>Identification method, used LDAP attributes:</para>
<itemizedlist>
<listitem>
<para>Email: mail</para>
</listitem>
<listitem>
<para>Employee number: employeeNumber</para>
</listitem>
<listitem>
<para>Self service login attribute: same as configured on first tab
of self service profile</para>
</listitem>
<listitem>
<para>User name: uid</para>
</listitem>
<listitem>
<para>User name and email address: uid and mail</para>
</listitem>
<listitem>
<para>User name or email address: uid and mail</para>
</listitem>
</itemizedlist>
<para>You can now configure the minimum answer length for password reset
answers. This is checked when you allow you users to specify their
answers via the self service. Additionally, you can specify the text of
@ -1224,8 +1081,10 @@
The mail can include the new password by using the special wildcard
"@@newPassword@@". Additionally, you may want to insert other wildcards
that are replaced by the corresponding LDAP attributes. E.g. "@@uid@@"
will be replaced by the user name. See <link
linkend="mailSetup">here</link> for setting up your SMTP server.</para>
will be replaced by the user name. Please see <link
linkend="mailEOL">email format option</link> in case of broken mails.
See <link linkend="mailSetup">here</link> for setting up your SMTP
server.</para>
<literallayout> </literallayout>
@ -1400,14 +1259,9 @@
object class in each line. If you use LAM Pro password self reset
feature then do not forget to add "passwordSelfReset" here.</para>
<para/>
<para><emphasis>Attributes:</emphasis> This is a list of additional
attributes that the user can enter. Please note that user name, password
and email address (attribute "mail") are mandatory anyway and need not
be specified. Just in case you use the legacy attribute "email" for
account it needs to be specified (attribute "mail" will then not be
shown).</para>
and email address are mandatory anyway and need not be specified.</para>
<para>Each line represents one LDAP attribute. The settings are
separated by "::". The first setting specifies the field type. The
@ -1509,9 +1363,7 @@
url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is
optional, you can leave these options blank.</para>
<para><emphasis role="bold">Examples:</emphasis></para>
<para>Unix account:</para>
<para><emphasis role="bold">Example:</emphasis></para>
<para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please enter
a valid first name.</para>
@ -1526,20 +1378,6 @@
<para>If you use the object class "inetOrgPerson" and do not provide the
"cn" attribute then LAM will set it to the user name value.</para>
<literallayout>
</literallayout>
<para>Active Directory/Samba4:</para>
<para>required::cn::Common Name::/^[[:alnum:] ]+$/u::Enter common
name.</para>
<para>constant::userPrincipalName::@@uid@@@samba4.test</para>
<para>constant::sAMAccountName::@@uid@@</para>
<para>constant::userAccountControl::512</para>
<literallayout>
</literallayout>
@ -1603,6 +1441,9 @@
valid for 24 hours. When he clicks on this link then the account will be
created in the self service user suffix. The DN will look like this:
<emphasis>uid=&lt;user name&gt;,...</emphasis></para>
<para>Please see <link linkend="mailEOL">email format option</link> in
case of broken mails.</para>
</section>
<section>
@ -1883,10 +1724,6 @@
<para>Attribute name: The values of this attribute will be used to build
the selection list.</para>
<para>Display attributes: List of attributes to show as label for the
options in select box. Attribute wildcards are surrounded by "$", e.g.
"$cn$" will be replaced by "cn" attribute. Default is "$dn$".</para>
<para>Presentation:</para>
<screenshot>
@ -1945,7 +1782,7 @@
</listitem>
<listitem>
<para>§attribute|;§; attribute values separated by ";" (you can set
<para>§attribute|;§; attribute values separted by ";" (you can set
other separators if you want)</para>
</listitem>
</itemizedlist>

19
lam/docs/manual-sources/chapter-tools.xml
View File

@ -192,7 +192,7 @@
<para>This will run the actions against your LDAP directory. You will see
which accounts are edited in the progress area and also if any errors
occurred.</para>
occured.</para>
<screenshot>
<mediaobject>
@ -420,23 +420,6 @@
</screenshot>
</section>
<section>
<title id="tool_webauthn">Webauthn devices</title>
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2 appendix</link>
for an overview about Webauthn/FIDO2 in LAM.</para>
<para>Here you can manage your webauthn/FIDO2 devices.</para>
<para>You can register additional security devices and remove old ones. If
no more device is registered then LAM will ask you for registration on
next login.</para>
<screenshot>
<graphic fileref="images/tool_webauthn1.png"/>
</screenshot>
</section>
<section>
<title>Tests</title>

1
lam/docs/manual-sources/howto.xml
View File

@ -15,6 +15,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-schema.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-security.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-ldapConfig.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-email.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-lamdaemon.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-selfResetSchema.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-design.xml"/>

BIN
lam/docs/manual-sources/images/conf7.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 72 KiB

After

Width:  |  Height:  |  Size: 33 KiB

BIN
lam/docs/manual-sources/images/confImportExport1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
lam/docs/manual-sources/images/confImportExport2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
lam/docs/manual-sources/images/configGeneral6.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 4.5 KiB

BIN
lam/docs/manual-sources/images/configGeneral7.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 70 KiB

After

Width:  |  Height:  |  Size: 13 KiB

BIN
lam/docs/manual-sources/images/configGeneral8.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 35 KiB

BIN
lam/docs/manual-sources/images/configOverview.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 43 KiB

After

Width:  |  Height:  |  Size: 20 KiB

BIN
lam/docs/manual-sources/images/configProfiles4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 39 KiB

BIN
lam/docs/manual-sources/images/customFields26.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 59 KiB

After

Width:  |  Height:  |  Size: 26 KiB

BIN
lam/docs/manual-sources/images/jobs_windowsNotifyGroups.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 70 KiB

BIN
lam/docs/manual-sources/images/mod_adLds1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

BIN
lam/docs/manual-sources/images/mod_adLds2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 39 KiB

BIN
lam/docs/manual-sources/images/mod_adLds3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 80 KiB

BIN
lam/docs/manual-sources/images/mod_adLds4a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 156 KiB

BIN
lam/docs/manual-sources/images/mod_adLds4b.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 60 KiB

BIN
lam/docs/manual-sources/images/mod_adLds5a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 52 KiB

BIN
lam/docs/manual-sources/images/mod_adLds5b.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
lam/docs/manual-sources/images/mod_adLds6.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 53 KiB

BIN
lam/docs/manual-sources/images/mod_gon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 44 KiB

BIN
lam/docs/manual-sources/images/mod_unixGroupConfig2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 46 KiB

BIN
lam/docs/manual-sources/images/tool_webauthn1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 62 KiB

BIN
lam/docs/manual-sources/images/webauthn.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 810 B

6
lam/docs/manual-sources/overview.xml
View File

@ -5,7 +5,7 @@
<title>Overview</title>
<para>LDAP Account Manager (LAM) manages user, group and host accounts in an
LDAP directory. LAM runs on any webserver with PHP7 support and connects to
LDAP directory. LAM runs on any webserver with PHP5 support and connects to
your LDAP server unencrypted or via SSL/TLS.</para>
<para>LAM supports Samba 3/4, Unix, Kopano, Kolab 3, address book entries,
@ -16,7 +16,7 @@
<para><ulink
url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
<para>Copyright (C) 2003 - 2020 Roland Gruber
<para>Copyright (C) 2003 - 2019 Roland Gruber
&lt;post@rolandgruber.de&gt;</para>
<para><emphasis role="bold">Key features:</emphasis></para>
@ -63,7 +63,7 @@
<itemizedlist>
<listitem>
<para>PHP (&gt;= 7.0.0)</para>
<para>PHP (&gt;= 5.6.0)</para>
</listitem>
<listitem>

6
lam/docs/manual-sources/style.css
View File

@ -2,7 +2,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2009 - 2020 Roland Gruber
Copyright (C) 2009 - 2016 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -109,6 +109,4 @@ pre.programlisting {
background-color:#f3f2f1;
}
img {
max-width: 100%;
}

2
lam/docs/schema/dhcp.schema
View File

@ -331,7 +331,7 @@ attributetype ( 2.16.840.1.113719.1.203.4.55
attributetype ( 2.16.840.1.113719.1.203.4.56
NAME 'dhcpComments'
EQUALITY caseIgnoreIA5Match
DESC 'Generic attribute that allows comments within any DHCP object'
DESC 'Generic attribute that allows coments within any DHCP object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# Classes

BIN
lam/graphics/confImportExport.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.7 KiB

BIN
lam/graphics/document.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 856 B

After

Width:  |  Height:  |  Size: 856 B

BIN
lam/graphics/logo_192x192.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.8 KiB

BIN
lam/graphics/logo_512x512.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 39 KiB

BIN
lam/graphics/network.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.1 KiB

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
lam/graphics/webauthn.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 810 B

31
lam/graphics/webauthn.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 27 KiB

BIN
lam/graphics/webcam.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.4 KiB

54
lam/help/help.inc
View File

@ -5,7 +5,7 @@ use \LAM\TYPES\TypeManager;
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner
2003 - 2020 Roland Gruber
2003 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -73,7 +73,7 @@ $helpArray = array (
":</b><br><br>" .
_("When using ldaps:// or TLS be sure to use exactly the same IP/domain name as in your certificate!")),
"202" => array ("Headline" => _("LDAP suffix"),
"Text" => _("This is the suffix of the LDAP tree from where to search for LDAP entries. Only entries in this subtree will be displayed in the account list. When creating a new account this will be the DN where it is saved.") .
"Text" => _("This is the suffix of the LDAP tree from where to search for LDAP entries. Only entries in this subtree will be displayed in the account list. When creating a new accont this will be the DN where it is saved.") .
"<br><br><b>".
_("Example").
":</b><br><br>".
@ -120,7 +120,7 @@ $helpArray = array (
"218" => array ("Headline" => _("Script servers"),
"Text" => _("This is a list of the servers where the lamdaemon scripts are stored. LDAP Account Manager will make a SSH connection to the servers with the user name and password provided at login. Multiple servers are separated by semicolons. You can append a descriptive name after a colon.") . "<br>"
. _("If your server runs on another port then add a comma and the port number after the server.") . "<br><br>"
. _("Examples") . ": <br><b>my.server.name<br>127.0.0.1:LOCAL;192.168.0.2,12345:Servername<br>my.server.name:SERVER:/prefix</b>"),
. _("Example") . ": <b>127.0.0.1:LOCAL;192.168.0.2,12345:Servername;192.168.0.5</b>"),
"219" => array ("Headline" => _("Rights for the home directory"),
"Text" => _("This defines the rights for the home directories which are created by lamdaemon.")),
"220" => array ("Headline" => _("Login method"),
@ -154,13 +154,15 @@ $helpArray = array (
"238" => array ("Headline" => _("Session timeout"),
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
"239" => array ("Headline" => _("Log level"),
"Text" => _("Please select your preferred log level. Messages with a lower level will not be logged.")),
"Text" => _("Please select your prefered log level. Messages with a lower level will not be logged.")),
"240" => array ("Headline" => _("Log destination"),
"Text" => _("Here you can select where LAM should save its log messages. System logging will go to Syslog on Unix systems and event log on Windows. You can also select an extra file.")),
"241" => array ("Headline" => _("Allowed hosts"),
"Text" => _("This is a list of IP addresses from hosts who may access LAM. You can use \"*\" as wildcard (e.g. 192.168.0.*).")),
"242" => array ("Headline" => _("Password policy"),
"Text" => _("Here you can specify minimum requirements for passwords. The character classes are: lowercase, uppercase, numeric and symbols.")),
"243" => array ("Headline" => _('Email format'),
"Text" => _('Please change this setting only if you experience problems in receiving emails from LAM. This defines the line ending of emails.')),
"244" => array ("Headline" => _('PHP error reporting'),
"Text" => _('Defines if the PHP error reporting setting from php.ini is used or the setting preferred by LAM ("E_ALL & ~E_NOTICE"). If you do not develop LAM modules please use the default. This will prevent displaying messages that are useful only for developers.')),
"245" => array ("Headline" => _('Encrypt session'),
@ -177,14 +179,6 @@ $helpArray = array (
"Text" => _("Here you can input simple filter expressions (e.g. 'value' or 'v*'). The filter is case-insensitive.")),
"251" => array ("Headline" => _("Remote server"),
"Text" => _("Please enter the syslog remote server in format \"server:port\".")),
"252" => array ("Headline" => _("User DN"),
"Text" => _("Please enter a part of the user's DN to search for registered devices.")),
"253" => array ("Headline" => _("Mail server"),
"Text" => _("Please enter the server name and port of your SMTP server (e.g. localhost:25). If this setting is left empty then LAM will try to use a locally installed mail server. The server must support TLS.")),
"254" => array ("Headline" => _("User name"),
"Text" => _("SMTP user name")),
"255" => array ("Headline" => _("Password"),
"Text" => _("SMTP password")),
"260" => array ("Headline" => _("Additional LDAP filter"),
"Text" => _('Use this to enter an additional LDAP filter (e.g. "(cn!=admin)") to reduce the number of visible elements for this account type.')
. ' ' . _('You can use the wildcard @@LOGIN_DN@@ which will be substituted with the DN of the user who is currently logged in to LAM.')
@ -237,16 +231,6 @@ $helpArray = array (
"Text" => _('Password to unlock SSH key file.')),
'287' => array ("Headline" => _('Licence'),
"Text" => _('Please enter your licence key.')),
'288' => array ("Headline" => _('Expiration warning'),
"Text" => _('Please select how to be warned before your licence expires.')),
'289' => array ("Headline" => _('From address'),
"Text" => _('This email address will be set as sender address of the mails.')),
'290' => array ("Headline" => _('TO address'),
"Text" => _('This email address will be set as TO address for the mails.')),
"291" => array ("Headline" => _('Hide password prompt for expired password'),
"Text" => _('Hides the password prompt when a user with expired password logs into LAM.')),
"292" => array ("Headline" => _('DN part to hide'),
"Text" => _('Hides the given part of the DN when displaying a DN. E.g. if you set this to "dc=example,dc=com" then "ou=department,dc=example,dc=com" will be displayed as "ou=department". Use this if you have very long DNs.')),
// 300 - 399
// profile editor, file upload
"301" => array ("Headline" => _("RDN identifier"),
@ -263,8 +247,6 @@ $helpArray = array (
"Text" => _("Here you can export account profiles to other server profiles (overwrite existing). You may also export a profile to the global templates. In this case it will always be copied to all server profiles that do not yet have a profile with this name.")),
// 400 - 499
// account pages
"400" => array ("Headline" => _("DN suffix") . '/' . _("RDN identifier"),
"Text" => _("The account will be saved under this LDAP suffix.") . '<br><br>' . _("This is the identifier for the relative DN value. It must be one of the given allowed LDAP attributes (e.g. user accounts usually use \"uid\" while groups use \"cn\").")),
"401" => array ("Headline" => _("Load profile"),
"Text" => _("Here you can load an account profile to set default settings for your account. The \"default\" profile is automatically loaded for new accounts.")),
"403" => array ("Headline" => _("Create PDF file"),
@ -317,8 +299,6 @@ $helpArray = array (
"Text" => _('You can enable 2-factor authentication here (e.g. via mobile device).')),
"515" => array ("Headline" => _('Base URL'),
"Text" => _('URL of external 2-factor authentication service.')),
"515a" => array ("Headline" => _('Base URLs'),
"Text" => _('URLs of external 2-factor authentication service. Enter one per line.')),
"516" => array ("Headline" => _('Disable certificate check'),
"Text" => _('This will disable the check of the SSL certificates for the 2-factor authentication service. Not recommended for production usage.')),
"517" => array ("Headline" => _('Label'),
@ -339,14 +319,6 @@ $helpArray = array (
"Text" => _('Please enter your client id for the verification API.')),
"525" => array ("Headline" => _('Secret key'),
"Text" => _('Please enter your secret key for the verification API.')),
"526" => array ("Headline" => _('Login footer'),
"Text" => _('This text is displayed as footer on the self service login page.')),
"527" => array ("Headline" => _('Main page footer'),
"Text" => _('This text is displayed as footer on the self service main page.')),
"528" => array ("Headline" => _('User name attribute'),
"Text" => _('The attribute (e.g. "uid") that contains the user name for the 2-factor service.')),
"529" => array ("Headline" => _('Domain'),
"Text" => _('Please enter the WebAuthn domain. This is the public domain of the webserver (e.g. "example.com"). Do not include protocol or port.')),
"550" => array ("Headline" => _("From address"),
"Text" => _("This email address will be set as sender address of all password mails. If empty the system default (php.ini) will be used.")),
"551" => array ("Headline" => _("Subject"),
@ -383,7 +355,7 @@ $helpArray = array (
"751" => array ("Headline" => _('Base DN'),
"Text" => _('The export will read entries of this DN.')),
"752" => array ("Headline" => _('Search filter'),
"Text" => _('Please enter an LDAP filter to specify the exported entries.')),
"Text" => _('Please enter an LDAP filter to specifiy the exported entries.')),
"753" => array ("Headline" => _('Attributes'),
"Text" => _('Please enter a comma separated list of attributes to export. Using "*" will export all attributes.')),
"754" => array ("Headline" => _('Include system attributes'),
@ -392,7 +364,7 @@ $helpArray = array (
// jobs
'800' => array(
"Headline" => _('From address'),
"Text" => _('This email address will be set as sender address of the mails.')
"Text" => _('This email address will be set as sender address of all mails. If empty the system default (php.ini) will be used.')
),
'801' => array(
"Headline" => _('Reply-to address'),
@ -432,16 +404,6 @@ $helpArray = array (
"Headline" => _('Target DN'),
"Text" => _('The expired accounts will be moved to this DN.')
),
'810' => array(
"Headline" => _('Text'),
"Text" => _('The mail text of all mails.') .
_('You can use wildcards for LDAP attributes in the form @@attribute@@ (e.g. @@uid@@ for the user name).')
. ' ' . _('The managed groups need to be added with @@LAM_MANAGED_GROUPS@@.')
),
'811' => array(
"Headline" => _('Period'),
"Text" => _('This defines how often the email is sent (e.g. each month).')
),
);
/* This is a sample help entry. Just copy this line an modify the values between the [] brackets.

399
lam/lib/2factor.inc
View File

@ -1,23 +1,11 @@
<?php
namespace LAM\LIB\TWO_FACTOR;
use \htmlResponsiveRow;
use \LAM\LOGIN\WEBAUTHN\WebauthnManager;
use \selfServiceProfile;
use \LAMConfig;
use \htmlScript;
use \htmlIframe;
use \htmlImage;
use \htmlButton;
use \htmlJavaScript;
use \htmlStatusMessage;
use \htmlOutputText;
use \htmlDiv;
use \LAMException;
use \Webauthn\PublicKeyCredentialCreationOptions;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2017 - 2020 Roland Gruber
Copyright (C) 2017 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -65,87 +53,16 @@ interface TwoFactorProvider {
*/
public function verify2ndFactor($user, $password, $serial, $twoFactorInput);
/**
* Returns if the service has a custom input form.
* In this case the token field is not displayed.
*
* @return has custom input form
*/
public function hasCustomInputForm();
/**
* Adds the custom input fields to the form.
*
* @param htmlResponsiveRow $row row where to add the input fields
* @param string user DN
*/
public function addCustomInput(&$row, $userDn);
/**
* Returns if the submit button should be shown.
*
* @return bool show submit button
*/
public function isShowSubmitButton();
}
/**
* Base class for 2-factor authentication providers.
*
* @author Roland Gruber
*/
abstract class BaseProvider implements TwoFactorProvider {
protected $config;
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::hasCustomInputForm()
*/
public function hasCustomInputForm() {
return false;
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::addCustomInput()
*/
public function addCustomInput(&$row, $userDn) {
// must be filled by subclass if used
}
/**
* Returns the value of the user attribute in LDAP.
*
* @param string $userDn user DN
* @return string user name
*/
protected function getLoginAttributeValue($userDn) {
$attrName = $this->config->twoFactorAuthenticationSerialAttributeName;
$userData = ldapGetDN($userDn, array($attrName));
if (empty($userData[$attrName])) {
return null;
}
if (is_array($userData[$attrName])) {
return $userData[$attrName][0];
}
return $userData[$attrName];
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::isShowSubmitButton()
*/
public function isShowSubmitButton() {
return true;
}
}
/**
* Provider for privacyIDEA.
*/
class PrivacyIDEAProvider extends BaseProvider {
class PrivacyIDEAProvider implements TwoFactorProvider {
private $config;
/**
* Constructor.
@ -162,9 +79,8 @@ class PrivacyIDEAProvider extends BaseProvider {
*/
public function getSerials($user, $password) {
logNewMessage(LOG_DEBUG, 'PrivacyIDEAProvider: Getting serials for ' . $user);
$loginAttribute = $this->getLoginAttributeValue($user);
$token = $this->authenticate($loginAttribute, $password);
return $this->getSerialsForUser($loginAttribute, $token);
$token = $this->authenticate($user, $password);
return $this->getSerialsForUser($user, $token);
}
/**
@ -173,8 +89,7 @@ class PrivacyIDEAProvider extends BaseProvider {
*/
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
logNewMessage(LOG_DEBUG, 'PrivacyIDEAProvider: Checking 2nd factor for ' . $user);
$loginAttribute = $this->getLoginAttributeValue($user);
$token = $this->authenticate($loginAttribute, $password);
$token = $this->authenticate($user, $password);
return $this->verify($token, $serial, $twoFactorInput);
}
@ -313,7 +228,9 @@ class PrivacyIDEAProvider extends BaseProvider {
*
* @author Roland Gruber
*/
class YubicoProvider extends BaseProvider {
class YubicoProvider implements TwoFactorProvider {
private $config;
/**
* Constructor.
@ -365,253 +282,15 @@ class YubicoProvider extends BaseProvider {
if (!$serialMatched) {
throw new \Exception(_('YubiKey id does not match allowed list of key ids.'));
}
$urls = $this->config->twoFactorAuthenticationURL;
shuffle($urls);
$url = $this->config->twoFactorAuthenticationURL;
$httpsverify = !$this->config->twoFactorAuthenticationInsecure;
$clientId = $this->config->twoFactorAuthenticationClientId;
$secretKey = $this->config->twoFactorAuthenticationSecretKey;
foreach ($urls as $url) {
try {
$auth = new \Auth_Yubico($clientId, $secretKey, $url, $httpsverify);
$auth->verify($twoFactorInput);
return true;
}
catch (LAMException $e) {
logNewMessage(LOG_DEBUG, 'Unable to verify 2FA: ' . $e->getMessage());
}
}
return false;
}
}
/**
* Provider for DUO.
*/
class DuoProvider extends BaseProvider {
/**
* Constructor.
*
* @param TwoFactorConfiguration $config configuration
*/
public function __construct(&$config) {
$this->config = $config;
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::getSerials()
*/
public function getSerials($user, $password) {
return array('DUO');
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::isShowSubmitButton()
*/
public function isShowSubmitButton() {
return false;
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::hasCustomInputForm()
*/
public function hasCustomInputForm() {
$auth = new \Auth_Yubico($clientId, $secretKey, $url, $httpsverify);
$auth->verify($twoFactorInput);
return true;
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\BaseProvider::addCustomInput()
*/
public function addCustomInput(&$row, $userDn) {
$loginAttribute = $this->getLoginAttributeValue($userDn);
$aKey = $this->getAKey();
include_once(__DIR__ . "/3rdParty/duo/Web.php");
$signedRequest = \Duo\Web::signRequest($this->config->twoFactorAuthenticationClientId,
$this->config->twoFactorAuthenticationSecretKey,
$aKey,
$loginAttribute);
if ($this->config->isSelfService) {
$row->add(new htmlScript("../lib/extra/duo/Duo-Web-v2.js", false, false), 12);
}
else {
$row->add(new htmlScript("lib/extra/duo/Duo-Web-v2.js", false, false), 12);
}
$iframe = new htmlIframe('duo_iframe');
$iframe->addDataAttribute('host', $this->config->twoFactorAuthenticationURL);
$iframe->addDataAttribute('sig-request', $signedRequest);
$row->add($iframe, 12);
}
/**
* Returns the aKey.
*
* @return String aKey
*/
private function getAKey() {
if (empty($_SESSION['duo_akey'])) {
$_SESSION['duo_akey'] = generateRandomPassword(40);
}
return $_SESSION['duo_akey'];
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::verify2ndFactor()
*/
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
logNewMessage(LOG_DEBUG, 'DuoProvider: Checking 2nd factor for ' . $user);
$loginAttribute = $this->getLoginAttributeValue($user);
$response = $_POST['sig_response'];
include_once(__DIR__ . "/3rdParty/duo/Web.php");
$result = \Duo\Web::verifyResponse(
$this->config->twoFactorAuthenticationClientId,
$this->config->twoFactorAuthenticationSecretKey,
$this->getAKey(),
$response);
if ($result === $loginAttribute) {
return true;
}
logNewMessage(LOG_ERR, 'DUO authentication failed');
return false;
}
}
/**
* Provider for Webauthn.
*/
class WebauthnProvider extends BaseProvider {
/**
* Constructor.
*
* @param TwoFactorConfiguration $config configuration
*/
public function __construct($config) {
$this->config = $config;
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::getSerials()
*/
public function getSerials($user, $password) {
return array('WEBAUTHN');
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::isShowSubmitButton()
*/
public function isShowSubmitButton() {
return false;
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::hasCustomInputForm()
*/
public function hasCustomInputForm() {
return true;
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\BaseProvider::addCustomInput()
*/
public function addCustomInput(&$row, $userDn) {
if (version_compare(phpversion(), '7.2.0') < 0) {
$row->add(new htmlStatusMessage('ERROR', 'WebAuthn requires PHP 7.2.'), 12);
return;
}
if (!extension_loaded('PDO')) {
$row->add(new htmlStatusMessage('ERROR', 'WebAuthn requires the PDO extension for PHP.'), 12);
return;
}
$pdoDrivers = \PDO::getAvailableDrivers();
if (!in_array('sqlite', $pdoDrivers)) {
$row->add(new htmlStatusMessage('ERROR', 'WebAuthn requires the sqlite PDO driver for PHP.'), 12);
return;
}
include_once __DIR__ . '/webauthn.inc';
$webauthnManager = $this->getWebauthnManager();
$hasTokens = $webauthnManager->isRegistered($userDn);
if ($hasTokens) {
$row->add(new htmlStatusMessage('INFO', _('Please authenticate with your security device.')), 12);
}
else {
$row->add(new htmlStatusMessage('INFO', _('Please register a security device.')), 12);
}
$row->addVerticalSpacer('2rem');
$pathPrefix = $this->config->isSelfService ? '../' : '';
$selfServiceParam = $this->config->isSelfService ? 'true' : 'false';
$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
$row->addVerticalSpacer('1rem');
$registerButton = new htmlButton('register_webauthn', _('Register new key'));
$registerButton->setCSSClasses(array('fullwidth hidden'));
$row->add($registerButton, 12);
$loginButton = new htmlButton('login_webauthn', _('Login'));
$loginButton->setCSSClasses(array('fullwidth hidden'));
$row->add($loginButton, 12);
$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.'));
$row->add(new htmlDiv(null, $errorMessage, array('hidden webauthn-error')), 12);
if (($this->config->twoFactorAuthenticationOptional === true) && !$hasTokens) {
$skipButton = new htmlButton('skip_webauthn', _('Skip'));
$skipButton->setCSSClasses(array('fullwidth'));
$row->add($skipButton, 12);
}
$errorMessageDiv = new htmlDiv('generic-webauthn-error', new htmlOutputText(''));
$errorMessageDiv->addDataAttribute('button', _('Ok'));
$errorMessageDiv->addDataAttribute('title', _('WebAuthn failed'));
$row->add($errorMessageDiv, 12);
$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', ' . $selfServiceParam . ');'), 0);
}
/**
* Returns the webauthn manager.
*
* @return WebauthnManager manager
*/
public function getWebauthnManager() {
return new WebauthnManager();
}
/**
* {@inheritDoc}
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::verify2ndFactor()
*/
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
logNewMessage(LOG_DEBUG, 'WebauthnProvider: Checking 2nd factor for ' . $user);
include_once __DIR__ . '/webauthn.inc';
$webauthnManager = $this->getWebauthnManager();
if (!empty($_SESSION['ldap'])) {
$userDn = $_SESSION['ldap']->getUserName();
}
else {
$userDn = lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService');
}
$hasTokens = $webauthnManager->isRegistered($userDn);
if (!$hasTokens) {
if ($this->config->twoFactorAuthenticationOptional && !$webauthnManager->isRegistered($user) && ($_POST['sig_response'] === 'skip')) {
logNewMessage(LOG_DEBUG, 'Skipped 2FA for ' . $user . ' as no devices are registered and 2FA is optional.');
return true;
}
$response = base64_decode($_POST['sig_response']);
$registrationObject = PublicKeyCredentialCreationOptions::createFromString($_SESSION['webauthn_registration']);
return $webauthnManager->storeNewRegistration($registrationObject, $response);
}
else {
logNewMessage(LOG_DEBUG, 'Checking WebAuthn response of ' . $userDn);
$response = base64_decode($_POST['sig_response']);
return $webauthnManager->isValidAuthentication($response, $userDn);
}
}
}
/**
@ -625,10 +304,6 @@ class TwoFactorProviderService {
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
/** 2factor authentication via YubiKey */
const TWO_FACTOR_YUBICO = 'yubico';
/** 2factor authentication via DUO */
const TWO_FACTOR_DUO = 'duo';
/** 2factor authentication via webauthn */
const TWO_FACTOR_WEBAUTHN = 'webauthn';
private $config;
@ -660,12 +335,6 @@ class TwoFactorProviderService {
elseif ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
return new YubicoProvider($this->config);
}
elseif ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_DUO) {
return new DuoProvider($this->config);
}
elseif ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_WEBAUTHN) {
return new WebauthnProvider($this->config);
}
throw new \Exception('Invalid provider: ' . $this->config->twoFactorAuthentication);
}
@ -677,16 +346,9 @@ class TwoFactorProviderService {
*/
private function getConfigSelfService(&$profile) {
$tfConfig = new TwoFactorConfiguration();
$tfConfig->isSelfService = true;
$tfConfig->twoFactorAuthentication = $profile->twoFactorAuthentication;
$tfConfig->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
$tfConfig->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
if ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
$tfConfig->twoFactorAuthenticationURL = explode("\r\n", $profile->twoFactorAuthenticationURL);
}
else {
$tfConfig->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
}
$tfConfig->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
$tfConfig->twoFactorAuthenticationClientId = $profile->twoFactorAuthenticationClientId;
$tfConfig->twoFactorAuthenticationSecretKey = $profile->twoFactorAuthenticationSecretKey;
if ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
@ -698,14 +360,6 @@ class TwoFactorProviderService {
$tfConfig->twoFactorAuthenticationSerialAttributeName = 'yubiKeyId';
}
}
if (($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA)
|| ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_DUO)) {
$attrName = $profile->twoFactorAuthenticationAttribute;
if (empty($attrName)) {
$attrName = 'uid';
}
$tfConfig->twoFactorAuthenticationSerialAttributeName = strtolower($attrName);
}
return $tfConfig;
}
@ -717,16 +371,9 @@ class TwoFactorProviderService {
*/
private function getConfigAdmin($conf) {
$tfConfig = new TwoFactorConfiguration();
$tfConfig->isSelfService = false;
$tfConfig->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
$tfConfig->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
$tfConfig->twoFactorAuthenticationOptional = $conf->getTwoFactorAuthenticationOptional();
if ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
$tfConfig->twoFactorAuthenticationURL = explode("\r\n", $conf->getTwoFactorAuthenticationURL());
}
else {
$tfConfig->twoFactorAuthenticationURL = $conf->getTwoFactorAuthenticationURL();
}
$tfConfig->twoFactorAuthenticationURL = $conf->getTwoFactorAuthenticationURL();
$tfConfig->twoFactorAuthenticationClientId = $conf->getTwoFactorAuthenticationClientId();
$tfConfig->twoFactorAuthenticationSecretKey = $conf->getTwoFactorAuthenticationSecretKey();
if ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_YUBICO) {
@ -738,10 +385,6 @@ class TwoFactorProviderService {
$tfConfig->twoFactorAuthenticationSerialAttributeName = 'yubiKeyId';
}
}
if (($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA)
|| ($tfConfig->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_DUO)) {
$tfConfig->twoFactorAuthenticationSerialAttributeName = strtolower($conf->getTwoFactorAuthenticationAttribute());
}
return $tfConfig;
}
@ -754,18 +397,13 @@ class TwoFactorProviderService {
*/
class TwoFactorConfiguration {
/**
* @var bool is self service
*/
public $isSelfService = false;
/**
* @var string provider id
*/
public $twoFactorAuthentication = null;
/**
* @var string|array service URL(s)
* @var service URL
*/
public $twoFactorAuthenticationURL = null;
@ -789,9 +427,4 @@ class TwoFactorConfiguration {
*/
public $twoFactorAuthenticationSerialAttributeName = null;
/**
* @var bool 2FA is optional
*/
public $twoFactorAuthenticationOptional = false;
}

7
lam/lib/3rdParty/composer/autoload.php vendored
View File

@ -1,7 +0,0 @@
<?php
// autoload.php @generated by Composer
require_once __DIR__ . '/composer/autoload_real.php';
return ComposerAutoloaderInited73ceb9c1bdec18b7c6d09764d1bce5::getLoader();

11
lam/lib/3rdParty/composer/beberlei/assert/LICENSE vendored
View File

@ -1,11 +0,0 @@
Copyright (c) 2011-2013, Benjamin Eberlei
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.

63
lam/lib/3rdParty/composer/beberlei/assert/composer.json vendored
View File

@ -1,63 +0,0 @@
{
"name": "beberlei/assert",
"description": "Thin assertion library for input validation in business models.",
"authors": [
{
"name": "Benjamin Eberlei",
"email": "kontakt@beberlei.de",
"role": "Lead Developer"
},
{
"name": "Richard Quadling",
"email": "rquadling@gmail.com",
"role": "Collaborator"
}
],
"license": "BSD-2-Clause",
"keywords": [
"assert",
"assertion",
"validation"
],
"autoload": {
"psr-4": {
"Assert\\": "lib/Assert"
},
"files": [
"lib/Assert/functions.php"
]
},
"autoload-dev": {
"psr-4": {
"Assert\\Tests\\": "tests/Assert/Tests"
},
"files": [
"tests/Assert/Tests/Fixtures/functions.php"
]
},
"config": {
"sort-packages": true
},
"require": {
"php": "^7",
"ext-simplexml": "*",
"ext-mbstring": "*",
"ext-ctype": "*",
"ext-json": "*"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "*",
"phpstan/phpstan-shim": "*",
"phpunit/phpunit": ">=6.0.0 <8"
},
"scripts": {
"assert:generate-docs": "php bin/generate_method_docs.php",
"assert:cs-lint": "php-cs-fixer fix --diff -vvv --dry-run",
"assert:cs-fix": "php-cs-fixer fix . -vvv || true",
"assert:sa-code": "vendor/bin/phpstan analyse --configuration=phpstan-code.neon --no-progress --ansi -l 7 bin lib",
"assert:sa-tests": "vendor/bin/phpstan analyse --configuration=phpstan-tests.neon --no-progress --ansi -l 7 tests"
},
"suggest": {
"ext-intl": "Needed to allow Assertion::count(), Assertion::isCountable(), Assertion::minCount(), and Assertion::maxCount() to operate on ResourceBundles"
}
}

96
lam/lib/3rdParty/composer/beberlei/assert/lib/Assert/Assert.php vendored
View File

@ -1,96 +0,0 @@
<?php
/**
* Assert
*
* LICENSE
*
* This source file is subject to the MIT license that is bundled
* with this package in the file LICENSE.txt.
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to kontakt@beberlei.de so I can send you a copy immediately.
*/
namespace Assert;
/**
* AssertionChain factory.
*/
abstract class Assert
{
/** @var string */
protected static $lazyAssertionExceptionClass = LazyAssertionException::class;
/** @var string */
protected static $assertionClass = Assertion::class;
/**
* Start validation on a value, returns {@link AssertionChain}.
*
* The invocation of this method starts an assertion chain
* that is happening on the passed value.
*
* @param mixed $value
* @param string|callable|null $defaultMessage
* @param string|null $defaultPropertyPath
*
* @return AssertionChain
*
* @example
*
* Assert::that($value)->notEmpty()->integer();
* Assert::that($value)->nullOr()->string()->startsWith("Foo");
*
* The assertion chain can be stateful, that means be careful when you reuse
* it. You should never pass around the chain.
*/
public static function that($value, $defaultMessage = null, string $defaultPropertyPath = null): AssertionChain
{
$assertionChain = new AssertionChain($value, $defaultMessage, $defaultPropertyPath);
return $assertionChain->setAssertionClassName(static::$assertionClass);
}
/**
* Start validation on a set of values, returns {@link AssertionChain}.
*
* @param mixed $values
* @param string|callable|null $defaultMessage
* @param string|null $defaultPropertyPath
*
* @return AssertionChain
*/
public static function thatAll($values, $defaultMessage = null, string $defaultPropertyPath = null): AssertionChain
{
return static::that($values, $defaultMessage, $defaultPropertyPath)->all();
}
/**
* Start validation and allow NULL, returns {@link AssertionChain}.
*
* @param mixed $value
* @param string|callable|null $defaultMessage
* @param string|null $defaultPropertyPath
*
* @return AssertionChain
*/
public static function thatNullOr($value, $defaultMessage = null, string $defaultPropertyPath = null): AssertionChain
{
return static::that($value, $defaultMessage, $defaultPropertyPath)->nullOr();
}
/**
* Create a lazy assertion object.
*
* @return LazyAssertion
*/
public static function lazy(): LazyAssertion
{
$lazyAssertion = new LazyAssertion();
return $lazyAssertion
->setAssertClass(\get_called_class())
->setExceptionClass(static::$lazyAssertionExceptionClass);
}
}

2825
lam/lib/3rdParty/composer/beberlei/assert/lib/Assert/Assertion.php vendored
View File

File diff suppressed because it is too large Load Diff

254
lam/lib/3rdParty/composer/beberlei/assert/lib/Assert/AssertionChain.php vendored
View File

@ -1,254 +0,0 @@
<?php
/**
* Assert
*
* LICENSE
*
* This source file is subject to the MIT license that is bundled
* with this package in the file LICENSE.txt.
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to kontakt@beberlei.de so I can send you a copy immediately.
*/
namespace Assert;
use LogicException;
use ReflectionClass;
/**
* Chaining builder for assertions.
*
* @author Benjamin Eberlei <kontakt@beberlei.de>
*
* @method AssertionChain alnum(string|callable $message = null, string $propertyPath = null) Assert that value is alphanumeric.
* @method AssertionChain base64(string|callable $message = null, string $propertyPath = null) Assert that a constant is defined.
* @method AssertionChain between(mixed $lowerLimit, mixed $upperLimit, string|callable $message = null, string $propertyPath = null) Assert that a value is greater or equal than a lower limit, and less than or equal to an upper limit.
* @method AssertionChain betweenExclusive(mixed $lowerLimit, mixed $upperLimit, string|callable $message = null, string $propertyPath = null) Assert that a value is greater than a lower limit, and less than an upper limit.
* @method AssertionChain betweenLength(int $minLength, int $maxLength, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string length is between min and max lengths.
* @method AssertionChain boolean(string|callable $message = null, string $propertyPath = null) Assert that value is php boolean.
* @method AssertionChain choice(array $choices, string|callable $message = null, string $propertyPath = null) Assert that value is in array of choices.
* @method AssertionChain choicesNotEmpty(array $choices, string|callable $message = null, string $propertyPath = null) Determines if the values array has every choice as key and that this choice has content.
* @method AssertionChain classExists(string|callable $message = null, string $propertyPath = null) Assert that the class exists.
* @method AssertionChain contains(string $needle, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string contains a sequence of chars.
* @method AssertionChain count(int $count, string|callable $message = null, string $propertyPath = null) Assert that the count of countable is equal to count.
* @method AssertionChain date(string $format, string|callable $message = null, string $propertyPath = null) Assert that date is valid and corresponds to the given format.
* @method AssertionChain defined(string|callable $message = null, string $propertyPath = null) Assert that a constant is defined.
* @method AssertionChain digit(string|callable $message = null, string $propertyPath = null) Validates if an integer or integerish is a digit.
* @method AssertionChain directory(string|callable $message = null, string $propertyPath = null) Assert that a directory exists.
* @method AssertionChain e164(string|callable $message = null, string $propertyPath = null) Assert that the given string is a valid E164 Phone Number.
* @method AssertionChain email(string|callable $message = null, string $propertyPath = null) Assert that value is an email address (using input_filter/FILTER_VALIDATE_EMAIL).
* @method AssertionChain endsWith(string $needle, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string ends with a sequence of chars.
* @method AssertionChain eq(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that two values are equal (using ==).
* @method AssertionChain eqArraySubset(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that the array contains the subset.
* @method AssertionChain extensionLoaded(string|callable $message = null, string $propertyPath = null) Assert that extension is loaded.
* @method AssertionChain extensionVersion(string $operator, mixed $version, string|callable $message = null, string $propertyPath = null) Assert that extension is loaded and a specific version is installed.
* @method AssertionChain false(string|callable $message = null, string $propertyPath = null) Assert that the value is boolean False.
* @method AssertionChain file(string|callable $message = null, string $propertyPath = null) Assert that a file exists.
* @method AssertionChain float(string|callable $message = null, string $propertyPath = null) Assert that value is a php float.
* @method AssertionChain greaterOrEqualThan(mixed $limit, string|callable $message = null, string $propertyPath = null) Determines if the value is greater or equal than given limit.
* @method AssertionChain greaterThan(mixed $limit, string|callable $message = null, string $propertyPath = null) Determines if the value is greater than given limit.
* @method AssertionChain implementsInterface(string $interfaceName, string|callable $message = null, string $propertyPath = null) Assert that the class implements the interface.
* @method AssertionChain inArray(array $choices, string|callable $message = null, string $propertyPath = null) Assert that value is in array of choices. This is an alias of Assertion::choice().
* @method AssertionChain integer(string|callable $message = null, string $propertyPath = null) Assert that value is a php integer.
* @method AssertionChain integerish(string|callable $message = null, string $propertyPath = null) Assert that value is a php integer'ish.
* @method AssertionChain interfaceExists(string|callable $message = null, string $propertyPath = null) Assert that the interface exists.
* @method AssertionChain ip(int $flag = null, string|callable $message = null, string $propertyPath = null) Assert that value is an IPv4 or IPv6 address.
* @method AssertionChain ipv4(int $flag = null, string|callable $message = null, string $propertyPath = null) Assert that value is an IPv4 address.
* @method AssertionChain ipv6(int $flag = null, string|callable $message = null, string $propertyPath = null) Assert that value is an IPv6 address.
* @method AssertionChain isArray(string|callable $message = null, string $propertyPath = null) Assert that value is an array.
* @method AssertionChain isArrayAccessible(string|callable $message = null, string $propertyPath = null) Assert that value is an array or an array-accessible object.
* @method AssertionChain isCallable(string|callable $message = null, string $propertyPath = null) Determines that the provided value is callable.
* @method AssertionChain isCountable(string|callable $message = null, string $propertyPath = null) Assert that value is countable.
* @method AssertionChain isInstanceOf(string $className, string|callable $message = null, string $propertyPath = null) Assert that value is instance of given class-name.
* @method AssertionChain isJsonString(string|callable $message = null, string $propertyPath = null) Assert that the given string is a valid json string.
* @method AssertionChain isObject(string|callable $message = null, string $propertyPath = null) Determines that the provided value is an object.
* @method AssertionChain isResource(string|callable $message = null, string $propertyPath = null) Assert that value is a resource.
* @method AssertionChain isTraversable(string|callable $message = null, string $propertyPath = null) Assert that value is an array or a traversable object.
* @method AssertionChain keyExists(string|int $key, string|callable $message = null, string $propertyPath = null) Assert that key exists in an array.
* @method AssertionChain keyIsset(string|int $key, string|callable $message = null, string $propertyPath = null) Assert that key exists in an array/array-accessible object using isset().
* @method AssertionChain keyNotExists(string|int $key, string|callable $message = null, string $propertyPath = null) Assert that key does not exist in an array.
* @method AssertionChain length(int $length, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string has a given length.
* @method AssertionChain lessOrEqualThan(mixed $limit, string|callable $message = null, string $propertyPath = null) Determines if the value is less or equal than given limit.
* @method AssertionChain lessThan(mixed $limit, string|callable $message = null, string $propertyPath = null) Determines if the value is less than given limit.
* @method AssertionChain max(mixed $maxValue, string|callable $message = null, string $propertyPath = null) Assert that a number is smaller as a given limit.
* @method AssertionChain maxCount(int $count, string|callable $message = null, string $propertyPath = null) Assert that the countable have at most $count elements.
* @method AssertionChain maxLength(int $maxLength, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string value is not longer than $maxLength chars.
* @method AssertionChain methodExists(mixed $object, string|callable $message = null, string $propertyPath = null) Determines that the named method is defined in the provided object.
* @method AssertionChain min(mixed $minValue, string|callable $message = null, string $propertyPath = null) Assert that a value is at least as big as a given limit.
* @method AssertionChain minCount(int $count, string|callable $message = null, string $propertyPath = null) Assert that the countable have at least $count elements.
* @method AssertionChain minLength(int $minLength, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that a string is at least $minLength chars long.
* @method AssertionChain noContent(string|callable $message = null, string $propertyPath = null) Assert that value is empty.
* @method AssertionChain notBlank(string|callable $message = null, string $propertyPath = null) Assert that value is not blank.
* @method AssertionChain notContains(string $needle, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string does not contains a sequence of chars.
* @method AssertionChain notEmpty(string|callable $message = null, string $propertyPath = null) Assert that value is not empty.
* @method AssertionChain notEmptyKey(string|int $key, string|callable $message = null, string $propertyPath = null) Assert that key exists in an array/array-accessible object and its value is not empty.
* @method AssertionChain notEq(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that two values are not equal (using ==).
* @method AssertionChain notInArray(array $choices, string|callable $message = null, string $propertyPath = null) Assert that value is not in array of choices.
* @method AssertionChain notIsInstanceOf(string $className, string|callable $message = null, string $propertyPath = null) Assert that value is not instance of given class-name.
* @method AssertionChain notNull(string|callable $message = null, string $propertyPath = null) Assert that value is not null.
* @method AssertionChain notRegex(string $pattern, string|callable $message = null, string $propertyPath = null) Assert that value does not match a regex.
* @method AssertionChain notSame(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that two values are not the same (using ===).
* @method AssertionChain null(string|callable $message = null, string $propertyPath = null) Assert that value is null.
* @method AssertionChain numeric(string|callable $message = null, string $propertyPath = null) Assert that value is numeric.
* @method AssertionChain objectOrClass(string|callable $message = null, string $propertyPath = null) Assert that the value is an object, or a class that exists.
* @method AssertionChain phpVersion(mixed $version, string|callable $message = null, string $propertyPath = null) Assert on PHP version.
* @method AssertionChain propertiesExist(array $properties, string|callable $message = null, string $propertyPath = null) Assert that the value is an object or class, and that the properties all exist.
* @method AssertionChain propertyExists(string $property, string|callable $message = null, string $propertyPath = null) Assert that the value is an object or class, and that the property exists.
* @method AssertionChain range(mixed $minValue, mixed $maxValue, string|callable $message = null, string $propertyPath = null) Assert that value is in range of numbers.
* @method AssertionChain readable(string|callable $message = null, string $propertyPath = null) Assert that the value is something readable.
* @method AssertionChain regex(string $pattern, string|callable $message = null, string $propertyPath = null) Assert that value matches a regex.
* @method AssertionChain same(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that two values are the same (using ===).
* @method AssertionChain satisfy(callable $callback, string|callable $message = null, string $propertyPath = null) Assert that the provided value is valid according to a callback.
* @method AssertionChain scalar(string|callable $message = null, string $propertyPath = null) Assert that value is a PHP scalar.
* @method AssertionChain startsWith(string $needle, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string starts with a sequence of chars.
* @method AssertionChain string(string|callable $message = null, string $propertyPath = null) Assert that value is a string.
* @method AssertionChain subclassOf(string $className, string|callable $message = null, string $propertyPath = null) Assert that value is subclass of given class-name.
* @method AssertionChain true(string|callable $message = null, string $propertyPath = null) Assert that the value is boolean True.
* @method AssertionChain url(string|callable $message = null, string $propertyPath = null) Assert that value is an URL.
* @method AssertionChain uuid(string|callable $message = null, string $propertyPath = null) Assert that the given string is a valid UUID.
* @method AssertionChain version(string $operator, string $version2, string|callable $message = null, string $propertyPath = null) Assert comparison of two versions.
* @method AssertionChain writeable(string|callable $message = null, string $propertyPath = null) Assert that the value is something writeable.
*/
class AssertionChain
{
/**
* @var mixed
*/
private $value;
/**
* @var string|callable|null
*/
private $defaultMessage;
/**
* @var string|null
*/
private $defaultPropertyPath;
/**
* Return each assertion as always valid.
*
* @var bool
*/
private $alwaysValid = false;
/**
* Perform assertion on every element of array or traversable.
*
* @var bool
*/
private $all = false;
/** @var string|Assertion Class to use for assertion calls */
private $assertionClassName = 'Assert\Assertion';
/**
* AssertionChain constructor.
*
* @param mixed $value
* @param string|callable|null $defaultMessage
* @param string|null $defaultPropertyPath
*/
public function __construct($value, $defaultMessage = null, string $defaultPropertyPath = null)
{
$this->value = $value;
$this->defaultMessage = $defaultMessage;
$this->defaultPropertyPath = $defaultPropertyPath;
}
/**
* Call assertion on the current value in the chain.
*
* @param string $methodName
* @param array $args
*
* @return AssertionChain
*/
public function __call($methodName, $args): AssertionChain
{
if (true === $this->alwaysValid) {
return $this;
}
if (!\method_exists($this->assertionClassName, $methodName)) {
throw new \RuntimeException("Assertion '".$methodName."' does not exist.");
}
$reflClass = new ReflectionClass($this->assertionClassName);
$method = $reflClass->getMethod($methodName);
\array_unshift($args, $this->value);
$params = $method->getParameters();
foreach ($params as $idx => $param) {
if (isset($args[$idx])) {
continue;
}
if ('message' == $param->getName()) {
$args[$idx] = $this->defaultMessage;
}
if ('propertyPath' == $param->getName()) {
$args[$idx] = $this->defaultPropertyPath;
}
}
if ($this->all) {
$methodName = 'all'.$methodName;
}
\call_user_func_array([$this->assertionClassName, $methodName], $args);
return $this;
}
/**
* Switch chain into validation mode for an array of values.
*
* @return AssertionChain
*/
public function all(): AssertionChain
{
$this->all = true;
return $this;
}
/**
* Switch chain into mode allowing nulls, ignoring further assertions.
*
* @return AssertionChain
*/
public function nullOr(): AssertionChain
{
if (null === $this->value) {
$this->alwaysValid = true;
}
return $this;
}
/**
* @param string $className
*
* @return $this
*/
public function setAssertionClassName($className): AssertionChain
{
if (!\is_string($className)) {
throw new LogicException('Exception class name must be passed as a string');
}
if (Assertion::class !== $className && !\is_subclass_of($className, Assertion::class)) {
throw new LogicException($className.' is not (a subclass of) '.Assertion::class);
}
$this->assertionClassName = $className;
return $this;
}
}

35
lam/lib/3rdParty/composer/beberlei/assert/lib/Assert/AssertionFailedException.php vendored
View File

@ -1,35 +0,0 @@
<?php
/**
* Assert
*
* LICENSE
*
* This source file is subject to the MIT license that is bundled
* with this package in the file LICENSE.txt.
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to kontakt@beberlei.de so I can send you a copy immediately.
*/
namespace Assert;
use Throwable;
interface AssertionFailedException extends Throwable
{
/**
* @return string|null
*/
public function getPropertyPath();
/**
* @return mixed
*/
public function getValue();
/**
* @return array
*/
public function getConstraints(): array;
}

76
lam/lib/3rdParty/composer/beberlei/assert/lib/Assert/InvalidArgumentException.php vendored
View File

@ -1,76 +0,0 @@
<?php
/**
* Assert
*
* LICENSE
*
* This source file is subject to the MIT license that is bundled
* with this package in the file LICENSE.txt.
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to kontakt@beberlei.de so I can send you a copy immediately.
*/
namespace Assert;
class InvalidArgumentException extends \InvalidArgumentException implements AssertionFailedException
{
/**
* @var string|null
*/
private $propertyPath;
/**
* @var mixed
*/
private $value;
/**
* @var array
*/
private $constraints;
public function __construct($message, $code, string $propertyPath = null, $value = null, array $constraints = [])
{
parent::__construct($message, $code);
$this->propertyPath = $propertyPath;
$this->value = $value;
$this->constraints = $constraints;
}
/**
* User controlled way to define a sub-property causing
* the failure of a currently asserted objects.
*
* Useful to transport information about the nature of the error
* back to higher layers.
*
* @return string|null
*/
public function getPropertyPath()
{
return $this->propertyPath;
}
/**
* Get the value that caused the assertion to fail.
*
* @return mixed
*/
public function getValue()
{
return $this->value;
}
/**
* Get the constraints that applied to the failed assertion.
*
* @return array
*/
public function getConstraints(): array
{
return $this->constraints;
}
}

230
lam/lib/3rdParty/composer/beberlei/assert/lib/Assert/LazyAssertion.php vendored
View File

@ -1,230 +0,0 @@
<?php
/**
* Assert
*
* LICENSE
*
* This source file is subject to the MIT license that is bundled
* with this package in the file LICENSE.txt.
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to kontakt@beberlei.de so I can send you a copy immediately.
*/
namespace Assert;
use LogicException;
/**
* Chaining builder for lazy assertions.
*
* @author Benjamin Eberlei <kontakt@beberlei.de>
*
* @method LazyAssertion alnum(string|callable $message = null, string $propertyPath = null) Assert that value is alphanumeric.
* @method LazyAssertion base64(string|callable $message = null, string $propertyPath = null) Assert that a constant is defined.
* @method LazyAssertion between(mixed $lowerLimit, mixed $upperLimit, string|callable $message = null, string $propertyPath = null) Assert that a value is greater or equal than a lower limit, and less than or equal to an upper limit.
* @method LazyAssertion betweenExclusive(mixed $lowerLimit, mixed $upperLimit, string|callable $message = null, string $propertyPath = null) Assert that a value is greater than a lower limit, and less than an upper limit.
* @method LazyAssertion betweenLength(int $minLength, int $maxLength, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string length is between min and max lengths.
* @method LazyAssertion boolean(string|callable $message = null, string $propertyPath = null) Assert that value is php boolean.
* @method LazyAssertion choice(array $choices, string|callable $message = null, string $propertyPath = null) Assert that value is in array of choices.
* @method LazyAssertion choicesNotEmpty(array $choices, string|callable $message = null, string $propertyPath = null) Determines if the values array has every choice as key and that this choice has content.
* @method LazyAssertion classExists(string|callable $message = null, string $propertyPath = null) Assert that the class exists.
* @method LazyAssertion contains(string $needle, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string contains a sequence of chars.
* @method LazyAssertion count(int $count, string|callable $message = null, string $propertyPath = null) Assert that the count of countable is equal to count.
* @method LazyAssertion date(string $format, string|callable $message = null, string $propertyPath = null) Assert that date is valid and corresponds to the given format.
* @method LazyAssertion defined(string|callable $message = null, string $propertyPath = null) Assert that a constant is defined.
* @method LazyAssertion digit(string|callable $message = null, string $propertyPath = null) Validates if an integer or integerish is a digit.
* @method LazyAssertion directory(string|callable $message = null, string $propertyPath = null) Assert that a directory exists.
* @method LazyAssertion e164(string|callable $message = null, string $propertyPath = null) Assert that the given string is a valid E164 Phone Number.
* @method LazyAssertion email(string|callable $message = null, string $propertyPath = null) Assert that value is an email address (using input_filter/FILTER_VALIDATE_EMAIL).
* @method LazyAssertion endsWith(string $needle, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string ends with a sequence of chars.
* @method LazyAssertion eq(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that two values are equal (using ==).
* @method LazyAssertion eqArraySubset(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that the array contains the subset.
* @method LazyAssertion extensionLoaded(string|callable $message = null, string $propertyPath = null) Assert that extension is loaded.
* @method LazyAssertion extensionVersion(string $operator, mixed $version, string|callable $message = null, string $propertyPath = null) Assert that extension is loaded and a specific version is installed.
* @method LazyAssertion false(string|callable $message = null, string $propertyPath = null) Assert that the value is boolean False.
* @method LazyAssertion file(string|callable $message = null, string $propertyPath = null) Assert that a file exists.
* @method LazyAssertion float(string|callable $message = null, string $propertyPath = null) Assert that value is a php float.
* @method LazyAssertion greaterOrEqualThan(mixed $limit, string|callable $message = null, string $propertyPath = null) Determines if the value is greater or equal than given limit.
* @method LazyAssertion greaterThan(mixed $limit, string|callable $message = null, string $propertyPath = null) Determines if the value is greater than given limit.
* @method LazyAssertion implementsInterface(string $interfaceName, string|callable $message = null, string $propertyPath = null) Assert that the class implements the interface.
* @method LazyAssertion inArray(array $choices, string|callable $message = null, string $propertyPath = null) Assert that value is in array of choices. This is an alias of Assertion::choice().
* @method LazyAssertion integer(string|callable $message = null, string $propertyPath = null) Assert that value is a php integer.
* @method LazyAssertion integerish(string|callable $message = null, string $propertyPath = null) Assert that value is a php integer'ish.
* @method LazyAssertion interfaceExists(string|callable $message = null, string $propertyPath = null) Assert that the interface exists.
* @method LazyAssertion ip(int $flag = null, string|callable $message = null, string $propertyPath = null) Assert that value is an IPv4 or IPv6 address.
* @method LazyAssertion ipv4(int $flag = null, string|callable $message = null, string $propertyPath = null) Assert that value is an IPv4 address.
* @method LazyAssertion ipv6(int $flag = null, string|callable $message = null, string $propertyPath = null) Assert that value is an IPv6 address.
* @method LazyAssertion isArray(string|callable $message = null, string $propertyPath = null) Assert that value is an array.
* @method LazyAssertion isArrayAccessible(string|callable $message = null, string $propertyPath = null) Assert that value is an array or an array-accessible object.
* @method LazyAssertion isCallable(string|callable $message = null, string $propertyPath = null) Determines that the provided value is callable.
* @method LazyAssertion isCountable(string|callable $message = null, string $propertyPath = null) Assert that value is countable.
* @method LazyAssertion isInstanceOf(string $className, string|callable $message = null, string $propertyPath = null) Assert that value is instance of given class-name.
* @method LazyAssertion isJsonString(string|callable $message = null, string $propertyPath = null) Assert that the given string is a valid json string.
* @method LazyAssertion isObject(string|callable $message = null, string $propertyPath = null) Determines that the provided value is an object.
* @method LazyAssertion isResource(string|callable $message = null, string $propertyPath = null) Assert that value is a resource.
* @method LazyAssertion isTraversable(string|callable $message = null, string $propertyPath = null) Assert that value is an array or a traversable object.
* @method LazyAssertion keyExists(string|int $key, string|callable $message = null, string $propertyPath = null) Assert that key exists in an array.
* @method LazyAssertion keyIsset(string|int $key, string|callable $message = null, string $propertyPath = null) Assert that key exists in an array/array-accessible object using isset().
* @method LazyAssertion keyNotExists(string|int $key, string|callable $message = null, string $propertyPath = null) Assert that key does not exist in an array.
* @method LazyAssertion length(int $length, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string has a given length.
* @method LazyAssertion lessOrEqualThan(mixed $limit, string|callable $message = null, string $propertyPath = null) Determines if the value is less or equal than given limit.
* @method LazyAssertion lessThan(mixed $limit, string|callable $message = null, string $propertyPath = null) Determines if the value is less than given limit.
* @method LazyAssertion max(mixed $maxValue, string|callable $message = null, string $propertyPath = null) Assert that a number is smaller as a given limit.
* @method LazyAssertion maxCount(int $count, string|callable $message = null, string $propertyPath = null) Assert that the countable have at most $count elements.
* @method LazyAssertion maxLength(int $maxLength, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string value is not longer than $maxLength chars.
* @method LazyAssertion methodExists(mixed $object, string|callable $message = null, string $propertyPath = null) Determines that the named method is defined in the provided object.
* @method LazyAssertion min(mixed $minValue, string|callable $message = null, string $propertyPath = null) Assert that a value is at least as big as a given limit.
* @method LazyAssertion minCount(int $count, string|callable $message = null, string $propertyPath = null) Assert that the countable have at least $count elements.
* @method LazyAssertion minLength(int $minLength, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that a string is at least $minLength chars long.
* @method LazyAssertion noContent(string|callable $message = null, string $propertyPath = null) Assert that value is empty.
* @method LazyAssertion notBlank(string|callable $message = null, string $propertyPath = null) Assert that value is not blank.
* @method LazyAssertion notContains(string $needle, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string does not contains a sequence of chars.
* @method LazyAssertion notEmpty(string|callable $message = null, string $propertyPath = null) Assert that value is not empty.
* @method LazyAssertion notEmptyKey(string|int $key, string|callable $message = null, string $propertyPath = null) Assert that key exists in an array/array-accessible object and its value is not empty.
* @method LazyAssertion notEq(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that two values are not equal (using ==).
* @method LazyAssertion notInArray(array $choices, string|callable $message = null, string $propertyPath = null) Assert that value is not in array of choices.
* @method LazyAssertion notIsInstanceOf(string $className, string|callable $message = null, string $propertyPath = null) Assert that value is not instance of given class-name.
* @method LazyAssertion notNull(string|callable $message = null, string $propertyPath = null) Assert that value is not null.
* @method LazyAssertion notRegex(string $pattern, string|callable $message = null, string $propertyPath = null) Assert that value does not match a regex.
* @method LazyAssertion notSame(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that two values are not the same (using ===).
* @method LazyAssertion null(string|callable $message = null, string $propertyPath = null) Assert that value is null.
* @method LazyAssertion numeric(string|callable $message = null, string $propertyPath = null) Assert that value is numeric.
* @method LazyAssertion objectOrClass(string|callable $message = null, string $propertyPath = null) Assert that the value is an object, or a class that exists.
* @method LazyAssertion phpVersion(mixed $version, string|callable $message = null, string $propertyPath = null) Assert on PHP version.
* @method LazyAssertion propertiesExist(array $properties, string|callable $message = null, string $propertyPath = null) Assert that the value is an object or class, and that the properties all exist.
* @method LazyAssertion propertyExists(string $property, string|callable $message = null, string $propertyPath = null) Assert that the value is an object or class, and that the property exists.
* @method LazyAssertion range(mixed $minValue, mixed $maxValue, string|callable $message = null, string $propertyPath = null) Assert that value is in range of numbers.
* @method LazyAssertion readable(string|callable $message = null, string $propertyPath = null) Assert that the value is something readable.
* @method LazyAssertion regex(string $pattern, string|callable $message = null, string $propertyPath = null) Assert that value matches a regex.
* @method LazyAssertion same(mixed $value2, string|callable $message = null, string $propertyPath = null) Assert that two values are the same (using ===).
* @method LazyAssertion satisfy(callable $callback, string|callable $message = null, string $propertyPath = null) Assert that the provided value is valid according to a callback.
* @method LazyAssertion scalar(string|callable $message = null, string $propertyPath = null) Assert that value is a PHP scalar.
* @method LazyAssertion startsWith(string $needle, string|callable $message = null, string $propertyPath = null, string $encoding = 'utf8') Assert that string starts with a sequence of chars.
* @method LazyAssertion string(string|callable $message = null, string $propertyPath = null) Assert that value is a string.
* @method LazyAssertion subclassOf(string $className, string|callable $message = null, string $propertyPath = null) Assert that value is subclass of given class-name.
* @method LazyAssertion true(string|callable $message = null, string $propertyPath = null) Assert that the value is boolean True.
* @method LazyAssertion url(string|callable $message = null, string $propertyPath = null) Assert that value is an URL.
* @method LazyAssertion uuid(string|callable $message = null, string $propertyPath = null) Assert that the given string is a valid UUID.
* @method LazyAssertion version(string $operator, string $version2, string|callable $message = null, string $propertyPath = null) Assert comparison of two versions.
* @method LazyAssertion writeable(string|callable $message = null, string $propertyPath = null) Assert that the value is something writeable.
* @method LazyAssertion all() Switch chain into validation mode for an array of values.
* @method LazyAssertion nullOr() Switch chain into mode allowing nulls, ignoring further assertions.
*/
class LazyAssertion
{
private $currentChainFailed = false;
private $alwaysTryAll = false;
private $thisChainTryAll = false;
private $currentChain;
private $errors = [];
/** @var string The class to use as AssertionChain factory */
private $assertClass = Assert::class;
/** @var string|LazyAssertionException The class to use for exceptions */
private $exceptionClass = LazyAssertionException::class;
/**
* @param mixed $value
* @param string|null $propertyPath
* @param string|callable|null $defaultMessage
*
* @return static
*/
public function that($value, string $propertyPath = null, $defaultMessage = null)
{
$this->currentChainFailed = false;
$this->thisChainTryAll = false;
$assertClass = $this->assertClass;
$this->currentChain = $assertClass::that($value, $defaultMessage, $propertyPath);
return $this;
}
/**
* @return static
*/
public function tryAll()
{
if (!$this->currentChain) {
$this->alwaysTryAll = true;
}
$this->thisChainTryAll = true;
return $this;
}
/**
* @param string $method
* @param array $args
*
* @return static
*/
public function __call($method, $args)
{
if (false === $this->alwaysTryAll
&& false === $this->thisChainTryAll
&& true === $this->currentChainFailed
) {
return $this;
}
try {
\call_user_func_array([$this->currentChain, $method], $args);
} catch (AssertionFailedException $e) {
$this->errors[] = $e;
$this->currentChainFailed = true;
}
return $this;
}
/**
* @return bool
*
* @throws LazyAssertionException
*/
public function verifyNow(): bool
{
if ($this->errors) {
throw \call_user_func([$this->exceptionClass, 'fromErrors'], $this->errors);
}
return true;
}
/**
* @param string $className
*
* @return static
*/
public function setAssertClass(string $className)
{
if (Assert::class !== $className && !\is_subclass_of($className, Assert::class)) {
throw new LogicException($className.' is not (a subclass of) '.Assert::class);
}
$this->assertClass = $className;
return $this;
}
/**
* @param string $className
*
* @return static
*/
public function setExceptionClass(string $className)
{
if (LazyAssertionException::class !== $className && !\is_subclass_of($className, LazyAssertionException::class)) {
throw new LogicException($className.' is not (a subclass of) '.LazyAssertionException::class);
}
$this->exceptionClass = $className;
return $this;
}
}

55
lam/lib/3rdParty/composer/beberlei/assert/lib/Assert/LazyAssertionException.php vendored
View File

@ -1,55 +0,0 @@
<?php
/**
* Assert
*
* LICENSE
*
* This source file is subject to the MIT license that is bundled
* with this package in the file LICENSE.txt.
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to kontakt@beberlei.de so I can send you a copy immediately.
*/
namespace Assert;
class LazyAssertionException extends InvalidArgumentException
{
/**
* @var InvalidArgumentException[]
*/
private $errors = [];
/**
* @param InvalidArgumentException[] $errors
*
* @return self
*/
public static function fromErrors(array $errors): self
{
$message = \sprintf('The following %d assertions failed:', \count($errors))."\n";
$i = 1;
foreach ($errors as $error) {
$message .= \sprintf("%d) %s: %s\n", $i++, $error->getPropertyPath(), $error->getMessage());
}
return new static($message, $errors);
}
public function __construct($message, array $errors)
{
parent::__construct($message, 0, null, null);
$this->errors = $errors;
}
/**
* @return InvalidArgumentException[]
*/
public function getErrorExceptions(): array
{
return $this->errors;
}
}

80
lam/lib/3rdParty/composer/beberlei/assert/lib/Assert/functions.php vendored
View File

@ -1,80 +0,0 @@
<?php
/**
* Assert
*
* LICENSE
*
* This source file is subject to the MIT license that is bundled
* with this package in the file LICENSE.txt.
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to kontakt@beberlei.de so I can send you a copy immediately.
*/
namespace Assert;
/**
* Start validation on a value, returns {@link AssertionChain}.
*
* The invocation of this method starts an assertion chain
* that is happening on the passed value.
*
* @param mixed $value
* @param string|callable|null $defaultMessage
* @param string $defaultPropertyPath
*
* @return AssertionChain
*
* @example
*
* \Assert\that($value)->notEmpty()->integer();
* \Assert\that($value)->nullOr()->string()->startsWith("Foo");
*
* The assertion chain can be stateful, that means be careful when you reuse
* it. You should never pass around the chain.
*/
function that($value, $defaultMessage = null, string $defaultPropertyPath = null): AssertionChain
{
return Assert::that($value, $defaultMessage, $defaultPropertyPath);
}
/**
* Start validation on a set of values, returns {@link AssertionChain}.
*
* @param mixed $values
* @param string|callable|null $defaultMessage
* @param string $defaultPropertyPath
*
* @return AssertionChain
*/
function thatAll($values, $defaultMessage = null, string $defaultPropertyPath = null): AssertionChain
{
return Assert::thatAll($values, $defaultMessage, $defaultPropertyPath);
}
/**
* Start validation and allow NULL, returns {@link AssertionChain}.
*
* @param mixed $value
* @param string|callable|null $defaultMessage
* @param string $defaultPropertyPath
*
* @return AssertionChain
*
* @deprecated In favour of Assert::thatNullOr($value, $defaultMessage = null, $defaultPropertyPath = null)
*/
function thatNullOr($value, $defaultMessage = null, string $defaultPropertyPath = null): AssertionChain
{
return Assert::thatNullOr($value, $defaultMessage, $defaultPropertyPath);
}
/**
* Create a lazy assertion object.
*
* @return LazyAssertion
*/
function lazy(): LazyAssertion
{
return Assert::lazy();
}

Some files were not shown because too many files have changed in this diff Show More