Compare commits
	
		
			793 Commits
		
	
	
		
			lam_6_4_RC
			...
			develop
		
	
	| Author | SHA1 | Date | 
|---|---|---|
|  | 72ef7f1ac5 | |
|  | 4f8b1e81ea | |
|  | c5b6c8132c | |
|  | 6c306bcb9e | |
|  | 3c7fdca8eb | |
|  | d0b18ad8b5 | |
|  | 4455a5a15d | |
|  | 598fa546a9 | |
|  | df0e02da9f | |
|  | 2ee58dd737 | |
|  | 8375f9e0d0 | |
|  | ad23fd0fc2 | |
|  | 5972e94fdb | |
|  | 9a9bb3dce7 | |
|  | bfa22c6aa3 | |
|  | 09989ee804 | |
|  | 08a65e2608 | |
|  | 3368b4ab10 | |
|  | b3905d73ca | |
|  | e5344b0568 | |
|  | b00fd8d83e | |
|  | 018513ac95 | |
|  | 75120fc25d | |
|  | 3ad5dcf65a | |
|  | 6768c7e7ef | |
|  | 1dd0f64f5b | |
|  | cb58a27972 | |
|  | 9394eeeabd | |
|  | ffb3ed9357 | |
|  | 4158ebb91d | |
|  | 2698995cc2 | |
|  | 840289e360 | |
|  | 60109eb47c | |
|  | e070accf18 | |
|  | 21e7e4a95d | |
|  | 5e770d8920 | |
|  | e03cd1f57c | |
|  | d32d8d3a0d | |
|  | 1523f0ee8f | |
|  | bc277e4c0a | |
|  | f75f813a9a | |
|  | 87986e93cc | |
|  | 780daded11 | |
|  | 38cbfb9dab | |
|  | 60199a41b5 | |
|  | aed8ce867c | |
|  | 30909b385a | |
|  | 55ccddbf1e | |
|  | ee75385e7d | |
|  | 9ec8d2ce57 | |
|  | 605713a181 | |
|  | fd8e7c1de3 | |
|  | bdd3dd39b9 | |
|  | 4d0a6d92e7 | |
|  | e58459d351 | |
|  | 316c979ef2 | |
|  | 3bd507a47d | |
|  | 01844a0d05 | |
|  | 57dcbd880d | |
|  | 12581a5dc0 | |
|  | 2fcabf0c07 | |
|  | db523af70f | |
|  | 69796a98f3 | |
|  | 82905cb4e5 | |
|  | 6f88ec8d9d | |
|  | 75fd361116 | |
|  | f36446fe43 | |
|  | 1196c56287 | |
|  | 48ace3c3f9 | |
|  | 5a09f8159f | |
|  | 6ade23ce65 | |
|  | 03f6fd858b | |
|  | f23d2a4455 | |
|  | f091b653b8 | |
|  | aa43b4721b | |
|  | 7bd799bee3 | |
|  | 3ba7fa18bd | |
|  | 2e61e2dca9 | |
|  | 71af42442b | |
|  | 3018a887c0 | |
|  | aaddb6eead | |
|  | 95bdb04949 | |
|  | 93a7ffdd65 | |
|  | ed28d3b8e7 | |
|  | 3c305f26fa | |
|  | ecdd23e843 | |
|  | 1081b51fe9 | |
|  | b91333ff12 | |
|  | 2e5419b3ac | |
|  | 9198187a26 | |
|  | 32b5a14226 | |
|  | 5151d96592 | |
|  | 0a72bc9635 | |
|  | 6fc259d718 | |
|  | 40fd19e3bf | |
|  | 9b4261ca36 | |
|  | 2db6bf23eb | |
|  | ffd74d88e4 | |
|  | a246fde0e2 | |
|  | 665ca9daad | |
|  | 81587a9b00 | |
|  | 9c6e30a03b | |
|  | c9d32bf2de | |
|  | a6b39d522f | |
|  | 8e9700d230 | |
|  | e44f3d3243 | |
|  | 8743285719 | |
|  | 7fcc2cf38d | |
|  | 1d107c4a24 | |
|  | ec2a017fc7 | |
|  | a724638886 | |
|  | acbdec11dd | |
|  | 8d50dd59b0 | |
|  | ea72ab63a9 | |
|  | d0e88cf80b | |
|  | 2331e42e34 | |
|  | df189f69e7 | |
|  | 5b17baa628 | |
|  | 5a40e6fed1 | |
|  | d980ffc1a5 | |
|  | 56d51c8e8c | |
|  | a52393dc79 | |
|  | 58882affa7 | |
|  | 8b38839dae | |
|  | 24a6e14251 | |
|  | 9936c834db | |
|  | e8d421ae04 | |
|  | 00c5a014b4 | |
|  | 38293656b6 | |
|  | 9ed53f51de | |
|  | f0f81c085b | |
|  | 8af2132926 | |
|  | 541684d49f | |
|  | 07f5ae2d7a | |
|  | b65125beaf | |
|  | c9990fa189 | |
|  | 18e1e5e3c1 | |
|  | 6f5a8cb0cd | |
|  | 9cf564e500 | |
|  | e9eca9ab74 | |
|  | ffb8fca488 | |
|  | 365389cd0b | |
|  | 0609c748ea | |
|  | 394cbedb2a | |
|  | 028f8adcfd | |
|  | 56eb28c2ba | |
|  | 468a95e434 | |
|  | b12ba2369e | |
|  | 726f1e13b4 | |
|  | 802b16797a | |
|  | a07c0013ae | |
|  | bd7d32d2d0 | |
|  | 824ec1917a | |
|  | c192886117 | |
|  | bf52e55f5f | |
|  | 4a5ef05f38 | |
|  | 54f6c82cee | |
|  | b6425b9abd | |
|  | 96c4b49f06 | |
|  | 04065ccf58 | |
|  | 0647faf744 | |
|  | 012e2b450f | |
|  | 2904f178a0 | |
|  | 6d5971d716 | |
|  | 50596a358e | |
|  | 0f40ba18c0 | |
|  | 44dff694c4 | |
|  | e386b9dad4 | |
|  | b4007b5d8e | |
|  | 0230241b15 | |
|  | 51ed41f4fa | |
|  | 8894146c06 | |
|  | 2495dae78a | |
|  | ad2bce6a6a | |
|  | 5b14134108 | |
|  | 45b4bdb7d5 | |
|  | b7ab251f6c | |
|  | 041a8eb833 | |
|  | eae8f36dab | |
|  | 799d9b24fc | |
|  | f3747d176e | |
|  | cb5291cb1a | |
|  | 5f09fe6ebe | |
|  | 110d693aaf | |
|  | 8eb07c27f4 | |
|  | 4090fff0f3 | |
|  | 0610004c7d | |
|  | cc5fab6e5a | |
|  | aec46823ba | |
|  | 74d8210b01 | |
|  | 5153f6ea17 | |
|  | 098c28339a | |
|  | 45cbadd56c | |
|  | a98fe5786a | |
|  | afdfa543d6 | |
|  | e923a03979 | |
|  | 0f8fb1e146 | |
|  | 59e9635e90 | |
|  | c0e1e026d8 | |
|  | bd3777f764 | |
|  | 362014ddf6 | |
|  | aa0228c34c | |
|  | 3f06070b89 | |
|  | 3d409d6e48 | |
|  | fdb6aaa809 | |
|  | 7981f59b0e | |
|  | 2fbac1d9f0 | |
|  | 29f41b8774 | |
|  | 64b41eb8e1 | |
|  | 2b83758564 | |
|  | b15b94cb29 | |
|  | 4d3af3daaa | |
|  | c468ba6479 | |
|  | daa2fec5c7 | |
|  | e28efcfd21 | |
|  | 3dc40d1f99 | |
|  | c8d1e5ab82 | |
|  | 981b0320f9 | |
|  | 1e4ff3ce11 | |
|  | 9316803fc6 | |
|  | 7aa038a710 | |
|  | c1d09bba09 | |
|  | 4131d5fe6c | |
|  | 60b3ffb9ca | |
|  | 02770b7759 | |
|  | 9a855266ab | |
|  | 1440bf22d6 | |
|  | 7d1c2afd21 | |
|  | d9fd4b36e2 | |
|  | 7b222d9edb | |
|  | 0c65e5bedb | |
|  | 8ee96c56d2 | |
|  | c1e6b61ecd | |
|  | f1db477fda | |
|  | 691055b83e | |
|  | 286e447553 | |
|  | 4e329f1f55 | |
|  | 3ac7ae668b | |
|  | c29be12a9e | |
|  | 0990d61507 | |
|  | 8a014f3a8a | |
|  | 9e1e0634e6 | |
|  | 03ced7c697 | |
|  | 3299d48e95 | |
|  | 7df361d6d0 | |
|  | 38addc429c | |
|  | ef9b3dd64e | |
|  | f97359f466 | |
|  | 9d9c37a44a | |
|  | 91e98b6926 | |
|  | 7514ec6b84 | |
|  | 68f6f3eafe | |
|  | 7a096cfc94 | |
|  | 06d19858e3 | |
|  | 6f28f17e41 | |
|  | 3e20940d34 | |
|  | 3ffefbd821 | |
|  | 4e892e2171 | |
|  | eae502c629 | |
|  | de19770211 | |
|  | 27a4234634 | |
|  | 0e835e3003 | |
|  | 0ed0d17676 | |
|  | 934f3be4a1 | |
|  | 1851f02832 | |
|  | 9136d79751 | |
|  | 10f6897e7e | |
|  | 54d4bd40c9 | |
|  | 65a10ef62c | |
|  | 8abd515ac6 | |
|  | 1d4bdd7156 | |
|  | c6bb9d5b22 | |
|  | 023d5c833c | |
|  | c2a8501cac | |
|  | dbc096f7af | |
|  | 9208cb2349 | |
|  | 9086f5847e | |
|  | 6469d8fb4c | |
|  | b985110def | |
|  | 80c97d49c6 | |
|  | 7e3635a3c2 | |
|  | e20689dfe6 | |
|  | 49c088915f | |
|  | 1bc26a314e | |
|  | 7734b33e26 | |
|  | 3054f38d7c | |
|  | 3d7e2e9c47 | |
|  | c170a0954c | |
|  | 22d15581a9 | |
|  | 8e9641fad3 | |
|  | 596b5bb1f8 | |
|  | 0723b5f6bb | |
|  | a8738a5e53 | |
|  | 2aabad9a3d | |
|  | 0f13e3c8ba | |
|  | 0a30964011 | |
|  | 18eb9ed216 | |
|  | 84d20e204a | |
|  | c71b01a73e | |
|  | 41b4869052 | |
|  | e4363b83c4 | |
|  | 2d90e73b2f | |
|  | 4d5d93c62b | |
|  | 58e15da1a8 | |
|  | 1535bf4da6 | |
|  | 9637c2dff6 | |
|  | e329c28c3e | |
|  | db48e32dc6 | |
|  | 38045cbac1 | |
|  | deca797a80 | |
|  | 4cb095f0f7 | |
|  | a5036782bd | |
|  | ffd47f8ca5 | |
|  | 62dcd743fb | |
|  | e471b5586d | |
|  | df09375be3 | |
|  | 1dac968a02 | |
|  | 3719e55105 | |
|  | 61025edd68 | |
|  | 128dc774fb | |
|  | b65623742d | |
|  | 6395756ceb | |
|  | 75cfafebc9 | |
|  | 65412574a0 | |
|  | 690ba0407d | |
|  | 42fb854601 | |
|  | b0d786c86e | |
|  | d991ec578c | |
|  | 83a0ff71c9 | |
|  | 714dbaa0fd | |
|  | a3f0c07096 | |
|  | 5a12fc7a2e | |
|  | e3b0d10bf8 | |
|  | eddbc27d3d | |
|  | c05d07d8f5 | |
|  | 50102f2c3f | |
|  | 00a299e80f | |
|  | dbb2e8aa37 | |
|  | 3169c85802 | |
|  | 75ce322789 | |
|  | cbff63567c | |
|  | 622a72ef18 | |
|  | 22b4da76e9 | |
|  | 6039d77a7d | |
|  | 58828c9836 | |
|  | 3c5ef4eb30 | |
|  | 51e9c29973 | |
|  | b91b28d013 | |
|  | 1c5c760f6e | |
|  | 20c1ea8991 | |
|  | f21f8ee423 | |
|  | 624c94bff0 | |
|  | eef69a7a35 | |
|  | 04c00f0850 | |
|  | 7334947d54 | |
|  | 21e50208ed | |
|  | d074e2377d | |
|  | 162ed79946 | |
|  | d2a07f697c | |
|  | 4128f703aa | |
|  | de988316a5 | |
|  | cc3e8057d8 | |
|  | dc94c51cda | |
|  | 8426cc6ccd | |
|  | b5e163cfc3 | |
|  | ff8fd47bed | |
|  | 0240dec74e | |
|  | d5b779c5e1 | |
|  | 6052047b52 | |
|  | ac56e61a0f | |
|  | 9530f704e2 | |
|  | 461a9819c7 | |
|  | 5a2fa00b37 | |
|  | e2b92878fa | |
|  | b327e72a46 | |
|  | af9f714ffb | |
|  | 426e1cf80f | |
|  | 969d681104 | |
|  | 0eff6e7065 | |
|  | 807925d9a7 | |
|  | 302acfa2d9 | |
|  | 3ad1b5c20a | |
|  | 728e3cacc3 | |
|  | a1da6a897d | |
|  | cb699635c5 | |
|  | a9c0833250 | |
|  | 7add41b48e | |
|  | 2bc62a34cf | |
|  | 6298546620 | |
|  | fa3baf8f86 | |
|  | 45e0968059 | |
|  | fa6a40a7a0 | |
|  | f646e1e8ff | |
|  | a8eb89aaf2 | |
|  | 533ea1645f | |
|  | 482226a955 | |
|  | 51eaeed060 | |
|  | 44fc341de9 | |
|  | caf809c87e | |
|  | 967ff33b34 | |
|  | 065232505e | |
|  | b21b3657fb | |
|  | 9db074c1e7 | |
|  | cfcb1efd8f | |
|  | 60c3053901 | |
|  | ab3d13cf28 | |
|  | d73ffee957 | |
|  | c7c1d030e3 | |
|  | 156252ef7f | |
|  | 3c4e558e6c | |
|  | 1b31c893fd | |
|  | 4c05994a6f | |
|  | 92110ed8da | |
|  | 5668f5f634 | |
|  | 99c4130435 | |
|  | 8c7d06e4ae | |
|  | 493150ab6f | |
|  | 9fa374e2b4 | |
|  | e63900b566 | |
|  | 47c55d76c5 | |
|  | fa259a2168 | |
|  | 6815777b8c | |
|  | 4084972bd2 | |
|  | 46cfdb821c | |
|  | 368a3988dc | |
|  | 1acf7c95e4 | |
|  | 17ac43d503 | |
|  | 39f363ba83 | |
|  | 49ae8b49b6 | |
|  | 43326b515f | |
|  | 1783f6f9b6 | |
|  | 1d994cc5b8 | |
|  | 8df75742d2 | |
|  | edf2f61df4 | |
|  | f88b5ee74f | |
|  | febba5803a | |
|  | bb32bb6424 | |
|  | 4a373743af | |
|  | f77adfe858 | |
|  | 71283f3b53 | |
|  | 9cae521150 | |
|  | a7f2f753c5 | |
|  | 095e728104 | |
|  | bf777b2e99 | |
|  | edb50f4d4b | |
|  | 5f15b2fae2 | |
|  | 9781e951a6 | |
|  | 02d100b5f0 | |
|  | 5d87fd7037 | |
|  | e0a82bc70d | |
|  | 6d392e51ee | |
|  | 34431b286d | |
|  | fa7c9699db | |
|  | 778fde3357 | |
|  | 29a7b0c3e0 | |
|  | f8cfcf9f34 | |
|  | 2bb7470fa2 | |
|  | 3cabf78630 | |
|  | 877d35362b | |
|  | 2ade724c40 | |
|  | b831414ca4 | |
|  | 03caa12d31 | |
|  | f6d80e3abd | |
|  | 85ebe6ff04 | |
|  | 14f6ecd91b | |
|  | 259fff76af | |
|  | 7ebfa14029 | |
|  | f3516ba92d | |
|  | 6086765d16 | |
|  | 8fa29aa1d0 | |
|  | 1e54f0fb08 | |
|  | ddb8402b0a | |
|  | 105cbd7403 | |
|  | 0faebfe928 | |
|  | b25ad345d7 | |
|  | 3ba7a75d0c | |
|  | f285f83c3e | |
|  | ef0673decd | |
|  | 929b37ce40 | |
|  | 94ee2317a6 | |
|  | 51e0c41fae | |
|  | 2993588a2a | |
|  | 86e37191fa | |
|  | 49423d778c | |
|  | 213807efc6 | |
|  | d0dadf2949 | |
|  | 5a9c4660e1 | |
|  | 5989df4a43 | |
|  | 6c47d1528a | |
|  | e5484ee833 | |
|  | 8186aed796 | |
|  | 89aa75c61a | |
|  | a20cc2652a | |
|  | c79170a34f | |
|  | ae511610ec | |
|  | b1f85eb050 | |
|  | 1f20b1d48e | |
|  | bd28b7160f | |
|  | 0879961b61 | |
|  | c3a7fac3f3 | |
|  | a69ab717bd | |
|  | 2938be9308 | |
|  | 3b35aa29da | |
|  | 54b68e7765 | |
|  | 99da1f05e6 | |
|  | 2924e3e652 | |
|  | de2ff0afa2 | |
|  | f8a91f3f4f | |
|  | 9bac92a4a5 | |
|  | 415d3c11b8 | |
|  | 04bd9acc37 | |
|  | 3d0a53cb07 | |
|  | c253c67af5 | |
|  | 25539ee021 | |
|  | 9c4d068592 | |
|  | 63e3adf89f | |
|  | 03108cc055 | |
|  | 050519215f | |
|  | 788a10d293 | |
|  | f85d64aaa4 | |
|  | 9ba767eb30 | |
|  | e38c184cd7 | |
|  | b4ddddee58 | |
|  | 01f037c5fc | |
|  | a15a3ea233 | |
|  | 534afc281b | |
|  | f91d29bb58 | |
|  | 0ff0131dc8 | |
|  | a5a7a66e2a | |
|  | 68e3b3f076 | |
|  | 4f04dcb48e | |
|  | 19ea7dd3dd | |
|  | 2ac5b95e63 | |
|  | 7564ba33f4 | |
|  | e10416f588 | |
|  | 87921f07c7 | |
|  | a93bcf830f | |
|  | b2d1f5de58 | |
|  | 8da632d4a0 | |
|  | cc90b307b0 | |
|  | 39f0730434 | |
|  | 82201ec448 | |
|  | 12d5ac115a | |
|  | dd2fb80375 | |
|  | 8af9661254 | |
|  | 5a6506cf6d | |
|  | da4788b3cc | |
|  | ad41a10036 | |
|  | ab12d24703 | |
|  | 1eac04648a | |
|  | 3d1ce91759 | |
|  | 3587661a9d | |
|  | 7c87eb0324 | |
|  | dfc8e5e5d3 | |
|  | fb78790a39 | |
|  | 575b700604 | |
|  | ffe2316003 | |
|  | 4949b1b70a | |
|  | 34ffbb4f36 | |
|  | 5f32b829b6 | |
|  | 8ac696ed22 | |
|  | 1c708bb816 | |
|  | 716d119d34 | |
|  | 1bd598b0c3 | |
|  | 77e7c77e20 | |
|  | ec19de29c0 | |
|  | b00282afb0 | |
|  | f0e69fa6a3 | |
|  | d15cde2507 | |
|  | b3d5b641f6 | |
|  | db0150b0f6 | |
|  | 992814d1c6 | |
|  | 3b6dd49278 | |
|  | 189cabf5f4 | |
|  | ac936dd34a | |
|  | 7403a95104 | |
|  | 8f14cab65e | |
|  | 104bfb0682 | |
|  | 20f617ebdf | |
|  | 18547baad2 | |
|  | 5682245739 | |
|  | e43d520e52 | |
|  | 8c4612c2ff | |
|  | d0a97c47a9 | |
|  | 89ab8d0f1f | |
|  | 4fea8155c8 | |
|  | 098618704a | |
|  | fc24f4a2aa | |
|  | a55c337efd | |
|  | a206e9fefe | |
|  | f0086e725b | |
|  | cf25c31a37 | |
|  | 87e47ae9b1 | |
|  | aa8fdf5369 | |
|  | 6af8cf3dc3 | |
|  | bc3152c03a | |
|  | 5e4c692f6f | |
|  | 57d5e1ce3f | |
|  | 2ce96573c0 | |
|  | 727390064f | |
|  | e8c0fb9371 | |
|  | fbb7749425 | |
|  | ffcf1c82df | |
|  | 36782d1a1a | |
|  | d35aa31a8f | |
|  | e14b199feb | |
|  | cbb94aecc4 | |
|  | 53d1d1d865 | |
|  | 5b4c9b8c38 | |
|  | efdaa29136 | |
|  | 4e7c972187 | |
|  | 19858a03f5 | |
|  | 615e0f4947 | |
|  | 36b91b2785 | |
|  | e43b106c95 | |
|  | 77282fed29 | |
|  | de2b6e1631 | |
|  | 077556a6a9 | |
|  | 2a10013f36 | |
|  | e289cabe3f | |
|  | 5a6ee994cb | |
|  | 4636b63e7b | |
|  | 6b24c8f7f0 | |
|  | 5eb0bcbc39 | |
|  | cbad61519e | |
|  | d3608c7bd0 | |
|  | 680b99aba3 | |
|  | 2e0637cf7b | |
|  | d3ce330b62 | |
|  | e64abbaf46 | |
|  | bb061d128f | |
|  | 2f453aa5db | |
|  | b988411011 | |
|  | 5517a48e56 | |
|  | 0c52c929c5 | |
|  | 57b2add165 | |
|  | 74deb30986 | |
|  | d9e2393f89 | |
|  | a90d377faa | |
|  | 4a94a19535 | |
|  | f257cdede4 | |
|  | ce4486a1e4 | |
|  | 44e8fc232d | |
|  | d07d20f546 | |
|  | bb9a1b1719 | |
|  | 2d3f584bb4 | |
|  | 8852dd170d | |
|  | bf34dd43bc | |
|  | 691ccbc477 | |
|  | fe913bd5bf | |
|  | 42bca3db59 | |
|  | 92115264fb | |
|  | bb9f1f0eff | |
|  | 4ced8c519f | |
|  | 01fa846f86 | |
|  | 085be08eea | |
|  | 74e8fb830d | |
|  | b7396de612 | |
|  | 29c3f6582c | |
|  | 89b46e63fc | |
|  | d983e86605 | |
|  | 4b4b982ad9 | |
|  | 22bc951171 | |
|  | b42c694a8a | |
|  | 94c122e44f | |
|  | 898afd25e2 | |
|  | 10fef6d1d2 | |
|  | 55cdd56465 | |
|  | 14edd44652 | |
|  | 6f3bbf11a4 | |
|  | 54f93d1424 | |
|  | baeaa0f98b | |
|  | b197b6297b | |
|  | 510d69e28b | |
|  | a97e489ba7 | |
|  | 1935d3def8 | |
|  | 985828da3a | |
|  | dec9585733 | |
|  | fe5260b5e6 | |
|  | 62ae3267d2 | |
|  | aa921cadf8 | |
|  | ec5fcebd7f | |
|  | a6f11073ca | |
|  | b0edc4c6f9 | |
|  | 1b198403d7 | |
|  | a804f94d6f | |
|  | ea40d3b796 | |
|  | fc71a984bf | |
|  | 5ac81d90eb | |
|  | dc5f2f5bbf | |
|  | 9dffa0ed12 | |
|  | 65de9a2d18 | |
|  | b324cca20c | |
|  | 5f62f9aed3 | |
|  | f0cbe217eb | |
|  | d0388973e5 | |
|  | 89df814e77 | |
|  | a202ed8824 | |
|  | 1247e1f22b | |
|  | ef41215d22 | |
|  | 1d7db3794b | |
|  | 378ab6cf93 | |
|  | cfce928df4 | |
|  | 0b66a600a2 | |
|  | a811c8ee7f | |
|  | f2d77dc851 | |
|  | 9e5c2f0fd8 | |
|  | 23e58208cf | |
|  | 98f6c2bf84 | |
|  | 4afd3d940e | |
|  | 0bd7fcacf0 | |
|  | 0cc31a4391 | |
|  | cd749730a4 | |
|  | 2b9d775347 | |
|  | 5b81c8e03c | |
|  | 28118bdaef | |
|  | 08f8007f3e | |
|  | 11258d7f1f | |
|  | fe3c054825 | |
|  | 1cbe9d546f | |
|  | 109e7d679c | |
|  | 08c0f40282 | |
|  | 6031795a6d | |
|  | fc98320c71 | |
|  | 613b47e738 | |
|  | 822b23c83a | |
|  | a44350407e | |
|  | 33b35fa23b | |
|  | c9cff54937 | |
|  | a4c867d6b3 | |
|  | 32d18361e9 | |
|  | abceebdc4b | |
|  | 18a22ef1c4 | |
|  | 7222f10fe6 | |
|  | f0b3b548de | |
|  | 5a15f29418 | |
|  | 1fa90317e8 | |
|  | 4b0411d448 | |
|  | 2c158e6844 | |
|  | 6f8a9549f2 | |
|  | caa96faa5c | |
|  | 0b7315a351 | |
|  | 458b3c454f | |
|  | 316ed2d0a8 | |
|  | 828fdc08c5 | |
|  | 2848bc9586 | |
|  | ebe2c6390a | |
|  | a35c4bc06d | |
|  | cb24a02efd | |
|  | 2acd157626 | |
|  | 7da2586583 | |
|  | 0d70919200 | |
|  | 96b29d8919 | |
|  | c2cae621e7 | |
|  | d37bd1db71 | |
|  | c1918cdb4f | |
|  | 76330c4d92 | |
|  | 90bb19a142 | |
|  | b06266c1e6 | |
|  | b58fb827fd | |
|  | 86b10eda6a | |
|  | c4e8811056 | |
|  | 6962420169 | |
|  | 805f04f508 | |
|  | 5c796f84ec | |
|  | 31862c5bc5 | |
|  | 36c731e092 | |
|  | 1f23b0314b | |
|  | 237ba66711 | |
|  | fdca95bd3b | |
|  | d29ec9220d | |
|  | 48ff1e39f4 | |
|  | 7b689e44a7 | |
|  | 87b72f6995 | |
|  | 206eda9100 | |
|  | 4316805413 | |
|  | 558a8f774f | |
|  | 516a6b7654 | |
|  | 9422d9d678 | |
|  | 0445919f26 | |
|  | 41e495a29c | |
|  | 17dc6dc694 | |
|  | 380a26ab50 | |
|  | c73b4392b0 | |
|  | a975c80404 | |
|  | e51ee9c826 | |
|  | d707c525a4 | |
|  | 4df34f631c | |
|  | 7a0ec1cafb | |
|  | 717f2fda41 | |
|  | 89a8c41f78 | |
|  | c83842ef40 | |
|  | 1b4e899755 | 
|  | @ -0,0 +1,3 @@ | |||
| 
 | ||||
| github: [LDAPAccountManager] | ||||
| 
 | ||||
|  | @ -0,0 +1,11 @@ | |||
| name: "LAM CodeQL config" | ||||
| 
 | ||||
| queries: | ||||
|   - uses: security-and-quality | ||||
| 
 | ||||
| paths-ignore: | ||||
|   - '**/3rdParty/**/*.*' | ||||
|   - '**/lib/extra/**/*.*' | ||||
|   - '**/lib/*jquery*.js' | ||||
| paths: | ||||
|   - lam | ||||
|  | @ -0,0 +1,56 @@ | |||
| name: "CodeQL" | ||||
| 
 | ||||
| on: | ||||
|   push: | ||||
|     branches: [develop] | ||||
|   pull_request: | ||||
|     # The branches below must be a subset of the branches above | ||||
|     branches: [develop] | ||||
|   schedule: | ||||
|     - cron: '0 10 * * 0' | ||||
| 
 | ||||
| jobs: | ||||
|   analyse: | ||||
|     name: Analyse | ||||
|     runs-on: ubuntu-latest | ||||
| 
 | ||||
|     steps: | ||||
|     - name: Checkout repository | ||||
|       uses: actions/checkout@v2 | ||||
|       with: | ||||
|         # We must fetch at least the immediate parents so that if this is | ||||
|         # a pull request then we can checkout the head. | ||||
|         fetch-depth: 2 | ||||
| 
 | ||||
|     # If this run was triggered by a pull request event, then checkout | ||||
|     # the head of the pull request instead of the merge commit. | ||||
|     - run: git checkout HEAD^2 | ||||
|       if: ${{ github.event_name == 'pull_request' }} | ||||
| 
 | ||||
|     # Initializes the CodeQL tools for scanning. | ||||
|     - name: Initialize CodeQL | ||||
|       uses: github/codeql-action/init@v1 | ||||
|       # Override language selection by uncommenting this and choosing your languages | ||||
|       # with: | ||||
|       #   languages: go, javascript, csharp, python, cpp, java | ||||
|       with: | ||||
|         config-file: ./.github/codeql/codeql-config.yml | ||||
| 
 | ||||
|     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java). | ||||
|     # If this step fails, then you should remove it and run the build manually (see below) | ||||
|     - name: Autobuild | ||||
|       uses: github/codeql-action/autobuild@v1 | ||||
| 
 | ||||
|     # ℹ️ Command-line programs to run using the OS shell. | ||||
|     # 📚 https://git.io/JvXDl | ||||
| 
 | ||||
|     # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines | ||||
|     #    and modify them (or add more) to build your code if your project | ||||
|     #    uses a compiled language | ||||
| 
 | ||||
|     #- run: | | ||||
|     #   make bootstrap | ||||
|     #   make release | ||||
| 
 | ||||
|     - name: Perform CodeQL Analysis | ||||
|       uses: github/codeql-action/analyze@v1 | ||||
|  | @ -2,3 +2,8 @@ | |||
| /.buildpath | ||||
| /.project | ||||
| /.Readme.md.html | ||||
| /vendor/ | ||||
| /composer.lock | ||||
| /code-coverage/ | ||||
| /.phpunit.result.cache | ||||
| /lam/lib/3rdParty/composer/bin/ | ||||
|  |  | |||
|  | @ -0,0 +1,18 @@ | |||
| language: php | ||||
| addons: | ||||
|   sonarcloud: | ||||
|     organization: "ldap-account-manager" | ||||
| php: | ||||
|   - '7.3' | ||||
| 
 | ||||
| cache: | ||||
|   directories: | ||||
|     - '$HOME/.sonar/cache' | ||||
| 
 | ||||
| script: | ||||
|   - phpunit | ||||
|   - ls -l code-coverage/* | ||||
|   - sonar-scanner | ||||
|   - pip install --user codespell | ||||
|   - cd lam | ||||
|   - ./codespell.sh | ||||
|  | @ -25,4 +25,4 @@ There are two modules. Usually, you only need the files inside "lam". | |||
| LAM is published under the GNU General Public License. | ||||
| The complete list of licenses can be found in the copyright file. | ||||
| 
 | ||||
| Copyright (C) 2003 - 2018 Roland Gruber <post@rolandgruber.de> | ||||
| Copyright (C) 2003 - 2020 Roland Gruber <post@rolandgruber.de> | ||||
|  | @ -0,0 +1,9 @@ | |||
| # Security Policy | ||||
| 
 | ||||
| ## Supported Versions | ||||
| 
 | ||||
| Security updates are always created based on the latest release. | ||||
| 
 | ||||
| ## Reporting a Vulnerability | ||||
| 
 | ||||
| Please report all security issues to post@rolandgruber.de. Reports will be answered within 48h. | ||||
|  | @ -1,6 +1,10 @@ | |||
| { | ||||
|   "require-dev" : { | ||||
|     "phpunit/phpunit" : "5.4.6", | ||||
|     "squizlabs/php_codesniffer" : "2.7.1" | ||||
|     "phpunit/phpunit" : "8.5.2", | ||||
|     "squizlabs/php_codesniffer" : "3.4.0" | ||||
|   }, | ||||
|   "require": { | ||||
|     "ext-ldap": "*", | ||||
|     "ext-json": "*" | ||||
|   } | ||||
| } | ||||
|  | @ -4,13 +4,7 @@ Alias /lam /usr/share/ldap-account-manager | |||
| <Directory /usr/share/ldap-account-manager> | ||||
|   Options +FollowSymLinks | ||||
|   AllowOverride All | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Allow from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all granted | ||||
|   </IfModule> | ||||
|   DirectoryIndex index.html | ||||
| </Directory> | ||||
| 
 | ||||
|  | @ -20,67 +14,31 @@ Alias /lam /usr/share/ldap-account-manager | |||
| 
 | ||||
| <Directory /var/lib/ldap-account-manager/tmp/internal> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /var/lib/ldap-account-manager/sess> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /var/lib/ldap-account-manager/config> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /usr/share/ldap-account-manager/lib> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /usr/share/ldap-account-manager/help> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /usr/share/ldap-account-manager/locale> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
|  |  | |||
|  | @ -22,17 +22,6 @@ Vendor:		Roland Gruber | |||
| Packager:	Roland Gruber <post@rolandgruber.de> | ||||
| BuildArch:	noarch | ||||
| AutoReqProv:  no | ||||
| %if %is_suse | ||||
| Requires:      php5 | ||||
| Requires:      php5-ldap | ||||
| Requires:      php5-hash | ||||
| Requires:      php5-gd | ||||
| Requires:      php5-gettext | ||||
| Requires:      perl | ||||
| %endif | ||||
| %if %is_fedora | ||||
| Requires:      perl | ||||
| %endif | ||||
| 
 | ||||
| Source1:      lam.nginx.conf | ||||
| Source2:      lam.apache.conf | ||||
|  |  | |||
|  | @ -39,7 +39,7 @@ DOCS = COPYING HISTORY README copyright docs/schema/dhcp.schema | |||
| 
 | ||||
| HTML_DOCS = devel manual | ||||
| 
 | ||||
| LIST1 = graphics help index.html lib locale style templates VERSION | ||||
| LIST1 = graphics help index.html lib locale style templates VERSION pwa_worker.js | ||||
| LIST2 = sess tmp tmp/internal | ||||
| LIST3 = config | ||||
| 
 | ||||
|  | @ -72,7 +72,7 @@ install-lam: | |||
| 	LIST4="`(cd $(srcdir)/$(LIST3) ; ls -d *)`" ; \
 | ||||
| 	(cd $(srcdir)/$(LIST3) ; $(TAR) cf - .) | \
 | ||||
| 		(cd $(DESTDIR)$(sysconfdir) ; $(TAR) xf -) ; \
 | ||||
| 	$(LN_S) $(sysconfdir) ${LIST3} ; \
 | ||||
| 	[ -e ${LIST3} ] || $(LN_S) $(sysconfdir) ${LIST3} ; \
 | ||||
| 	(cd $(srcdir) ; $(TAR) cf - $(LIST1)) | $(TAR) xf - ; \
 | ||||
| 	[ -d $(DESTDIR)$(prefix)/docs ]  ||  \
 | ||||
| 		$(MKDIR) -p $(DESTDIR)$(prefix)/docs  ||  exit 1 ; \
 | ||||
|  |  | |||
|  | @ -19,7 +19,7 @@ elif [ "$1" = "-b" ] | |||
| then | ||||
| 	export REPO_BRANCH="$2" | ||||
| else | ||||
| 	export REPO_BRANCH="tags/$1" | ||||
| 	export REPO_BRANCH="$1" | ||||
| fi | ||||
| 
 | ||||
| # minifies the JavaScript files | ||||
|  | @ -30,9 +30,9 @@ function minify { | |||
| 	local files=`ls $dir/*.js` | ||||
| 	local jsFiles="" | ||||
| 	for file in $files; do | ||||
| 		jsFiles="$jsFiles --js $file" | ||||
| 		jsFiles="$jsFiles $file" | ||||
| 	done | ||||
| 	closure-compiler --charset UTF-8 $jsFiles --js_output_file $outFile | ||||
| 	uglifyjs -o $outFile $jsFiles | ||||
| 	rm $files | ||||
| 	# add final new line to supress Debian warnings | ||||
| 	echo "" >> $outFile | ||||
|  | @ -44,25 +44,24 @@ function minifyCSS { | |||
| 	echo "Minify CSS files in $dir" | ||||
| 	local outFile=$dir/100_lam.${VERSION}.min.css | ||||
| 	local files=`ls $dir/*.css` | ||||
| 	cat $files | cleancss -o $outFile | ||||
| 	cat $files | cleancss --skip-rebase -o $outFile | ||||
| 	rm $files | ||||
| 	# add final new line to supress Debian warnings | ||||
| 	echo "" >> $outFile | ||||
| } | ||||
| 
 | ||||
| echo "Getting files..." | ||||
| git clone git@github.com:LDAPAccountManager/lam.git github | ||||
| git clone --depth 1 -b $REPO_BRANCH --single-branch git@github.com:LDAPAccountManager/lam.git github | ||||
| cd github | ||||
| git checkout $REPO_BRANCH | ||||
| mv lam ../ | ||||
| mv lam-packaging ../ | ||||
| cd .. | ||||
| rm -rf github | ||||
| 
 | ||||
| git clone git@gitlab.com:LDAPAccountManager/lamPro.git lamPro | ||||
| git clone --depth 1 -b $REPO_BRANCH --single-branch git@gitlab.com:LDAPAccountManager/lamPro.git lamPro | ||||
| cd lamPro | ||||
| git checkout $REPO_BRANCH | ||||
| rm -rf .git | ||||
| rm -rf docker | ||||
| cd .. | ||||
| 
 | ||||
| cp lam-packaging/getVersion ./ | ||||
|  | @ -71,7 +70,8 @@ export VERSION=`./getVersion` | |||
| # remove files which are not in the final release | ||||
| rm -r lam/po | ||||
| rm -r lam/tests | ||||
| rm lam/lib/3rdParty/tcpdf/fonts/*.ttf | ||||
| rm -f lam/lib/3rdParty/tcpdf/fonts/*.ttf | ||||
| rm -r lam/templates/lib/extra/ckeditor/plugins/*/dev | ||||
| find . -name .svnignore -exec rm {} \; | ||||
| find . -name .gitignore -exec rm {} \; | ||||
| mv lam ldap-account-manager-$VERSION | ||||
|  | @ -137,8 +137,14 @@ cd .. | |||
| 
 | ||||
| # Debian | ||||
| cp -r lam-packaging/debian Debian/ldap-account-manager-$VERSION/ | ||||
| cp -ar Debian Debian-Upload | ||||
| cd Debian/ldap-account-manager-$VERSION | ||||
| debuild | ||||
| debuild -k478730308FBD512ADF09D38E7F3D136B2BCD7990 | ||||
| cd .. | ||||
| rm -r ldap-account-manager-$VERSION | ||||
| cd .. | ||||
| cd Debian-Upload/ldap-account-manager-$VERSION | ||||
| debuild -S -k478730308FBD512ADF09D38E7F3D136B2BCD7990 | ||||
| cd .. | ||||
| rm -r ldap-account-manager-$VERSION | ||||
| cd .. | ||||
|  | @ -147,7 +153,7 @@ cd .. | |||
| cd LAMPro | ||||
| cp -r ../lam-packaging/debian Debian/ldap-account-manager-$VERSION/ | ||||
| cd Debian/ldap-account-manager-$VERSION | ||||
| debuild | ||||
| debuild -k478730308FBD512ADF09D38E7F3D136B2BCD7990 | ||||
| cd .. | ||||
| rm -r ldap-account-manager-$VERSION | ||||
| cd .. | ||||
|  |  | |||
|  | @ -1,8 +1,67 @@ | |||
| ldap-account-manager (6.4.RC1-1) unstable; urgency=medium | ||||
| ldap-account-manager (7.3.RC1-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Mon, 04 Jun 2018 16:13:27 +0200 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Mon, 10 Aug 2020 19:25:33 +0200 | ||||
| 
 | ||||
| ldap-account-manager (7.2-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Fri, 01 May 2020 08:04:56 +0200 | ||||
| 
 | ||||
| ldap-account-manager (7.1-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Mon, 16 Mar 2020 21:24:23 +0100 | ||||
| 
 | ||||
| ldap-account-manager (7.0-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Sat, 21 Dec 2019 19:53:45 +0100 | ||||
| 
 | ||||
| ldap-account-manager (6.9-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Sun, 29 Sep 2019 09:12:37 +0200 | ||||
| 
 | ||||
| ldap-account-manager (6.8-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Tue, 02 Jul 2019 12:26:45 +0200 | ||||
| 
 | ||||
| ldap-account-manager (6.7-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
|   * Fix "Depends on tcpdf which is considered unfit for buster" removed | ||||
|     dependency and embedded required parts (Closes: #923736) | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Mon, 25 Mar 2019 17:21:36 +0100 | ||||
| 
 | ||||
| ldap-account-manager (6.6-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Fri, 28 Dec 2018 11:08:14 +0100 | ||||
| 
 | ||||
| ldap-account-manager (6.5-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
|   * Fix "Embedded code copies" by adding dependency to phpseclib | ||||
|     (phpLDAPadmin code is customized and cannot be reused) | ||||
|     (Closes: #781419) | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Tue, 25 Sep 2018 17:37:41 +0200 | ||||
| 
 | ||||
| ldap-account-manager (6.4-1) unstable; urgency=medium | ||||
| 
 | ||||
|   * new upstream release | ||||
| 
 | ||||
|  -- Roland Gruber <post@rolandgruber.de>  Wed, 20 Jun 2018 09:21:48 +0200 | ||||
| 
 | ||||
| ldap-account-manager (6.3-1) unstable; urgency=medium | ||||
| 
 | ||||
|  |  | |||
|  | @ -2,23 +2,26 @@ Source: ldap-account-manager | |||
| Maintainer: Roland Gruber <post@rolandgruber.de> | ||||
| Section: web | ||||
| Priority: optional | ||||
| Standards-Version: 4.1.4 | ||||
| Build-Depends: debhelper (>= 9), po-debconf, cleancss, closure-compiler | ||||
| Standards-Version: 4.5.0 | ||||
| Build-Depends: debhelper (>= 9), po-debconf, cleancss, node-uglify | ||||
| Homepage: https://www.ldap-account-manager.org/ | ||||
| 
 | ||||
| Package: ldap-account-manager | ||||
| Architecture: all | ||||
| Depends: php5 (>= 5.4.26) | php (>= 7), php5-ldap | php-ldap, php5-gd | php-gd, | ||||
|  php5-json | php-json, php5-imagick | php-imagick, php5-curl | php-curl, | ||||
|  php5 | php-zip, php5 | php-xml, php-imagick, | ||||
|  libapache2-mod-php5 | libapache2-mod-php | php5-fpm | php-fpm, | ||||
|  apache2 | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends} | ||||
| Recommends: php-apc | php-opcache | ||||
| Suggests: ldap-server, php5-mcrypt | php-mcrypt, ldap-account-manager-lamdaemon, perl | ||||
| Depends: php (>= 7), php-ldap, | ||||
|  php-gd | php-imagick, | ||||
|  php-json, php-curl, | ||||
|  php-zip, php-xml, php-gmp, | ||||
|  libapache2-mod-php | libapache2-mod-fcgid | php-fpm, | ||||
|  php-phpseclib (>= 2.0), php-monolog, | ||||
|  apache2 (>= 2.4.0) | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends} | ||||
| Recommends: php-opcache | ||||
| Suggests: ldap-server, php-mcrypt, ldap-account-manager-lamdaemon, perl | ||||
| Conflicts: libapache2-mod-php5, php5, php5-fpm | ||||
| Description: webfrontend for managing accounts in an LDAP directory | ||||
|  LDAP Account Manager (LAM) runs on an existing webserver. | ||||
|  It manages user, group and host accounts. Currently LAM | ||||
|  supports these account types: Samba 3/4, Unix, Kolab 2/3, | ||||
|  supports these account types: Samba 3/4, Unix, Kolab, | ||||
|  address book entries, NIS mail aliases and MAC addresses. | ||||
|  There is an integrated LDAP browser to allow access to the | ||||
|  raw LDAP attributes. You can use templates | ||||
|  |  | |||
|  | @ -1,4 +1,4 @@ | |||
| This software is copyright (c) 2003 - 2018 by Roland Gruber | ||||
| This software is copyright (c) 2003 - 2020 by Roland Gruber | ||||
| 
 | ||||
| If you purchased a copy of LDAP Account Manager Pro then the following | ||||
| files are licensed under the conditions which you accepted at purchase | ||||
|  | @ -15,9 +15,12 @@ time. | |||
| * lib/modules/aliasEntry.inc | ||||
| * lib/modules/automount.inc | ||||
| * lib/modules/bindDLZ.inc | ||||
| * lib/modules/customBaseType.inc | ||||
| * lib/modules/customFields.inc | ||||
| * lib/modules/customScripts.inc | ||||
| * lib/modules/device.inc | ||||
| * lib/modules/autoDelete.inc | ||||
| * lib/modules/dynamicList.inc | ||||
| * lib/modules/groupOfNames.inc | ||||
| * lib/modules/groupOfNamesUser.inc | ||||
| * lib/modules/groupOfUniqueNames.inc | ||||
|  | @ -48,8 +51,9 @@ time. | |||
| * lib/modules/zarafaServer.inc | ||||
| * lib/modules/zarafaUser.inc | ||||
| * lib/types/alias.inc | ||||
| * lib/types/bind.inc | ||||
| * lib/types/automountType.inc | ||||
| * lib/types/bind.inc | ||||
| * lib/types/customType.inc | ||||
| * lib/types/gon.inc | ||||
| * lib/types/nisObjectType.inc | ||||
| * lib/types/nsview.inc | ||||
|  | @ -83,7 +87,6 @@ The complete license can be found in the file COPYING or in | |||
| Some parts of this package have other, compatible licences. These are: | ||||
| 
 | ||||
| A: | ||||
| 
 | ||||
|   DejaVu Fonts — License | ||||
| 
 | ||||
|   Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation | ||||
|  | @ -174,7 +177,9 @@ A: | |||
|   Software without prior written authorization from Tavmjong Bah. For further | ||||
|   information, contact: tavmjong @ free . fr. | ||||
| 
 | ||||
| 
 | ||||
| B: | ||||
|    MIT License | ||||
| 
 | ||||
|    Permission is hereby granted, free of charge, to any person obtaining | ||||
|    a copy of this software and associated documentation files (the | ||||
|  | @ -196,15 +201,792 @@ B: | |||
|    WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||||
| 
 | ||||
| 
 | ||||
| C: | ||||
|    New BSD License | ||||
| 
 | ||||
|    Redistribution and use in source and binary forms, with or without modification, | ||||
|    are permitted provided that the following conditions are met: | ||||
| 
 | ||||
|    1. Redistributions of source code must retain the above copyright notice, this list | ||||
|    of conditions and the following disclaimer. | ||||
| 
 | ||||
|    2. Redistributions in binary form must reproduce the above copyright notice, this | ||||
|    list of conditions and the following disclaimer in the documentation and/or other | ||||
|    materials provided with the distribution. | ||||
| 
 | ||||
|    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | ||||
|    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||||
|    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||||
|    IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | ||||
|    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | ||||
|    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||||
|    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE | ||||
|    OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||||
|    OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| 
 | ||||
| 
 | ||||
| D: | ||||
|                    GNU LESSER GENERAL PUBLIC LICENSE | ||||
|                        Version 3, 29 June 2007 | ||||
| 
 | ||||
|    Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> | ||||
|    Everyone is permitted to copy and distribute verbatim copies | ||||
|    of this license document, but changing it is not allowed. | ||||
| 
 | ||||
| 
 | ||||
|    This version of the GNU Lesser General Public License incorporates | ||||
|    the terms and conditions of version 3 of the GNU General Public | ||||
|    License, supplemented by the additional permissions listed below. | ||||
| 
 | ||||
|    0. Additional Definitions. | ||||
| 
 | ||||
|    As used herein, "this License" refers to version 3 of the GNU Lesser | ||||
|    General Public License, and the "GNU GPL" refers to version 3 of the GNU | ||||
|    General Public License. | ||||
| 
 | ||||
|    "The Library" refers to a covered work governed by this License, | ||||
|    other than an Application or a Combined Work as defined below. | ||||
| 
 | ||||
|    An "Application" is any work that makes use of an interface provided | ||||
|    by the Library, but which is not otherwise based on the Library. | ||||
|    Defining a subclass of a class defined by the Library is deemed a mode | ||||
|    of using an interface provided by the Library. | ||||
| 
 | ||||
|    A "Combined Work" is a work produced by combining or linking an | ||||
|    Application with the Library.  The particular version of the Library | ||||
|    with which the Combined Work was made is also called the "Linked | ||||
|    Version". | ||||
| 
 | ||||
|    The "Minimal Corresponding Source" for a Combined Work means the | ||||
|    Corresponding Source for the Combined Work, excluding any source code | ||||
|    for portions of the Combined Work that, considered in isolation, are | ||||
|    based on the Application, and not on the Linked Version. | ||||
| 
 | ||||
|    The "Corresponding Application Code" for a Combined Work means the | ||||
|    object code and/or source code for the Application, including any data | ||||
|    and utility programs needed for reproducing the Combined Work from the | ||||
|    Application, but excluding the System Libraries of the Combined Work. | ||||
| 
 | ||||
|    1. Exception to Section 3 of the GNU GPL. | ||||
| 
 | ||||
|    You may convey a covered work under sections 3 and 4 of this License | ||||
|    without being bound by section 3 of the GNU GPL. | ||||
| 
 | ||||
|    2. Conveying Modified Versions. | ||||
| 
 | ||||
|    If you modify a copy of the Library, and, in your modifications, a | ||||
|    facility refers to a function or data to be supplied by an Application | ||||
|    that uses the facility (other than as an argument passed when the | ||||
|    facility is invoked), then you may convey a copy of the modified | ||||
|    version: | ||||
| 
 | ||||
|    a) under this License, provided that you make a good faith effort to | ||||
|    ensure that, in the event an Application does not supply the | ||||
|    function or data, the facility still operates, and performs | ||||
|    whatever part of its purpose remains meaningful, or | ||||
| 
 | ||||
|    b) under the GNU GPL, with none of the additional permissions of | ||||
|    this License applicable to that copy. | ||||
| 
 | ||||
|    3. Object Code Incorporating Material from Library Header Files. | ||||
| 
 | ||||
|    The object code form of an Application may incorporate material from | ||||
|    a header file that is part of the Library.  You may convey such object | ||||
|    code under terms of your choice, provided that, if the incorporated | ||||
|    material is not limited to numerical parameters, data structure | ||||
|    layouts and accessors, or small macros, inline functions and templates | ||||
|    (ten or fewer lines in length), you do both of the following: | ||||
| 
 | ||||
|    a) Give prominent notice with each copy of the object code that the | ||||
|    Library is used in it and that the Library and its use are | ||||
|    covered by this License. | ||||
| 
 | ||||
|    b) Accompany the object code with a copy of the GNU GPL and this license | ||||
|    document. | ||||
| 
 | ||||
|    4. Combined Works. | ||||
| 
 | ||||
|    You may convey a Combined Work under terms of your choice that, | ||||
|    taken together, effectively do not restrict modification of the | ||||
|    portions of the Library contained in the Combined Work and reverse | ||||
|    engineering for debugging such modifications, if you also do each of | ||||
|    the following: | ||||
| 
 | ||||
|    a) Give prominent notice with each copy of the Combined Work that | ||||
|    the Library is used in it and that the Library and its use are | ||||
|    covered by this License. | ||||
| 
 | ||||
|    b) Accompany the Combined Work with a copy of the GNU GPL and this license | ||||
|    document. | ||||
| 
 | ||||
|    c) For a Combined Work that displays copyright notices during | ||||
|    execution, include the copyright notice for the Library among | ||||
|    these notices, as well as a reference directing the user to the | ||||
|    copies of the GNU GPL and this license document. | ||||
| 
 | ||||
|    d) Do one of the following: | ||||
| 
 | ||||
|        0) Convey the Minimal Corresponding Source under the terms of this | ||||
|        License, and the Corresponding Application Code in a form | ||||
|        suitable for, and under terms that permit, the user to | ||||
|        recombine or relink the Application with a modified version of | ||||
|        the Linked Version to produce a modified Combined Work, in the | ||||
|        manner specified by section 6 of the GNU GPL for conveying | ||||
|        Corresponding Source. | ||||
| 
 | ||||
|        1) Use a suitable shared library mechanism for linking with the | ||||
|        Library.  A suitable mechanism is one that (a) uses at run time | ||||
|        a copy of the Library already present on the user's computer | ||||
|        system, and (b) will operate properly with a modified version | ||||
|        of the Library that is interface-compatible with the Linked | ||||
|        Version. | ||||
| 
 | ||||
|    e) Provide Installation Information, but only if you would otherwise | ||||
|    be required to provide such information under section 6 of the | ||||
|    GNU GPL, and only to the extent that such information is | ||||
|    necessary to install and execute a modified version of the | ||||
|    Combined Work produced by recombining or relinking the | ||||
|    Application with a modified version of the Linked Version. (If | ||||
|    you use option 4d0, the Installation Information must accompany | ||||
|    the Minimal Corresponding Source and Corresponding Application | ||||
|    Code. If you use option 4d1, you must provide the Installation | ||||
|    Information in the manner specified by section 6 of the GNU GPL | ||||
|    for conveying Corresponding Source.) | ||||
| 
 | ||||
|    5. Combined Libraries. | ||||
| 
 | ||||
|    You may place library facilities that are a work based on the | ||||
|    Library side by side in a single library together with other library | ||||
|    facilities that are not Applications and are not covered by this | ||||
|    License, and convey such a combined library under terms of your | ||||
|    choice, if you do both of the following: | ||||
| 
 | ||||
|    a) Accompany the combined library with a copy of the same work based | ||||
|    on the Library, uncombined with any other library facilities, | ||||
|    conveyed under the terms of this License. | ||||
| 
 | ||||
|    b) Give prominent notice with the combined library that part of it | ||||
|    is a work based on the Library, and explaining where to find the | ||||
|    accompanying uncombined form of the same work. | ||||
| 
 | ||||
|    6. Revised Versions of the GNU Lesser General Public License. | ||||
| 
 | ||||
|    The Free Software Foundation may publish revised and/or new versions | ||||
|    of the GNU Lesser General Public License from time to time. Such new | ||||
|    versions will be similar in spirit to the present version, but may | ||||
|    differ in detail to address new problems or concerns. | ||||
| 
 | ||||
|    Each version is given a distinguishing version number. If the | ||||
|    Library as you received it specifies that a certain numbered version | ||||
|    of the GNU Lesser General Public License "or any later version" | ||||
|    applies to it, you have the option of following the terms and | ||||
|    conditions either of that published version or of any later version | ||||
|    published by the Free Software Foundation. If the Library as you | ||||
|    received it does not specify a version number of the GNU Lesser | ||||
|    General Public License, you may choose any version of the GNU Lesser | ||||
|    General Public License ever published by the Free Software Foundation. | ||||
| 
 | ||||
|    If the Library as you received it specifies that a proxy can decide | ||||
|    whether future versions of the GNU Lesser General Public License shall | ||||
|    apply, that proxy's public statement of acceptance of any version is | ||||
|    permanent authorization for you to choose that version for the | ||||
|    Library. | ||||
| 
 | ||||
| 
 | ||||
| E: | ||||
|   Duo | ||||
| 
 | ||||
|   Redistribution and use in source and binary forms, with or without | ||||
|   modification, are permitted provided that the following conditions | ||||
|   are met: | ||||
| 
 | ||||
|   1. Redistributions of source code must retain the above copyright | ||||
|      notice, this list of conditions and the following disclaimer. | ||||
|   2. Redistributions in binary form must reproduce the above copyright | ||||
|      notice, this list of conditions and the following disclaimer in the | ||||
|      documentation and/or other materials provided with the distribution. | ||||
|   3. The name of the author may not be used to endorse or promote products | ||||
|      derived from this software without specific prior written permission. | ||||
| 
 | ||||
|   THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||||
|   IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||||
|   OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||||
|   IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||||
|   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||||
|   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||||
|   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||||
|   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||||
|   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||||
|   THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| 
 | ||||
| 
 | ||||
| F: | ||||
|   3-Clause BSD License | ||||
| 
 | ||||
|   Redistribution and use in source and binary forms, with or without | ||||
|   modification, are permitted provided that the following conditions | ||||
|   are met: | ||||
| 
 | ||||
|   1. Redistributions of source code must retain the above copyright | ||||
|      notice, this list of conditions and the following disclaimer. | ||||
|   2. Redistributions in binary form must reproduce the above copyright | ||||
|      notice, this list of conditions and the following disclaimer in the | ||||
|      documentation and/or other materials provided with the distribution. | ||||
|   3. Neither the name of the copyright holder nor the names of its | ||||
|      contributors may be used to endorse or promote products derived from | ||||
|      this software without specific prior written permission. | ||||
| 
 | ||||
|   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS | ||||
|   IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, | ||||
|   THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||||
|   PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR | ||||
|   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| 
 | ||||
| 
 | ||||
| G: | ||||
|   2-Clause BSD License | ||||
| 
 | ||||
|   Redistribution and use in source and binary forms, with or without modification, | ||||
|   are permitted provided that the following conditions are met: | ||||
| 
 | ||||
|   1. Redistributions of source code must retain the above copyright notice, | ||||
|      this list of conditions and the following disclaimer. | ||||
| 
 | ||||
|   2. Redistributions in binary form must reproduce the above copyright notice, | ||||
|      this list of conditions and the following disclaimer in the documentation and/or | ||||
|      other materials provided with the distribution. | ||||
| 
 | ||||
|   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | ||||
|   ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||||
|   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||||
|   IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | ||||
|   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | ||||
|   BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, | ||||
|   OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, | ||||
|   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||||
|   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||||
|   POSSIBILITY OF SUCH DAMAGE. | ||||
| 
 | ||||
| 
 | ||||
| H: | ||||
|                   GNU LESSER GENERAL PUBLIC LICENSE | ||||
|                        Version 2.1, February 1999 | ||||
| 
 | ||||
|  Copyright (C) 1991, 1999 Free Software Foundation, Inc. | ||||
|  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA | ||||
|  Everyone is permitted to copy and distribute verbatim copies | ||||
|  of this license document, but changing it is not allowed. | ||||
| 
 | ||||
| [This is the first released version of the Lesser GPL.  It also counts | ||||
|  as the successor of the GNU Library Public License, version 2, hence | ||||
|  the version number 2.1.] | ||||
| 
 | ||||
|                             Preamble | ||||
| 
 | ||||
|   The licenses for most software are designed to take away your | ||||
| freedom to share and change it.  By contrast, the GNU General Public | ||||
| Licenses are intended to guarantee your freedom to share and change | ||||
| free software--to make sure the software is free for all its users. | ||||
| 
 | ||||
|   This license, the Lesser General Public License, applies to some | ||||
| specially designated software packages--typically libraries--of the | ||||
| Free Software Foundation and other authors who decide to use it.  You | ||||
| can use it too, but we suggest you first think carefully about whether | ||||
| this license or the ordinary General Public License is the better | ||||
| strategy to use in any particular case, based on the explanations below. | ||||
| 
 | ||||
|   When we speak of free software, we are referring to freedom of use, | ||||
| not price.  Our General Public Licenses are designed to make sure that | ||||
| you have the freedom to distribute copies of free software (and charge | ||||
| for this service if you wish); that you receive source code or can get | ||||
| it if you want it; that you can change the software and use pieces of | ||||
| it in new free programs; and that you are informed that you can do | ||||
| these things. | ||||
| 
 | ||||
|   To protect your rights, we need to make restrictions that forbid | ||||
| distributors to deny you these rights or to ask you to surrender these | ||||
| rights.  These restrictions translate to certain responsibilities for | ||||
| you if you distribute copies of the library or if you modify it. | ||||
| 
 | ||||
|   For example, if you distribute copies of the library, whether gratis | ||||
| or for a fee, you must give the recipients all the rights that we gave | ||||
| you.  You must make sure that they, too, receive or can get the source | ||||
| code.  If you link other code with the library, you must provide | ||||
| complete object files to the recipients, so that they can relink them | ||||
| with the library after making changes to the library and recompiling | ||||
| it.  And you must show them these terms so they know their rights. | ||||
| 
 | ||||
|   We protect your rights with a two-step method: (1) we copyright the | ||||
| library, and (2) we offer you this license, which gives you legal | ||||
| permission to copy, distribute and/or modify the library. | ||||
| 
 | ||||
|   To protect each distributor, we want to make it very clear that | ||||
| there is no warranty for the free library.  Also, if the library is | ||||
| modified by someone else and passed on, the recipients should know | ||||
| that what they have is not the original version, so that the original | ||||
| author's reputation will not be affected by problems that might be | ||||
| introduced by others. | ||||
|  | ||||
|   Finally, software patents pose a constant threat to the existence of | ||||
| any free program.  We wish to make sure that a company cannot | ||||
| effectively restrict the users of a free program by obtaining a | ||||
| restrictive license from a patent holder.  Therefore, we insist that | ||||
| any patent license obtained for a version of the library must be | ||||
| consistent with the full freedom of use specified in this license. | ||||
| 
 | ||||
|   Most GNU software, including some libraries, is covered by the | ||||
| ordinary GNU General Public License.  This license, the GNU Lesser | ||||
| General Public License, applies to certain designated libraries, and | ||||
| is quite different from the ordinary General Public License.  We use | ||||
| this license for certain libraries in order to permit linking those | ||||
| libraries into non-free programs. | ||||
| 
 | ||||
|   When a program is linked with a library, whether statically or using | ||||
| a shared library, the combination of the two is legally speaking a | ||||
| combined work, a derivative of the original library.  The ordinary | ||||
| General Public License therefore permits such linking only if the | ||||
| entire combination fits its criteria of freedom.  The Lesser General | ||||
| Public License permits more lax criteria for linking other code with | ||||
| the library. | ||||
| 
 | ||||
|   We call this license the "Lesser" General Public License because it | ||||
| does Less to protect the user's freedom than the ordinary General | ||||
| Public License.  It also provides other free software developers Less | ||||
| of an advantage over competing non-free programs.  These disadvantages | ||||
| are the reason we use the ordinary General Public License for many | ||||
| libraries.  However, the Lesser license provides advantages in certain | ||||
| special circumstances. | ||||
| 
 | ||||
|   For example, on rare occasions, there may be a special need to | ||||
| encourage the widest possible use of a certain library, so that it becomes | ||||
| a de-facto standard.  To achieve this, non-free programs must be | ||||
| allowed to use the library.  A more frequent case is that a free | ||||
| library does the same job as widely used non-free libraries.  In this | ||||
| case, there is little to gain by limiting the free library to free | ||||
| software only, so we use the Lesser General Public License. | ||||
| 
 | ||||
|   In other cases, permission to use a particular library in non-free | ||||
| programs enables a greater number of people to use a large body of | ||||
| free software.  For example, permission to use the GNU C Library in | ||||
| non-free programs enables many more people to use the whole GNU | ||||
| operating system, as well as its variant, the GNU/Linux operating | ||||
| system. | ||||
| 
 | ||||
|   Although the Lesser General Public License is Less protective of the | ||||
| users' freedom, it does ensure that the user of a program that is | ||||
| linked with the Library has the freedom and the wherewithal to run | ||||
| that program using a modified version of the Library. | ||||
| 
 | ||||
|   The precise terms and conditions for copying, distribution and | ||||
| modification follow.  Pay close attention to the difference between a | ||||
| "work based on the library" and a "work that uses the library".  The | ||||
| former contains code derived from the library, whereas the latter must | ||||
| be combined with the library in order to run. | ||||
|  | ||||
|                   GNU LESSER GENERAL PUBLIC LICENSE | ||||
|    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION | ||||
| 
 | ||||
|   0. This License Agreement applies to any software library or other | ||||
| program which contains a notice placed by the copyright holder or | ||||
| other authorized party saying it may be distributed under the terms of | ||||
| this Lesser General Public License (also called "this License"). | ||||
| Each licensee is addressed as "you". | ||||
| 
 | ||||
|   A "library" means a collection of software functions and/or data | ||||
| prepared so as to be conveniently linked with application programs | ||||
| (which use some of those functions and data) to form executables. | ||||
| 
 | ||||
|   The "Library", below, refers to any such software library or work | ||||
| which has been distributed under these terms.  A "work based on the | ||||
| Library" means either the Library or any derivative work under | ||||
| copyright law: that is to say, a work containing the Library or a | ||||
| portion of it, either verbatim or with modifications and/or translated | ||||
| straightforwardly into another language.  (Hereinafter, translation is | ||||
| included without limitation in the term "modification".) | ||||
| 
 | ||||
|   "Source code" for a work means the preferred form of the work for | ||||
| making modifications to it.  For a library, complete source code means | ||||
| all the source code for all modules it contains, plus any associated | ||||
| interface definition files, plus the scripts used to control compilation | ||||
| and installation of the library. | ||||
| 
 | ||||
|   Activities other than copying, distribution and modification are not | ||||
| covered by this License; they are outside its scope.  The act of | ||||
| running a program using the Library is not restricted, and output from | ||||
| such a program is covered only if its contents constitute a work based | ||||
| on the Library (independent of the use of the Library in a tool for | ||||
| writing it).  Whether that is true depends on what the Library does | ||||
| and what the program that uses the Library does. | ||||
| 
 | ||||
|   1. You may copy and distribute verbatim copies of the Library's | ||||
| complete source code as you receive it, in any medium, provided that | ||||
| you conspicuously and appropriately publish on each copy an | ||||
| appropriate copyright notice and disclaimer of warranty; keep intact | ||||
| all the notices that refer to this License and to the absence of any | ||||
| warranty; and distribute a copy of this License along with the | ||||
| Library. | ||||
| 
 | ||||
|   You may charge a fee for the physical act of transferring a copy, | ||||
| and you may at your option offer warranty protection in exchange for a | ||||
| fee. | ||||
|  | ||||
|   2. You may modify your copy or copies of the Library or any portion | ||||
| of it, thus forming a work based on the Library, and copy and | ||||
| distribute such modifications or work under the terms of Section 1 | ||||
| above, provided that you also meet all of these conditions: | ||||
| 
 | ||||
|     a) The modified work must itself be a software library. | ||||
| 
 | ||||
|     b) You must cause the files modified to carry prominent notices | ||||
|     stating that you changed the files and the date of any change. | ||||
| 
 | ||||
|     c) You must cause the whole of the work to be licensed at no | ||||
|     charge to all third parties under the terms of this License. | ||||
| 
 | ||||
|     d) If a facility in the modified Library refers to a function or a | ||||
|     table of data to be supplied by an application program that uses | ||||
|     the facility, other than as an argument passed when the facility | ||||
|     is invoked, then you must make a good faith effort to ensure that, | ||||
|     in the event an application does not supply such function or | ||||
|     table, the facility still operates, and performs whatever part of | ||||
|     its purpose remains meaningful. | ||||
| 
 | ||||
|     (For example, a function in a library to compute square roots has | ||||
|     a purpose that is entirely well-defined independent of the | ||||
|     application.  Therefore, Subsection 2d requires that any | ||||
|     application-supplied function or table used by this function must | ||||
|     be optional: if the application does not supply it, the square | ||||
|     root function must still compute square roots.) | ||||
| 
 | ||||
| These requirements apply to the modified work as a whole.  If | ||||
| identifiable sections of that work are not derived from the Library, | ||||
| and can be reasonably considered independent and separate works in | ||||
| themselves, then this License, and its terms, do not apply to those | ||||
| sections when you distribute them as separate works.  But when you | ||||
| distribute the same sections as part of a whole which is a work based | ||||
| on the Library, the distribution of the whole must be on the terms of | ||||
| this License, whose permissions for other licensees extend to the | ||||
| entire whole, and thus to each and every part regardless of who wrote | ||||
| it. | ||||
| 
 | ||||
| Thus, it is not the intent of this section to claim rights or contest | ||||
| your rights to work written entirely by you; rather, the intent is to | ||||
| exercise the right to control the distribution of derivative or | ||||
| collective works based on the Library. | ||||
| 
 | ||||
| In addition, mere aggregation of another work not based on the Library | ||||
| with the Library (or with a work based on the Library) on a volume of | ||||
| a storage or distribution medium does not bring the other work under | ||||
| the scope of this License. | ||||
| 
 | ||||
|   3. You may opt to apply the terms of the ordinary GNU General Public | ||||
| License instead of this License to a given copy of the Library.  To do | ||||
| this, you must alter all the notices that refer to this License, so | ||||
| that they refer to the ordinary GNU General Public License, version 2, | ||||
| instead of to this License.  (If a newer version than version 2 of the | ||||
| ordinary GNU General Public License has appeared, then you can specify | ||||
| that version instead if you wish.)  Do not make any other change in | ||||
| these notices. | ||||
|  | ||||
|   Once this change is made in a given copy, it is irreversible for | ||||
| that copy, so the ordinary GNU General Public License applies to all | ||||
| subsequent copies and derivative works made from that copy. | ||||
| 
 | ||||
|   This option is useful when you wish to copy part of the code of | ||||
| the Library into a program that is not a library. | ||||
| 
 | ||||
|   4. You may copy and distribute the Library (or a portion or | ||||
| derivative of it, under Section 2) in object code or executable form | ||||
| under the terms of Sections 1 and 2 above provided that you accompany | ||||
| it with the complete corresponding machine-readable source code, which | ||||
| must be distributed under the terms of Sections 1 and 2 above on a | ||||
| medium customarily used for software interchange. | ||||
| 
 | ||||
|   If distribution of object code is made by offering access to copy | ||||
| from a designated place, then offering equivalent access to copy the | ||||
| source code from the same place satisfies the requirement to | ||||
| distribute the source code, even though third parties are not | ||||
| compelled to copy the source along with the object code. | ||||
| 
 | ||||
|   5. A program that contains no derivative of any portion of the | ||||
| Library, but is designed to work with the Library by being compiled or | ||||
| linked with it, is called a "work that uses the Library".  Such a | ||||
| work, in isolation, is not a derivative work of the Library, and | ||||
| therefore falls outside the scope of this License. | ||||
| 
 | ||||
|   However, linking a "work that uses the Library" with the Library | ||||
| creates an executable that is a derivative of the Library (because it | ||||
| contains portions of the Library), rather than a "work that uses the | ||||
| library".  The executable is therefore covered by this License. | ||||
| Section 6 states terms for distribution of such executables. | ||||
| 
 | ||||
|   When a "work that uses the Library" uses material from a header file | ||||
| that is part of the Library, the object code for the work may be a | ||||
| derivative work of the Library even though the source code is not. | ||||
| Whether this is true is especially significant if the work can be | ||||
| linked without the Library, or if the work is itself a library.  The | ||||
| threshold for this to be true is not precisely defined by law. | ||||
| 
 | ||||
|   If such an object file uses only numerical parameters, data | ||||
| structure layouts and accessors, and small macros and small inline | ||||
| functions (ten lines or less in length), then the use of the object | ||||
| file is unrestricted, regardless of whether it is legally a derivative | ||||
| work.  (Executables containing this object code plus portions of the | ||||
| Library will still fall under Section 6.) | ||||
| 
 | ||||
|   Otherwise, if the work is a derivative of the Library, you may | ||||
| distribute the object code for the work under the terms of Section 6. | ||||
| Any executables containing that work also fall under Section 6, | ||||
| whether or not they are linked directly with the Library itself. | ||||
|  | ||||
|   6. As an exception to the Sections above, you may also combine or | ||||
| link a "work that uses the Library" with the Library to produce a | ||||
| work containing portions of the Library, and distribute that work | ||||
| under terms of your choice, provided that the terms permit | ||||
| modification of the work for the customer's own use and reverse | ||||
| engineering for debugging such modifications. | ||||
| 
 | ||||
|   You must give prominent notice with each copy of the work that the | ||||
| Library is used in it and that the Library and its use are covered by | ||||
| this License.  You must supply a copy of this License.  If the work | ||||
| during execution displays copyright notices, you must include the | ||||
| copyright notice for the Library among them, as well as a reference | ||||
| directing the user to the copy of this License.  Also, you must do one | ||||
| of these things: | ||||
| 
 | ||||
|     a) Accompany the work with the complete corresponding | ||||
|     machine-readable source code for the Library including whatever | ||||
|     changes were used in the work (which must be distributed under | ||||
|     Sections 1 and 2 above); and, if the work is an executable linked | ||||
|     with the Library, with the complete machine-readable "work that | ||||
|     uses the Library", as object code and/or source code, so that the | ||||
|     user can modify the Library and then relink to produce a modified | ||||
|     executable containing the modified Library.  (It is understood | ||||
|     that the user who changes the contents of definitions files in the | ||||
|     Library will not necessarily be able to recompile the application | ||||
|     to use the modified definitions.) | ||||
| 
 | ||||
|     b) Use a suitable shared library mechanism for linking with the | ||||
|     Library.  A suitable mechanism is one that (1) uses at run time a | ||||
|     copy of the library already present on the user's computer system, | ||||
|     rather than copying library functions into the executable, and (2) | ||||
|     will operate properly with a modified version of the library, if | ||||
|     the user installs one, as long as the modified version is | ||||
|     interface-compatible with the version that the work was made with. | ||||
| 
 | ||||
|     c) Accompany the work with a written offer, valid for at | ||||
|     least three years, to give the same user the materials | ||||
|     specified in Subsection 6a, above, for a charge no more | ||||
|     than the cost of performing this distribution. | ||||
| 
 | ||||
|     d) If distribution of the work is made by offering access to copy | ||||
|     from a designated place, offer equivalent access to copy the above | ||||
|     specified materials from the same place. | ||||
| 
 | ||||
|     e) Verify that the user has already received a copy of these | ||||
|     materials or that you have already sent this user a copy. | ||||
| 
 | ||||
|   For an executable, the required form of the "work that uses the | ||||
| Library" must include any data and utility programs needed for | ||||
| reproducing the executable from it.  However, as a special exception, | ||||
| the materials to be distributed need not include anything that is | ||||
| normally distributed (in either source or binary form) with the major | ||||
| components (compiler, kernel, and so on) of the operating system on | ||||
| which the executable runs, unless that component itself accompanies | ||||
| the executable. | ||||
| 
 | ||||
|   It may happen that this requirement contradicts the license | ||||
| restrictions of other proprietary libraries that do not normally | ||||
| accompany the operating system.  Such a contradiction means you cannot | ||||
| use both them and the Library together in an executable that you | ||||
| distribute. | ||||
|  | ||||
|   7. You may place library facilities that are a work based on the | ||||
| Library side-by-side in a single library together with other library | ||||
| facilities not covered by this License, and distribute such a combined | ||||
| library, provided that the separate distribution of the work based on | ||||
| the Library and of the other library facilities is otherwise | ||||
| permitted, and provided that you do these two things: | ||||
| 
 | ||||
|     a) Accompany the combined library with a copy of the same work | ||||
|     based on the Library, uncombined with any other library | ||||
|     facilities.  This must be distributed under the terms of the | ||||
|     Sections above. | ||||
| 
 | ||||
|     b) Give prominent notice with the combined library of the fact | ||||
|     that part of it is a work based on the Library, and explaining | ||||
|     where to find the accompanying uncombined form of the same work. | ||||
| 
 | ||||
|   8. You may not copy, modify, sublicense, link with, or distribute | ||||
| the Library except as expressly provided under this License.  Any | ||||
| attempt otherwise to copy, modify, sublicense, link with, or | ||||
| distribute the Library is void, and will automatically terminate your | ||||
| rights under this License.  However, parties who have received copies, | ||||
| or rights, from you under this License will not have their licenses | ||||
| terminated so long as such parties remain in full compliance. | ||||
| 
 | ||||
|   9. You are not required to accept this License, since you have not | ||||
| signed it.  However, nothing else grants you permission to modify or | ||||
| distribute the Library or its derivative works.  These actions are | ||||
| prohibited by law if you do not accept this License.  Therefore, by | ||||
| modifying or distributing the Library (or any work based on the | ||||
| Library), you indicate your acceptance of this License to do so, and | ||||
| all its terms and conditions for copying, distributing or modifying | ||||
| the Library or works based on it. | ||||
| 
 | ||||
|   10. Each time you redistribute the Library (or any work based on the | ||||
| Library), the recipient automatically receives a license from the | ||||
| original licensor to copy, distribute, link with or modify the Library | ||||
| subject to these terms and conditions.  You may not impose any further | ||||
| restrictions on the recipients' exercise of the rights granted herein. | ||||
| You are not responsible for enforcing compliance by third parties with | ||||
| this License. | ||||
|  | ||||
|   11. If, as a consequence of a court judgment or allegation of patent | ||||
| infringement or for any other reason (not limited to patent issues), | ||||
| conditions are imposed on you (whether by court order, agreement or | ||||
| otherwise) that contradict the conditions of this License, they do not | ||||
| excuse you from the conditions of this License.  If you cannot | ||||
| distribute so as to satisfy simultaneously your obligations under this | ||||
| License and any other pertinent obligations, then as a consequence you | ||||
| may not distribute the Library at all.  For example, if a patent | ||||
| license would not permit royalty-free redistribution of the Library by | ||||
| all those who receive copies directly or indirectly through you, then | ||||
| the only way you could satisfy both it and this License would be to | ||||
| refrain entirely from distribution of the Library. | ||||
| 
 | ||||
| If any portion of this section is held invalid or unenforceable under any | ||||
| particular circumstance, the balance of the section is intended to apply, | ||||
| and the section as a whole is intended to apply in other circumstances. | ||||
| 
 | ||||
| It is not the purpose of this section to induce you to infringe any | ||||
| patents or other property right claims or to contest validity of any | ||||
| such claims; this section has the sole purpose of protecting the | ||||
| integrity of the free software distribution system which is | ||||
| implemented by public license practices.  Many people have made | ||||
| generous contributions to the wide range of software distributed | ||||
| through that system in reliance on consistent application of that | ||||
| system; it is up to the author/donor to decide if he or she is willing | ||||
| to distribute software through any other system and a licensee cannot | ||||
| impose that choice. | ||||
| 
 | ||||
| This section is intended to make thoroughly clear what is believed to | ||||
| be a consequence of the rest of this License. | ||||
| 
 | ||||
|   12. If the distribution and/or use of the Library is restricted in | ||||
| certain countries either by patents or by copyrighted interfaces, the | ||||
| original copyright holder who places the Library under this License may add | ||||
| an explicit geographical distribution limitation excluding those countries, | ||||
| so that distribution is permitted only in or among countries not thus | ||||
| excluded.  In such case, this License incorporates the limitation as if | ||||
| written in the body of this License. | ||||
| 
 | ||||
|   13. The Free Software Foundation may publish revised and/or new | ||||
| versions of the Lesser General Public License from time to time. | ||||
| Such new versions will be similar in spirit to the present version, | ||||
| but may differ in detail to address new problems or concerns. | ||||
| 
 | ||||
| Each version is given a distinguishing version number.  If the Library | ||||
| specifies a version number of this License which applies to it and | ||||
| "any later version", you have the option of following the terms and | ||||
| conditions either of that version or of any later version published by | ||||
| the Free Software Foundation.  If the Library does not specify a | ||||
| license version number, you may choose any version ever published by | ||||
| the Free Software Foundation. | ||||
|  | ||||
|   14. If you wish to incorporate parts of the Library into other free | ||||
| programs whose distribution conditions are incompatible with these, | ||||
| write to the author to ask for permission.  For software which is | ||||
| copyrighted by the Free Software Foundation, write to the Free | ||||
| Software Foundation; we sometimes make exceptions for this.  Our | ||||
| decision will be guided by the two goals of preserving the free status | ||||
| of all derivatives of our free software and of promoting the sharing | ||||
| and reuse of software generally. | ||||
| 
 | ||||
|                             NO WARRANTY | ||||
| 
 | ||||
|   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO | ||||
| WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. | ||||
| EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR | ||||
| OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY | ||||
| KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE | ||||
| IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||||
| PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE | ||||
| LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME | ||||
| THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. | ||||
| 
 | ||||
|   16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN | ||||
| WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY | ||||
| AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU | ||||
| FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR | ||||
| CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE | ||||
| LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING | ||||
| RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A | ||||
| FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF | ||||
| SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH | ||||
| DAMAGES. | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| Programs and licenses with other licenses and/or authors than the | ||||
| main license and authors: | ||||
| 
 | ||||
| lib/3rdParty/tcpdf/fonts/DejaVu*.ttf        A        Public Domain, Bitstream, Inc., Tavmjong Bah | ||||
| lib/3rdParty/tcpdf/fonts/DejaVu*.z          A        Public Domain, Bitstream, Inc., Tavmjong Bah | ||||
| lib/3rdParty/phpseclib                      B        Jim Wigginton | ||||
| templates/lib/*jquery*.js                   B  2010  John Resig, Paul Bakaus, Fred Heusschen | ||||
| lib/3rdParty/composer/beberlei                                       G  2013  Benjamin Eberlei | ||||
| lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano | ||||
| lib/3rdParty/composer/fgrosse                                        B  2015  Friedrich Große | ||||
| lib/3rdParty/composer/nyholm                                         B  2016  Tobias Nyholm | ||||
| lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Crypt_Blowfish       H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Exception            H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Idna                 G | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Imap_Client          H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_ListHeaders          H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Mail                 G | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Mime                 H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Secret               H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Socket_Client        H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream               H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Filter        H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Wrapper       G | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Support              G | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Text_Flowed          H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Translation          H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Util                 H | ||||
| lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team | ||||
| lib/3rdParty/composer/phpmailer                                      H | ||||
| lib/3rdParty/composer/psr                                            B  2018  PHP Framework Interoperability Group | ||||
| lib/3rdParty/composer/ramsey                                         B  2018  Ben Ramsey | ||||
| lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs | ||||
| lib/3rdParty/composer/symfony                                        B  2019  Fabien Potencier | ||||
| lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs | ||||
| lib/3rdParty/tcpdf                                                   D  2020  Nicola Asuni - Tecnick.com LTD | ||||
| lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah | ||||
| lib/3rdParty/phpseclib                                               B  2019  TerraFrost and other contributors | ||||
| lib/3rdParty/Monolog                                                 B  2011  Jordi Boggiano | ||||
| lib/3rdParty/Psr                                                     B  2012  PHP Framework Interoperability Group | ||||
| lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB | ||||
| templates/lib/*jquery*.js                                            B  2018  jQuery Foundation and other contributors | ||||
| style/120_jquery-ui*.css                                             B  2016  jQuery Foundation and other contributors | ||||
| templates/lib/*jquery-dropmenu-*.js                                  B  2010  Fred Heusschen | ||||
| templates/lib/*jquery-validationEngine-*.js B  2010  Cedric Dugas and Olivier Refalo | ||||
| style/150_jquery-dropmenu*.css                                       B  2010  Fred Heusschen | ||||
| templates/lib/*jquery-fineuploader-*.js                              B  2010  Andrew Valums | ||||
| 
 | ||||
| style/150_jquery-fineuploader*.css                                   B  2010  Andrew Valums | ||||
| templates/lib/*jquery-validationEngine-*.js                          B  2010  Cedric Dugas and Olivier Refalo | ||||
| style/150_jquery-validationEngine*.css                               B  2010  Cedric Dugas and Olivier Refalo | ||||
| templates/lib/extra/cropperjs                                        B  2018  Chen Fengyuan | ||||
| style/600_cropper*.css                                               B  2018  Chen Fengyuan | ||||
| templates/lib/extra/duo/*.js                                         E  2019  Duo Security | ||||
| lib/3rdParty/duo/*.php                                               E  2019  Duo Security | ||||
| graphics/webauthn.svg                                                F  2017  Duo Security, Inc. | ||||
| templates/lib/600_jquery.magnific-popup.js                           B  2016  Dmitry Semenov | ||||
| style/610_magnific-popup.css                                         B  2016  Dmitry Semenov | ||||
| style/responsive/105_normalize.css                                   B        Nicolas Gallagher and Jonathan Neal | ||||
| style/responsive/110_grid.css                                        B | ||||
| 
 | ||||
|  |  | |||
|  | @ -4,13 +4,7 @@ Alias /lam /usr/share/ldap-account-manager | |||
| <Directory /usr/share/ldap-account-manager> | ||||
|   Options +FollowSymLinks | ||||
|   AllowOverride All | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Allow from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all granted | ||||
|   </IfModule> | ||||
|   DirectoryIndex index.html | ||||
| </Directory> | ||||
| 
 | ||||
|  | @ -20,67 +14,31 @@ Alias /lam /usr/share/ldap-account-manager | |||
| 
 | ||||
| <Directory /var/lib/ldap-account-manager/tmp/internal> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /var/lib/ldap-account-manager/sess> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /var/lib/ldap-account-manager/config> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /usr/share/ldap-account-manager/lib> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /usr/share/ldap-account-manager/help> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
| <Directory /usr/share/ldap-account-manager/locale> | ||||
|   Options -Indexes | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Directory> | ||||
| 
 | ||||
|  |  | |||
|  | @ -6,9 +6,9 @@ if [ ! -e $outFile ]; then | |||
| 	files=`ls templates/lib/*.js` | ||||
| 	jsFiles="" | ||||
| 	for file in $files; do | ||||
| 		jsFiles="$jsFiles --js $file" | ||||
| 		jsFiles="$jsFiles $file" | ||||
| 	done | ||||
| 	closure-compiler --charset UTF-8 $jsFiles --js_output_file $outFile | ||||
| 	uglifyjs -o $outFile $jsFiles | ||||
| 	rm $files | ||||
| 	# add final new line to supress Debian warnings | ||||
| 	echo "" >> $outFile | ||||
|  | @ -17,7 +17,7 @@ fi | |||
| files=`ls style/*.css` | ||||
| outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css | ||||
| if [ ! -e $outFile ]; then | ||||
| 	cat $files | cleancss -o ${outFile} | ||||
| 	cat $files | cleancss --skip-rebase -o ${outFile} | ||||
| 	rm $files | ||||
| 	# add final new line to supress Debian warnings | ||||
| 	echo "" >> $outFile | ||||
|  |  | |||
|  | @ -9,6 +9,14 @@ fi | |||
| . /usr/share/debconf/confmodule | ||||
| db_version 2.0 || [ $? -lt 30 ] | ||||
| 
 | ||||
| # 3rd party libs | ||||
| phpThirdPartyLibs='phpseclib Monolog Psr' | ||||
| for phpThirdPartyLib in $phpThirdPartyLibs; do | ||||
| 	if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then | ||||
| 		ln -s /usr/share/php/${phpThirdPartyLib} /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} | ||||
| 	fi | ||||
| done | ||||
| 
 | ||||
| cd /usr/share/ldap-account-manager/config-samples/profiles | ||||
| files=`ls -a default.*` | ||||
| for file in $files; do | ||||
|  | @ -28,12 +36,15 @@ files=`ls -a *.jpg` | |||
| for file in $files; do | ||||
| 	cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file | ||||
| done | ||||
| if [ ! -h /usr/share/ldap-account-manager/config ]; then\ | ||||
|   ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi | ||||
| if [ ! -h /usr/share/ldap-account-manager/sess ]; then\ | ||||
|   ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi | ||||
| if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\ | ||||
|   ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi | ||||
| if [ ! -h /usr/share/ldap-account-manager/config ]; then | ||||
|   ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config | ||||
| fi | ||||
| if [ ! -h /usr/share/ldap-account-manager/sess ]; then | ||||
|   ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess | ||||
| fi | ||||
| if [ ! -h /usr/share/ldap-account-manager/tmp ]; then | ||||
|   ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp | ||||
| fi | ||||
| chown www-data /etc/ldap-account-manager/config.cfg | ||||
| chmod 600 /etc/ldap-account-manager/config.cfg | ||||
| chown www-data /var/lib/ldap-account-manager/sess | ||||
|  | @ -43,9 +54,14 @@ chown www-data /var/lib/ldap-account-manager/tmp/internal | |||
| chmod 700 /var/lib/ldap-account-manager/tmp | ||||
| chown -R www-data /var/lib/ldap-account-manager/config | ||||
| chmod 700 /var/lib/ldap-account-manager/config | ||||
| if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \ | ||||
|    then cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf; \ | ||||
| 	chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi | ||||
| set +e | ||||
| ls -l /var/lib/ldap-account-manager/config/*.conf &> /dev/null | ||||
| cfgFilesExist=$? | ||||
| set -e | ||||
| if [ $cfgFilesExist -ne 0 ]; then | ||||
|   cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf | ||||
| 	chown www-data /var/lib/ldap-account-manager/config/lam.conf | ||||
| fi | ||||
| chmod 600 /var/lib/ldap-account-manager/config/*.conf | ||||
| if [ "$1" = "configure" ]; then | ||||
|     db_get "ldap-account-manager/alias" | ||||
|  |  | |||
|  | @ -49,6 +49,15 @@ if [ -f /usr/share/debconf/confmodule ]; then | |||
| 		done | ||||
| 	fi | ||||
| 
 | ||||
| 	# 3rd party libs | ||||
| 	phpThirdPartyLibs='phpseclib tcpdf Monolog Psr' | ||||
| 	for phpThirdPartyLib in $phpThirdPartyLibs; do | ||||
| 		if [ -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then | ||||
| 			rm /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} | ||||
| 		fi | ||||
| 	done | ||||
| 
 | ||||
| 
 | ||||
| 	set -e | ||||
| 	if [ "$1" = "purge" ]; then | ||||
| 		rm -r -f /usr/share/ldap-account-manager | ||||
|  |  | |||
|  | @ -0,0 +1,17 @@ | |||
| #!/bin/bash | ||||
| 
 | ||||
| set -e | ||||
| 
 | ||||
| if [ "$1" != "upgrade" ]; then | ||||
|     exit 0 | ||||
| fi | ||||
| 
 | ||||
| # 3rd party libs | ||||
| phpThirdPartyLibs='phpseclib tcpdf Monolog Psr' | ||||
| for phpThirdPartyLib in $phpThirdPartyLibs; do | ||||
| 	if [ -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then | ||||
| 		rm /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} | ||||
| 	fi | ||||
| done | ||||
| 
 | ||||
| #DEBHELPER# | ||||
|  | @ -23,6 +23,7 @@ install: | |||
| 
 | ||||
| 	install -D --mode=644 index.html debian/ldap-account-manager/usr/share/ldap-account-manager/index.html | ||||
| 	install -D --mode=644 VERSION debian/ldap-account-manager/usr/share/ldap-account-manager/VERSION | ||||
| 	install -D --mode=644 pwa_worker.js debian/ldap-account-manager/usr/share/ldap-account-manager/pwa_worker.js | ||||
| 	install -D --mode=644 tmp/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/.htaccess | ||||
| 	install -D --mode=644 tmp/internal/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/internal/.htaccess | ||||
| 	install -D --mode=644 config/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/config/.htaccess | ||||
|  | @ -43,7 +44,14 @@ install: | |||
| 	cp -r lib/modules debian/ldap-account-manager/usr/share/ldap-account-manager/lib/ | ||||
| 	cp -r lib/types debian/ldap-account-manager/usr/share/ldap-account-manager/lib/ | ||||
| 	cp -r lib/tools debian/ldap-account-manager/usr/share/ldap-account-manager/lib/ | ||||
| 	cp -r lib/3rdParty debian/ldap-account-manager/usr/share/ldap-account-manager/lib/ | ||||
| 
 | ||||
| 	# 3rd party libs are linked | ||||
| 	install -d --mode=755 debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty | ||||
| 	cp -r lib/3rdParty/composer debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/ | ||||
| 	cp -r lib/3rdParty/yubico debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/ | ||||
| 	cp -r lib/3rdParty/tcpdf debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/ | ||||
| 	cp -r lib/3rdParty/duo debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/ | ||||
| 
 | ||||
| 	cp -r locale debian/ldap-account-manager/usr/share/ldap-account-manager/ | ||||
| 	install -D --mode=644 sess/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/sess/.htaccess | ||||
| 	cp -r style debian/ldap-account-manager/usr/share/ldap-account-manager/ | ||||
|  | @ -64,8 +72,6 @@ binary-indep: build install | |||
| 	dh_install | ||||
| 	dh_compress | ||||
| 	dh_fixperms | ||||
| 	dh_link /usr/share/fonts/truetype/dejavu/DejaVuSerif.ttf /usr/share/ldap-account-manager/lib/3rdParty/tcpdf/fonts/DejaVuSerif.ttf | ||||
| 	dh_link /usr/share/fonts/truetype/dejavu/DejaVuSerif-Bold.ttf /usr/share/ldap-account-manager/lib/3rdParty/tcpdf/fonts/DejaVuSerif-Bold.ttf | ||||
| 	dh_link /usr/share/doc/ldap-account-manager/docs /usr/share/ldap-account-manager/docs | ||||
| 	install -D --mode=644 debian/lam.apache.conf debian/ldap-account-manager/etc/ldap-account-manager/apache.conf | ||||
| 	install -D --mode=644 debian/lam.nginx.conf debian/ldap-account-manager/etc/ldap-account-manager/nginx.conf | ||||
|  |  | |||
|  | @ -0,0 +1,36 @@ | |||
| # | ||||
| # LAM setup | ||||
| # | ||||
| # skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false) | ||||
| # If set to false the other variables below have no effect. | ||||
| LAM_SKIP_PRECONFIGURE=false | ||||
| # domain of LDAP database root entry, will be converted to dc=...,dc=... | ||||
| LDAP_DOMAIN=my-domain.com | ||||
| # LDAP base DN to overwrite value generated by LDAP_DOMAIN | ||||
| LDAP_BASE_DN=dc=my-domain,dc=com | ||||
| # LDAP users DN to overwrite value provided by LDAP_BASE_DN | ||||
| LDAP_USERS_DN=ou=people,dc=my-domain,dc=com | ||||
| # LDAP groups DN to overwrite value provided by LDAP_BASE_DN | ||||
| LDAP_GROUPS_DN=ou=groups,dc=my-domain,dc=com | ||||
| 
 | ||||
| # LDAP server URL | ||||
| LDAP_SERVER=ldap://ldap:389 | ||||
| # LDAP admin user (set as login user for LAM) | ||||
| LDAP_USER=cn=admin,dc=my-domain,dc=com | ||||
| # default language, e.g. en_US, de_DE, fr_FR, ... | ||||
| LAM_LANG=en_US | ||||
| # LAM configuration master password and password for server profile "lam" | ||||
| LAM_PASSWORD=lam | ||||
| 
 | ||||
| # deactivate TLS certificate checks, activate for development only | ||||
| LAM_DISABLE_TLS_CHECK=false | ||||
| 
 | ||||
| # | ||||
| # docker-compose only, LDAP server setup | ||||
| # | ||||
| # LDAP organisation name for OpenLDAP | ||||
| LDAP_ORGANISATION="LDAP Account Manager Demo" | ||||
| # LDAP admin password | ||||
| LDAP_ADMIN_PASSWORD=adminpw | ||||
| # password for LDAP read-only user | ||||
| LDAP_READONLY_USER_PASSWORD=readonlypw | ||||
|  | @ -0,0 +1,112 @@ | |||
| # | ||||
| #  Docker image for LDAP Account Manager | ||||
| 
 | ||||
| #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) | ||||
| #  Copyright (C) 2019 - 2020  Roland Gruber | ||||
| 
 | ||||
| #  This program is free software; you can redistribute it and/or modify | ||||
| #  it under the terms of the GNU General Public License as published by | ||||
| #  the Free Software Foundation; either version 2 of the License, or | ||||
| #  (at your option) any later version. | ||||
| 
 | ||||
| #  This program is distributed in the hope that it will be useful, | ||||
| #  but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
| #  GNU General Public License for more details. | ||||
| 
 | ||||
| #  You should have received a copy of the GNU General Public License | ||||
| #  along with this program; if not, write to the Free Software | ||||
| #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA | ||||
| 
 | ||||
| # | ||||
| #  Usage: run this command: docker run -p 8080:80 -it -d ldapaccountmanager/lam:stable | ||||
| # | ||||
| #  Then access LAM at http://localhost:8080/ | ||||
| #  You can change the port 8080 if needed. | ||||
| #  See possible environment variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env | ||||
| # | ||||
| 
 | ||||
| FROM debian:buster-slim | ||||
| LABEL maintainer="Roland Gruber <post@rolandgruber.de>" | ||||
| 
 | ||||
| ARG LAM_RELEASE=7.3.RC1 | ||||
| EXPOSE 80 | ||||
| 
 | ||||
| ENV \ | ||||
|     DEBIAN_FRONTEND=noninteractive \ | ||||
|     DEBUG='' | ||||
| 
 | ||||
| RUN apt-get update && \ | ||||
|     apt-get upgrade -y | ||||
| 
 | ||||
| # install locales | ||||
| RUN apt-get install -y locales | ||||
| RUN sed -i 's/^# *\(ca_ES.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(cz_CZ.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(de_DE.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(en_GB.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(es_ES.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(fr_FR.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(it_IT.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(hu_HU.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(nl_NL.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(pl_PL.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(pt_BR.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(ru_RU.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(sk_SK.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(tr_TR.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(uk_UA.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(ja_JP.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(zh_TW.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         sed -i 's/^# *\(zh_CN.UTF-8\)/\1/' /etc/locale.gen && \ | ||||
|         locale-gen | ||||
| 
 | ||||
| RUN apt-get install --no-install-recommends -y \ | ||||
|         apache2 \ | ||||
|         ca-certificates \ | ||||
|         dumb-init \ | ||||
|         fonts-dejavu \ | ||||
|         libapache2-mod-php \ | ||||
|         php \ | ||||
|         php-curl \ | ||||
|         php-gd \ | ||||
|         php-imagick \ | ||||
|         php-ldap \ | ||||
|         php-monolog \ | ||||
|         php-phpseclib \ | ||||
|         php-xml \ | ||||
|         php-zip \ | ||||
|         php-imap \ | ||||
|         php-gmp \ | ||||
|         wget \ | ||||
|     && \ | ||||
|     rm /etc/apache2/sites-enabled/*default* && \ | ||||
|     rm -rf /var/cache/apt /var/lib/apt/lists/* | ||||
| 
 | ||||
| # install LAM | ||||
| RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \ | ||||
|     -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \ | ||||
|     dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \ | ||||
|     rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb | ||||
| 
 | ||||
| # redirect Apache logging | ||||
| RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf | ||||
| # because there is no logging set in the lam vhost logging goes to other_vhost_access.log | ||||
| RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log | ||||
| 
 | ||||
| # add redirect for / | ||||
| RUN a2enmod rewrite | ||||
| RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \ | ||||
|  && echo "RewriteRule   ^/$  /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf | ||||
| 
 | ||||
| COPY start.sh /usr/local/bin/start.sh | ||||
| 
 | ||||
| WORKDIR /var/lib/ldap-account-manager/config | ||||
| 
 | ||||
| # start Apache when container starts | ||||
| ENTRYPOINT ["/usr/bin/dumb-init", "--"] | ||||
| CMD [ "/usr/local/bin/start.sh" ] | ||||
| 
 | ||||
| HEALTHCHECK --interval=1m --timeout=10s \ | ||||
|     CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>' | ||||
|  | @ -0,0 +1,42 @@ | |||
| version: '3.5' | ||||
| services: | ||||
|   ldap-account-manager: | ||||
|     build: | ||||
|       context: . | ||||
|     image: ldapaccountmanager/lam:7.3.RC1 | ||||
|     restart: unless-stopped | ||||
|     ports: | ||||
|       - "8080:80" | ||||
|     volumes: | ||||
|       - lametc/:/etc/ldap-account-manager | ||||
|       - lamconfig/:/var/lib/ldap-account-manager/config | ||||
|       - lamsession/:/var/lib/ldap-account-manager/sess | ||||
|     environment: | ||||
|       - LAM_PASSWORD=${LAM_PASSWORD} | ||||
|       - LAM_LANG=en_US | ||||
|       - LDAP_SERVER=${LDAP_SERVER} | ||||
|       - LDAP_DOMAIN=${LDAP_DOMAIN} | ||||
|       - LDAP_BASE_DN=${LDAP_BASE_DN} | ||||
|       - ADMIN_USER=cn=admin,${LDAP_BASE_DN} | ||||
|       - DEBUG=true | ||||
|   ldap: | ||||
|     image: osixia/openldap:latest | ||||
|     restart: unless-stopped | ||||
|     environment: | ||||
|       - LDAP_ORGANISATION=${LDAP_ORGANISATION} | ||||
|       - LDAP_DOMAIN=${LDAP_DOMAIN} | ||||
|       - LDAP_BASE_DN=${LDAP_BASE_DN} | ||||
|       - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD} | ||||
|       - LDAP_READONLY_USER=true | ||||
|       - LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD} | ||||
|     command: "--loglevel info --copy-service" | ||||
|     volumes: | ||||
|       - ldap:/var/lib/ldap | ||||
|       - slapd:/etc/ldap/slapd.d | ||||
| 
 | ||||
| volumes: | ||||
|   lametc: | ||||
|   lamconfig: | ||||
|   lamsession: | ||||
|   ldap: | ||||
|   slapd: | ||||
|  | @ -0,0 +1,66 @@ | |||
| #!/bin/bash | ||||
| # | ||||
| #  Docker start script for LDAP Account Manager | ||||
| 
 | ||||
| #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) | ||||
| #  Copyright (C) 2019  Felix Bartels | ||||
| 
 | ||||
| #  This program is free software; you can redistribute it and/or modify | ||||
| #  it under the terms of the GNU General Public License as published by | ||||
| #  the Free Software Foundation; either version 2 of the License, or | ||||
| #  (at your option) any later version. | ||||
| 
 | ||||
| #  This program is distributed in the hope that it will be useful, | ||||
| #  but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
| #  GNU General Public License for more details. | ||||
| 
 | ||||
| #  You should have received a copy of the GNU General Public License | ||||
| #  along with this program; if not, write to the Free Software | ||||
| #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA | ||||
| 
 | ||||
| 
 | ||||
| set -eu # unset variables are errors & non-zero return values exit the whole script | ||||
| [ "$DEBUG" ] && set -x | ||||
| 
 | ||||
| if [ "${LAM_DISABLE_TLS_CHECK:-}" == "true" ]; then | ||||
|   ln -s /etc/ldap/ldap.conf /etc/ldap.conf | ||||
|   echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf | ||||
| fi | ||||
| 
 | ||||
| LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}" | ||||
| if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then | ||||
| 
 | ||||
|   LAM_LANG="${LAM_LANG:-en_US}" | ||||
|   export LAM_PASSWORD="${LAM_PASSWORD:-lam}" | ||||
|   LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";') | ||||
|   LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}" | ||||
|   LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}" | ||||
|   LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" | ||||
|   LDAP_USERS_DN="${LDAP_USERS_DN:-${LDAP_BASE_DN}}" | ||||
|   LDAP_GROUPS_DN="${LDAP_GROUPS_DN:-${LDAP_BASE_DN}}" | ||||
|   LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}" | ||||
|    | ||||
|   sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF | ||||
|     s|^password:.*|password: ${LAM_PASSWORD_SSHA}|; | ||||
| EOF | ||||
|   unset LAM_PASSWORD | ||||
| 
 | ||||
|   sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF | ||||
|     s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|; | ||||
|     s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|; | ||||
|     s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|; | ||||
|     s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|; | ||||
|     s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|; | ||||
|     s|^.*suffix_user:.*|types: suffix_user: ${LDAP_USERS_DN}|; | ||||
|     s|^.*suffix_group:.*|types: suffix_group: ${LDAP_GROUPS_DN}|; | ||||
| EOF | ||||
| 
 | ||||
| fi | ||||
| 
 | ||||
| echo "Starting Apache" | ||||
| rm -f /run/apache2/apache2.pid | ||||
| set +u | ||||
| # shellcheck disable=SC1091 | ||||
| source /etc/apache2/envvars | ||||
| exec /usr/sbin/apache2 -DFOREGROUND | ||||
|  | @ -1,11 +1,5 @@ | |||
| <Files *> | ||||
|   Options +FollowSymLinks | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Allow from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all granted | ||||
|   </IfModule> | ||||
|   DirectoryIndex index.html | ||||
| </Files> | ||||
|  |  | |||
							
								
								
									
										137
									
								
								lam/HISTORY
								
								
								
								
							
							
						
						|  | @ -1,9 +1,127 @@ | |||
| June 2018 6.4 | ||||
| September 2020 | ||||
|   - PHP 7.4 compatibility | ||||
|   - Configuration export and import | ||||
|   - Server profiles support to specify a part of the DN to hide | ||||
|   - Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2) | ||||
|   - Better error messages on login when account is expired/deactivated/... | ||||
|   - Personal/Windows: photo can be uploaded via webcam | ||||
|   - Windows users: group display format can be configured (cn/dn) | ||||
|   - LAM Pro: | ||||
|    -> Windows: new cron job to send users a summary of their managed groups | ||||
|   - Fixed bugs: | ||||
|    -> Unix groups: memberUid was not deleted correctly when forced sync with group of names is active | ||||
| 
 | ||||
| 01.05.2020 7.2 | ||||
|   - Unix: allow to create group with same name during user creation | ||||
|   - LAM Pro: | ||||
|    -> EMail sending can be done via SMTP without local mail server | ||||
|    -> License expiration warning can be sent via email or disabled | ||||
|   - Fixed bugs: | ||||
|    -> Captcha don't show anymore in Self Service login page (213) | ||||
|    -> Unix memberships cannot be changed. This issue can also affect other membership relations. | ||||
|    -> Missing locales on Docker image | ||||
| 
 | ||||
| 
 | ||||
| 17.03.2020 7.1 | ||||
|   - PHP 7 required | ||||
|   - WebAuthn/FIDO2 support for 2-factor-authentication (requires PHP 7.2) | ||||
|   - IMAP: changed library to support latest TLS versions | ||||
|   - Personal: support display name (hidden by default in server profile) | ||||
|   - Windows users: support allowed workstations, more profile options | ||||
|   - Reactivated Polish translation | ||||
|   - LAM Pro: | ||||
|    -> PPolicy: support for password check module | ||||
|    -> Windows AD LDS support (users and groups) | ||||
|    -> User self registration: support Active Directory/Samba4 | ||||
| 
 | ||||
| 
 | ||||
| 21.12.2019 7.0 | ||||
|   - Lamdaemon can be configured with directory prefix for homedirs | ||||
|   - Account list filters match on substrings instead of whole value | ||||
|   - YubiKey: support to configure multiple verification servers | ||||
|   - Windows hosts: added last password change and last login | ||||
|   - Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish | ||||
|     Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included). | ||||
|   - Docker updates | ||||
|   - Fixed bugs: | ||||
|    -> Missing CSS for Duo | ||||
|    -> Editing of DNs with comma on Windows (210) | ||||
| 
 | ||||
| 
 | ||||
| 29.09.2019 6.9 | ||||
|   - Group account types can show member+owner count in list view | ||||
|   - 2-factor authentication: | ||||
|    -> Duo support | ||||
|    -> user name attribute for privacyIDEA can be specified | ||||
|   - LAM Pro: | ||||
|    -> New self service settings for login and main page footer | ||||
|    -> Custom fields: custom labels for LDAP search select list | ||||
|   - Fixed bugs: | ||||
|    -> Configuration issue with Unix user/host module (206) | ||||
| 
 | ||||
| 
 | ||||
| 02.07.2019 6.8 | ||||
|   - Parallel editing of multiple entries in different browser tabs supported | ||||
|   - LAM supports the progressive web app standard which allows to install LAM as an icon on home screen | ||||
|   - Windows: added home drive and force password change to profile editor | ||||
|   - Unix: password management can be disabled in module settings | ||||
|   - LAM Pro: | ||||
|    -> Bind DLZ: entry table can show record data (use special attribute "#records" in server profile) | ||||
|    -> Self service: support legacy attribute "email" for password self reset and user self registration | ||||
|   - Fixed bugs: | ||||
|    -> Users: No drop-down filter box for account status (200) | ||||
|    -> Custom fields: Account type "Groups" not saving/deleting fields (66) | ||||
| 
 | ||||
| 
 | ||||
| 25.03.2019 6.7 | ||||
|   - Added YubiKey as 2-factor authentication provider | ||||
|   - Support logging to remote syslog server | ||||
|   - PHP 7.3 support | ||||
|   - LAM Pro: | ||||
|    -> Allow to mark text and text area fields as required | ||||
|    -> New self service fields: | ||||
|     -> Mail routing | ||||
|     -> Windows proxy addresses + mail alias | ||||
|     -> Shadow account expiration date | ||||
|     -> Unix and group of names memberships | ||||
|    -> Base URL for emails in self service can be configured in self service profile | ||||
|    -> Bind DLZ: support DNAME+XFR records and descriptions in records (requires latest LDAP schema) | ||||
|    -> Cron jobs: added Shadow account expiration notification job | ||||
|   - Fixed bugs: | ||||
|    -> Allow tree-only configurations without any other tab | ||||
| 
 | ||||
| 
 | ||||
| 28.12.2018 6.6 | ||||
|   - New import/export in tools menu | ||||
|   - YubiKey support | ||||
|   - Windows users: | ||||
|     -> Manage "departmentNumber" (needs to be activated via LAM server profile) | ||||
|     -> Sync group memberships from Unix and group of names | ||||
|   - LAM Pro: | ||||
|     -> Easy setting of background color in self service profile | ||||
|     -> Cron jobs: added Windows/Qmail/FreeRadius account expiration notification jobs | ||||
|     -> Bind DLZ: usability improvements and small fixes | ||||
| 
 | ||||
| 
 | ||||
| 25.09.2018 6.5 | ||||
|   - Password change possible via LDAP EXOP operation (set LDAP_EXOP as password hash, requires PHP 7.2) | ||||
|   - Support Imagick and GD | ||||
|   - Dropped support for Apache 2.2 | ||||
|   - Upload: allow to overwrite existing accounts | ||||
|   - Personal: photos can be printed in PDF export | ||||
|   - Kolab updates | ||||
|   - LAM Pro: | ||||
|    -> Auto deletion of entries with dynamic directory services support (requires PHP 7.2) | ||||
|   - Fixed bugs: | ||||
|    -> Issue when changing key case of uid (#197) | ||||
| 
 | ||||
| 
 | ||||
| 20.06.2018 6.4 | ||||
|   - Imagick PHP extension required | ||||
|   - Passwords can be checked against external service (e.g. https://api.pwnedpasswords.com/range) | ||||
|   - Personal/Windows: image cropping support | ||||
|   - Better filtering of account lists | ||||
|   - Unix: Unix and group of names memberships can be synced in group selection | ||||
|   - Unix: Unix, Windows and group of names memberships can be synced in group selection | ||||
|   - IMAP: create mailbox via file upload | ||||
|   - PHP 7.2 support | ||||
|   - Support for "," in DN | ||||
|  | @ -12,6 +130,7 @@ June 2018 6.4 | |||
|   - Fixed bugs: | ||||
|    -> Error on password reset page when custom fields is used (194) | ||||
| 
 | ||||
| 
 | ||||
| 19.03.2018 6.3 | ||||
|   - Server profile: added option if referential integrity overlay is active to skip cleanup actions | ||||
|   - Unix: several options are now specific to subaccount types (reconfiguration required!) | ||||
|  | @ -219,7 +338,7 @@ June 2018 6.4 | |||
|   - LAM Pro: | ||||
|    -> Password self reset and user self registration support to set a header text | ||||
|    -> Sudo roles: support latest schema | ||||
|    -> Bind DLZ: automatic PTR management (disabled by default) and better formating of e.g. TTL values | ||||
|    -> Bind DLZ: automatic PTR management (disabled by default) and better formatting of e.g. TTL values | ||||
| 
 | ||||
| 
 | ||||
| 18.03.2014 4.5 | ||||
|  | @ -411,7 +530,7 @@ June 2018 6.4 | |||
|    -> support to read user name from uid attribute | ||||
|    -> added quota management | ||||
|   - Personal: added additional options for account profiles | ||||
|   - Mail aliases: sort receipients (RFE 3170336) | ||||
|   - Mail aliases: sort recipients (RFE 3170336) | ||||
|   - Asterisk: support all attributes (can be disabled in configuration) | ||||
|   - Samba 3/Shadow: allow to sync expiration date (RFE 3147751) | ||||
|   - LAM Pro: | ||||
|  | @ -538,7 +657,7 @@ June 2018 6.4 | |||
| 21.01.2009 2.5.0 | ||||
|   - LAM Pro: | ||||
|    -> supports rfc2307bis schema for Unix groups (RFE 2111694) | ||||
|    -> added alias manangement (object classes alias + uidObject) (RFE 1912779) | ||||
|    -> added alias management (object classes alias + uidObject) (RFE 1912779) | ||||
|   - Shadow: module is now optional when creating new accounts | ||||
|   - Kolab: | ||||
|    -> account extension is now optional | ||||
|  | @ -727,7 +846,7 @@ June 2018 6.4 | |||
|    - security: LAM checks the session id and client IP | ||||
|    - fixed bugs: | ||||
|     -> Samba 3: hash values were wrong in some rare cases (1440021) | ||||
|     -> Samba 3: readded time zone selection for logon hours (1407761) | ||||
|     -> Samba 3: re-added time zone selection for logon hours (1407761) | ||||
|     -> Unix: call of unknown function (1450464) | ||||
| 
 | ||||
| 
 | ||||
|  | @ -864,7 +983,7 @@ June 2018 6.4 | |||
|    -> dynamic configuration options (based on modules) | ||||
|   - all pages in UTF-8 | ||||
|   - added developer documentation | ||||
|   - PHPDoc formated comments | ||||
|   - PHPDoc formatted comments | ||||
|   - new plugin for managing MAC addresses (RFE 926017) | ||||
|   - new plugin for managing NIS mail aliases (RFE 1050036) | ||||
|   - new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137) | ||||
|  | @ -926,7 +1045,7 @@ June 2018 6.4 | |||
|       if magic_quotes_gpc in php.ini is was set to "Off", several pages did not work | ||||
|       some smaller bugs in mass upload | ||||
|       Samba hash values for hosts were not correct | ||||
|       Unix passwords could be disabled but not reenabled | ||||
|       Unix passwords could be disabled but not re-enabled | ||||
|       fixed problem with eval() in status.inc (894433) | ||||
| 
 | ||||
| 
 | ||||
|  | @ -949,7 +1068,7 @@ June 2018 6.4 | |||
|   - better error handling at login | ||||
|   - support spaces in DNs | ||||
|   - PDF text for users | ||||
|   - create missing OUs recursivly | ||||
|   - create missing OUs recursively | ||||
|   - fixed bugs: | ||||
|       SMD5 passwords were wrong | ||||
|       primaryGroupSID wrong if SID has no relation to Algorithmic RID Base | ||||
|  |  | |||
|  | @ -3,19 +3,16 @@ LAM - Readme | |||
| ============ | ||||
| 
 | ||||
|   LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP | ||||
|   directory. LAM runs on any webserver with PHP5 support and connects to your | ||||
|   directory. LAM runs on any webserver with PHP7 support and connects to your | ||||
|   LDAP server unencrypted or via SSL/TLS. | ||||
|   Currently LAM supports these account types: Samba 3/4, Unix, Kolab 2, | ||||
|   Currently LAM supports these account types: Samba 3/4, Unix, Kolab, | ||||
|   address book entries, NIS mail aliases and MAC addresses. There is a tree | ||||
|   viewer included to allow access to the raw LDAP attributes. You can use | ||||
|   templates for account creation and use multiple configuration profiles. | ||||
|   LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech, | ||||
|   Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, | ||||
|   Portuguese, Russian, Slovak, Spanish, Turkish and Ukrainian. | ||||
| 
 | ||||
|   https://www.ldap-account-manager.org/ | ||||
| 
 | ||||
|     Copyright (C) 2003 - 2018 Roland Gruber <post@rolandgruber.de> | ||||
|     Copyright (C) 2003 - 2020 Roland Gruber <post@rolandgruber.de> | ||||
| 
 | ||||
|   Installation and documentation: | ||||
|     Please see the LAM manual in docs/manual/index.html. | ||||
|  |  | |||
|  | @ -1 +1 @@ | |||
| 6.4.RC1 | ||||
| 7.3.RC1 | ||||
|  |  | |||
|  | @ -0,0 +1,3 @@ | |||
| #!/bin/bash | ||||
| 
 | ||||
| ~/.local/bin/codespell --skip '*3rdParty*,*/ckeditor/*,*/po/*,*/locale/*,tmp,sess,config,graphics,*/style/images/*,*/style/*.gif,*/style/*.png,*/docs/manual-onePage/*,*/docs/manual-sources/images/*,*/templates/lib/*jquery*,*~,*/docs/phpdoc/*,*/docs/manual/*,*/docs/devel/images/*,*/docs/manual-pdf/*,*.sh,*/cropper.js,*/lib/extra/duo/*' --ignore-words-list "tim,te,pres,files'" | ||||
|  | @ -0,0 +1,18 @@ | |||
| { | ||||
|   "config": { | ||||
|     "vendor-dir": "lib/3rdParty/composer" | ||||
|   }, | ||||
|   "repositories": [ | ||||
|     { | ||||
|       "type": "pear", | ||||
|       "url": "https://pear.horde.org" | ||||
|     } | ||||
|   ], | ||||
|   "require" : { | ||||
|     "web-auth/webauthn-lib" : "2.1.7", | ||||
|     "symfony/http-foundation" : "5.0.7", | ||||
|     "symfony/psr-http-message-bridge" : "1.3.0", | ||||
|     "pear-pear.horde.org/Horde_Imap_Client" : "2.30.1", | ||||
|     "phpmailer/phpmailer": "~6.1" | ||||
|   } | ||||
| } | ||||
|  | @ -3,3 +3,4 @@ config.cfg | |||
| /serverCerts.pem | ||||
| /pdf/ | ||||
| /profiles/ | ||||
| *.sqlite | ||||
|  | @ -1,9 +1,3 @@ | |||
| <Files *> | ||||
|   <IfModule !mod_authz_core.c> | ||||
|     Order allow,deny | ||||
|     Deny from all | ||||
|   </IfModule> | ||||
|   <IfModule mod_authz_core.c> | ||||
|   Require all denied | ||||
|   </IfModule> | ||||
| </Files> | ||||
|  |  | |||
|  | @ -6,10 +6,10 @@ | |||
| # the second is the character encoding and the third the language name. | ||||
| 
 | ||||
| # Catalan | ||||
| ca_ES.utf8:UTF-8:Català (Catalunya) | ||||
| # ca_ES.utf8:UTF-8:Català (Catalunya) | ||||
| 
 | ||||
| # Czech | ||||
| cs_CZ.utf8:UTF-8:Čeština (Česko) | ||||
| # cs_CZ.utf8:UTF-8:Čeština (Česko) | ||||
| 
 | ||||
| # German | ||||
| de_DE.utf8:UTF-8:Deutsch (Deutschland) | ||||
|  | @ -30,7 +30,7 @@ fr_FR.utf8:UTF-8:Français (France) | |||
| it_IT.utf8:UTF-8:Italiano (Italia) | ||||
| 
 | ||||
| # Hungarian | ||||
| hu_HU.utf8:UTF-8:Magyar (Magyarország) | ||||
| # hu_HU.utf8:UTF-8:Magyar (Magyarország) | ||||
| 
 | ||||
| # Dutch | ||||
| nl_NL.utf8:UTF-8:Nederlands (Nederland) | ||||
|  | @ -48,7 +48,7 @@ ru_RU.utf8:UTF-8:Русский (Россия) | |||
| sk_SK.utf8:UTF-8:Slovenčina (Slovensko) | ||||
| 
 | ||||
| # Turkish | ||||
| tr_TR.utf8:UTF-8:Türkçe (Türkiye) | ||||
| # tr_TR.utf8:UTF-8:Türkçe (Türkiye) | ||||
| 
 | ||||
| # Ukrainian | ||||
| uk_UA.utf8:UTF-8:Українська (Україна) | ||||
|  |  | |||
							
								
								
									
										793
									
								
								lam/copyright
								
								
								
								
							
							
						
						|  | @ -1,4 +1,4 @@ | |||
| This software is copyright (c) 2003 - 2018 by Roland Gruber | ||||
| This software is copyright (c) 2003 - 2020 by Roland Gruber | ||||
| 
 | ||||
| If you purchased a copy of LDAP Account Manager Pro then the following | ||||
| files are licensed under the conditions which you accepted at purchase | ||||
|  | @ -19,6 +19,7 @@ time. | |||
| * lib/modules/customFields.inc | ||||
| * lib/modules/customScripts.inc | ||||
| * lib/modules/device.inc | ||||
| * lib/modules/autoDelete.inc | ||||
| * lib/modules/dynamicList.inc | ||||
| * lib/modules/groupOfNames.inc | ||||
| * lib/modules/groupOfNamesUser.inc | ||||
|  | @ -85,7 +86,6 @@ The complete license can be found in the file COPYING. | |||
| Some parts of this package have other, compatible licences. These are: | ||||
| 
 | ||||
| A: | ||||
| 
 | ||||
|   DejaVu Fonts — License | ||||
| 
 | ||||
|   Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation | ||||
|  | @ -176,7 +176,9 @@ A: | |||
|   Software without prior written authorization from Tavmjong Bah. For further | ||||
|   information, contact: tavmjong @ free . fr. | ||||
| 
 | ||||
| 
 | ||||
| B: | ||||
|    MIT License | ||||
| 
 | ||||
|    Permission is hereby granted, free of charge, to any person obtaining | ||||
|    a copy of this software and associated documentation files (the | ||||
|  | @ -198,17 +200,792 @@ B: | |||
|    WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||||
| 
 | ||||
| 
 | ||||
| C: | ||||
|    New BSD License | ||||
| 
 | ||||
|    Redistribution and use in source and binary forms, with or without modification, | ||||
|    are permitted provided that the following conditions are met: | ||||
| 
 | ||||
|    1. Redistributions of source code must retain the above copyright notice, this list | ||||
|    of conditions and the following disclaimer. | ||||
| 
 | ||||
|    2. Redistributions in binary form must reproduce the above copyright notice, this | ||||
|    list of conditions and the following disclaimer in the documentation and/or other | ||||
|    materials provided with the distribution. | ||||
| 
 | ||||
|    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | ||||
|    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||||
|    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||||
|    IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | ||||
|    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | ||||
|    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||||
|    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE | ||||
|    OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||||
|    OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| 
 | ||||
| 
 | ||||
| D: | ||||
|                    GNU LESSER GENERAL PUBLIC LICENSE | ||||
|                        Version 3, 29 June 2007 | ||||
| 
 | ||||
|    Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> | ||||
|    Everyone is permitted to copy and distribute verbatim copies | ||||
|    of this license document, but changing it is not allowed. | ||||
| 
 | ||||
| 
 | ||||
|    This version of the GNU Lesser General Public License incorporates | ||||
|    the terms and conditions of version 3 of the GNU General Public | ||||
|    License, supplemented by the additional permissions listed below. | ||||
| 
 | ||||
|    0. Additional Definitions. | ||||
| 
 | ||||
|    As used herein, "this License" refers to version 3 of the GNU Lesser | ||||
|    General Public License, and the "GNU GPL" refers to version 3 of the GNU | ||||
|    General Public License. | ||||
| 
 | ||||
|    "The Library" refers to a covered work governed by this License, | ||||
|    other than an Application or a Combined Work as defined below. | ||||
| 
 | ||||
|    An "Application" is any work that makes use of an interface provided | ||||
|    by the Library, but which is not otherwise based on the Library. | ||||
|    Defining a subclass of a class defined by the Library is deemed a mode | ||||
|    of using an interface provided by the Library. | ||||
| 
 | ||||
|    A "Combined Work" is a work produced by combining or linking an | ||||
|    Application with the Library.  The particular version of the Library | ||||
|    with which the Combined Work was made is also called the "Linked | ||||
|    Version". | ||||
| 
 | ||||
|    The "Minimal Corresponding Source" for a Combined Work means the | ||||
|    Corresponding Source for the Combined Work, excluding any source code | ||||
|    for portions of the Combined Work that, considered in isolation, are | ||||
|    based on the Application, and not on the Linked Version. | ||||
| 
 | ||||
|    The "Corresponding Application Code" for a Combined Work means the | ||||
|    object code and/or source code for the Application, including any data | ||||
|    and utility programs needed for reproducing the Combined Work from the | ||||
|    Application, but excluding the System Libraries of the Combined Work. | ||||
| 
 | ||||
|    1. Exception to Section 3 of the GNU GPL. | ||||
| 
 | ||||
|    You may convey a covered work under sections 3 and 4 of this License | ||||
|    without being bound by section 3 of the GNU GPL. | ||||
| 
 | ||||
|    2. Conveying Modified Versions. | ||||
| 
 | ||||
|    If you modify a copy of the Library, and, in your modifications, a | ||||
|    facility refers to a function or data to be supplied by an Application | ||||
|    that uses the facility (other than as an argument passed when the | ||||
|    facility is invoked), then you may convey a copy of the modified | ||||
|    version: | ||||
| 
 | ||||
|    a) under this License, provided that you make a good faith effort to | ||||
|    ensure that, in the event an Application does not supply the | ||||
|    function or data, the facility still operates, and performs | ||||
|    whatever part of its purpose remains meaningful, or | ||||
| 
 | ||||
|    b) under the GNU GPL, with none of the additional permissions of | ||||
|    this License applicable to that copy. | ||||
| 
 | ||||
|    3. Object Code Incorporating Material from Library Header Files. | ||||
| 
 | ||||
|    The object code form of an Application may incorporate material from | ||||
|    a header file that is part of the Library.  You may convey such object | ||||
|    code under terms of your choice, provided that, if the incorporated | ||||
|    material is not limited to numerical parameters, data structure | ||||
|    layouts and accessors, or small macros, inline functions and templates | ||||
|    (ten or fewer lines in length), you do both of the following: | ||||
| 
 | ||||
|    a) Give prominent notice with each copy of the object code that the | ||||
|    Library is used in it and that the Library and its use are | ||||
|    covered by this License. | ||||
| 
 | ||||
|    b) Accompany the object code with a copy of the GNU GPL and this license | ||||
|    document. | ||||
| 
 | ||||
|    4. Combined Works. | ||||
| 
 | ||||
|    You may convey a Combined Work under terms of your choice that, | ||||
|    taken together, effectively do not restrict modification of the | ||||
|    portions of the Library contained in the Combined Work and reverse | ||||
|    engineering for debugging such modifications, if you also do each of | ||||
|    the following: | ||||
| 
 | ||||
|    a) Give prominent notice with each copy of the Combined Work that | ||||
|    the Library is used in it and that the Library and its use are | ||||
|    covered by this License. | ||||
| 
 | ||||
|    b) Accompany the Combined Work with a copy of the GNU GPL and this license | ||||
|    document. | ||||
| 
 | ||||
|    c) For a Combined Work that displays copyright notices during | ||||
|    execution, include the copyright notice for the Library among | ||||
|    these notices, as well as a reference directing the user to the | ||||
|    copies of the GNU GPL and this license document. | ||||
| 
 | ||||
|    d) Do one of the following: | ||||
| 
 | ||||
|        0) Convey the Minimal Corresponding Source under the terms of this | ||||
|        License, and the Corresponding Application Code in a form | ||||
|        suitable for, and under terms that permit, the user to | ||||
|        recombine or relink the Application with a modified version of | ||||
|        the Linked Version to produce a modified Combined Work, in the | ||||
|        manner specified by section 6 of the GNU GPL for conveying | ||||
|        Corresponding Source. | ||||
| 
 | ||||
|        1) Use a suitable shared library mechanism for linking with the | ||||
|        Library.  A suitable mechanism is one that (a) uses at run time | ||||
|        a copy of the Library already present on the user's computer | ||||
|        system, and (b) will operate properly with a modified version | ||||
|        of the Library that is interface-compatible with the Linked | ||||
|        Version. | ||||
| 
 | ||||
|    e) Provide Installation Information, but only if you would otherwise | ||||
|    be required to provide such information under section 6 of the | ||||
|    GNU GPL, and only to the extent that such information is | ||||
|    necessary to install and execute a modified version of the | ||||
|    Combined Work produced by recombining or relinking the | ||||
|    Application with a modified version of the Linked Version. (If | ||||
|    you use option 4d0, the Installation Information must accompany | ||||
|    the Minimal Corresponding Source and Corresponding Application | ||||
|    Code. If you use option 4d1, you must provide the Installation | ||||
|    Information in the manner specified by section 6 of the GNU GPL | ||||
|    for conveying Corresponding Source.) | ||||
| 
 | ||||
|    5. Combined Libraries. | ||||
| 
 | ||||
|    You may place library facilities that are a work based on the | ||||
|    Library side by side in a single library together with other library | ||||
|    facilities that are not Applications and are not covered by this | ||||
|    License, and convey such a combined library under terms of your | ||||
|    choice, if you do both of the following: | ||||
| 
 | ||||
|    a) Accompany the combined library with a copy of the same work based | ||||
|    on the Library, uncombined with any other library facilities, | ||||
|    conveyed under the terms of this License. | ||||
| 
 | ||||
|    b) Give prominent notice with the combined library that part of it | ||||
|    is a work based on the Library, and explaining where to find the | ||||
|    accompanying uncombined form of the same work. | ||||
| 
 | ||||
|    6. Revised Versions of the GNU Lesser General Public License. | ||||
| 
 | ||||
|    The Free Software Foundation may publish revised and/or new versions | ||||
|    of the GNU Lesser General Public License from time to time. Such new | ||||
|    versions will be similar in spirit to the present version, but may | ||||
|    differ in detail to address new problems or concerns. | ||||
| 
 | ||||
|    Each version is given a distinguishing version number. If the | ||||
|    Library as you received it specifies that a certain numbered version | ||||
|    of the GNU Lesser General Public License "or any later version" | ||||
|    applies to it, you have the option of following the terms and | ||||
|    conditions either of that published version or of any later version | ||||
|    published by the Free Software Foundation. If the Library as you | ||||
|    received it does not specify a version number of the GNU Lesser | ||||
|    General Public License, you may choose any version of the GNU Lesser | ||||
|    General Public License ever published by the Free Software Foundation. | ||||
| 
 | ||||
|    If the Library as you received it specifies that a proxy can decide | ||||
|    whether future versions of the GNU Lesser General Public License shall | ||||
|    apply, that proxy's public statement of acceptance of any version is | ||||
|    permanent authorization for you to choose that version for the | ||||
|    Library. | ||||
| 
 | ||||
| 
 | ||||
| E: | ||||
|   Duo | ||||
| 
 | ||||
|   Redistribution and use in source and binary forms, with or without | ||||
|   modification, are permitted provided that the following conditions | ||||
|   are met: | ||||
| 
 | ||||
|   1. Redistributions of source code must retain the above copyright | ||||
|      notice, this list of conditions and the following disclaimer. | ||||
|   2. Redistributions in binary form must reproduce the above copyright | ||||
|      notice, this list of conditions and the following disclaimer in the | ||||
|      documentation and/or other materials provided with the distribution. | ||||
|   3. The name of the author may not be used to endorse or promote products | ||||
|      derived from this software without specific prior written permission. | ||||
| 
 | ||||
|   THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||||
|   IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||||
|   OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||||
|   IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||||
|   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||||
|   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||||
|   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||||
|   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||||
|   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||||
|   THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| 
 | ||||
| 
 | ||||
| F:   | ||||
|   3-Clause BSD License | ||||
| 
 | ||||
|   Redistribution and use in source and binary forms, with or without | ||||
|   modification, are permitted provided that the following conditions | ||||
|   are met: | ||||
| 
 | ||||
|   1. Redistributions of source code must retain the above copyright | ||||
|      notice, this list of conditions and the following disclaimer. | ||||
|   2. Redistributions in binary form must reproduce the above copyright | ||||
|      notice, this list of conditions and the following disclaimer in the | ||||
|      documentation and/or other materials provided with the distribution. | ||||
|   3. Neither the name of the copyright holder nor the names of its | ||||
|      contributors may be used to endorse or promote products derived from | ||||
|      this software without specific prior written permission. | ||||
| 
 | ||||
|   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS | ||||
|   IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, | ||||
|   THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||||
|   PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR | ||||
|   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| 
 | ||||
| 
 | ||||
| G: | ||||
|   2-Clause BSD License | ||||
| 
 | ||||
|   Redistribution and use in source and binary forms, with or without modification, | ||||
|   are permitted provided that the following conditions are met: | ||||
| 
 | ||||
|   1. Redistributions of source code must retain the above copyright notice, | ||||
|      this list of conditions and the following disclaimer. | ||||
| 
 | ||||
|   2. Redistributions in binary form must reproduce the above copyright notice, | ||||
|      this list of conditions and the following disclaimer in the documentation and/or | ||||
|      other materials provided with the distribution. | ||||
| 
 | ||||
|   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | ||||
|   ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||||
|   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||||
|   IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | ||||
|   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | ||||
|   BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, | ||||
|   OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, | ||||
|   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||||
|   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||||
|   POSSIBILITY OF SUCH DAMAGE. | ||||
| 
 | ||||
| 
 | ||||
| H: | ||||
|                   GNU LESSER GENERAL PUBLIC LICENSE | ||||
|                        Version 2.1, February 1999 | ||||
| 
 | ||||
|  Copyright (C) 1991, 1999 Free Software Foundation, Inc. | ||||
|  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA | ||||
|  Everyone is permitted to copy and distribute verbatim copies | ||||
|  of this license document, but changing it is not allowed. | ||||
| 
 | ||||
| [This is the first released version of the Lesser GPL.  It also counts | ||||
|  as the successor of the GNU Library Public License, version 2, hence | ||||
|  the version number 2.1.] | ||||
| 
 | ||||
|                             Preamble | ||||
| 
 | ||||
|   The licenses for most software are designed to take away your | ||||
| freedom to share and change it.  By contrast, the GNU General Public | ||||
| Licenses are intended to guarantee your freedom to share and change | ||||
| free software--to make sure the software is free for all its users. | ||||
| 
 | ||||
|   This license, the Lesser General Public License, applies to some | ||||
| specially designated software packages--typically libraries--of the | ||||
| Free Software Foundation and other authors who decide to use it.  You | ||||
| can use it too, but we suggest you first think carefully about whether | ||||
| this license or the ordinary General Public License is the better | ||||
| strategy to use in any particular case, based on the explanations below. | ||||
| 
 | ||||
|   When we speak of free software, we are referring to freedom of use, | ||||
| not price.  Our General Public Licenses are designed to make sure that | ||||
| you have the freedom to distribute copies of free software (and charge | ||||
| for this service if you wish); that you receive source code or can get | ||||
| it if you want it; that you can change the software and use pieces of | ||||
| it in new free programs; and that you are informed that you can do | ||||
| these things. | ||||
| 
 | ||||
|   To protect your rights, we need to make restrictions that forbid | ||||
| distributors to deny you these rights or to ask you to surrender these | ||||
| rights.  These restrictions translate to certain responsibilities for | ||||
| you if you distribute copies of the library or if you modify it. | ||||
| 
 | ||||
|   For example, if you distribute copies of the library, whether gratis | ||||
| or for a fee, you must give the recipients all the rights that we gave | ||||
| you.  You must make sure that they, too, receive or can get the source | ||||
| code.  If you link other code with the library, you must provide | ||||
| complete object files to the recipients, so that they can relink them | ||||
| with the library after making changes to the library and recompiling | ||||
| it.  And you must show them these terms so they know their rights. | ||||
| 
 | ||||
|   We protect your rights with a two-step method: (1) we copyright the | ||||
| library, and (2) we offer you this license, which gives you legal | ||||
| permission to copy, distribute and/or modify the library. | ||||
| 
 | ||||
|   To protect each distributor, we want to make it very clear that | ||||
| there is no warranty for the free library.  Also, if the library is | ||||
| modified by someone else and passed on, the recipients should know | ||||
| that what they have is not the original version, so that the original | ||||
| author's reputation will not be affected by problems that might be | ||||
| introduced by others. | ||||
|  | ||||
|   Finally, software patents pose a constant threat to the existence of | ||||
| any free program.  We wish to make sure that a company cannot | ||||
| effectively restrict the users of a free program by obtaining a | ||||
| restrictive license from a patent holder.  Therefore, we insist that | ||||
| any patent license obtained for a version of the library must be | ||||
| consistent with the full freedom of use specified in this license. | ||||
| 
 | ||||
|   Most GNU software, including some libraries, is covered by the | ||||
| ordinary GNU General Public License.  This license, the GNU Lesser | ||||
| General Public License, applies to certain designated libraries, and | ||||
| is quite different from the ordinary General Public License.  We use | ||||
| this license for certain libraries in order to permit linking those | ||||
| libraries into non-free programs. | ||||
| 
 | ||||
|   When a program is linked with a library, whether statically or using | ||||
| a shared library, the combination of the two is legally speaking a | ||||
| combined work, a derivative of the original library.  The ordinary | ||||
| General Public License therefore permits such linking only if the | ||||
| entire combination fits its criteria of freedom.  The Lesser General | ||||
| Public License permits more lax criteria for linking other code with | ||||
| the library. | ||||
| 
 | ||||
|   We call this license the "Lesser" General Public License because it | ||||
| does Less to protect the user's freedom than the ordinary General | ||||
| Public License.  It also provides other free software developers Less | ||||
| of an advantage over competing non-free programs.  These disadvantages | ||||
| are the reason we use the ordinary General Public License for many | ||||
| libraries.  However, the Lesser license provides advantages in certain | ||||
| special circumstances. | ||||
| 
 | ||||
|   For example, on rare occasions, there may be a special need to | ||||
| encourage the widest possible use of a certain library, so that it becomes | ||||
| a de-facto standard.  To achieve this, non-free programs must be | ||||
| allowed to use the library.  A more frequent case is that a free | ||||
| library does the same job as widely used non-free libraries.  In this | ||||
| case, there is little to gain by limiting the free library to free | ||||
| software only, so we use the Lesser General Public License. | ||||
| 
 | ||||
|   In other cases, permission to use a particular library in non-free | ||||
| programs enables a greater number of people to use a large body of | ||||
| free software.  For example, permission to use the GNU C Library in | ||||
| non-free programs enables many more people to use the whole GNU | ||||
| operating system, as well as its variant, the GNU/Linux operating | ||||
| system. | ||||
| 
 | ||||
|   Although the Lesser General Public License is Less protective of the | ||||
| users' freedom, it does ensure that the user of a program that is | ||||
| linked with the Library has the freedom and the wherewithal to run | ||||
| that program using a modified version of the Library. | ||||
| 
 | ||||
|   The precise terms and conditions for copying, distribution and | ||||
| modification follow.  Pay close attention to the difference between a | ||||
| "work based on the library" and a "work that uses the library".  The | ||||
| former contains code derived from the library, whereas the latter must | ||||
| be combined with the library in order to run. | ||||
|  | ||||
|                   GNU LESSER GENERAL PUBLIC LICENSE | ||||
|    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION | ||||
| 
 | ||||
|   0. This License Agreement applies to any software library or other | ||||
| program which contains a notice placed by the copyright holder or | ||||
| other authorized party saying it may be distributed under the terms of | ||||
| this Lesser General Public License (also called "this License"). | ||||
| Each licensee is addressed as "you". | ||||
| 
 | ||||
|   A "library" means a collection of software functions and/or data | ||||
| prepared so as to be conveniently linked with application programs | ||||
| (which use some of those functions and data) to form executables. | ||||
| 
 | ||||
|   The "Library", below, refers to any such software library or work | ||||
| which has been distributed under these terms.  A "work based on the | ||||
| Library" means either the Library or any derivative work under | ||||
| copyright law: that is to say, a work containing the Library or a | ||||
| portion of it, either verbatim or with modifications and/or translated | ||||
| straightforwardly into another language.  (Hereinafter, translation is | ||||
| included without limitation in the term "modification".) | ||||
| 
 | ||||
|   "Source code" for a work means the preferred form of the work for | ||||
| making modifications to it.  For a library, complete source code means | ||||
| all the source code for all modules it contains, plus any associated | ||||
| interface definition files, plus the scripts used to control compilation | ||||
| and installation of the library. | ||||
| 
 | ||||
|   Activities other than copying, distribution and modification are not | ||||
| covered by this License; they are outside its scope.  The act of | ||||
| running a program using the Library is not restricted, and output from | ||||
| such a program is covered only if its contents constitute a work based | ||||
| on the Library (independent of the use of the Library in a tool for | ||||
| writing it).  Whether that is true depends on what the Library does | ||||
| and what the program that uses the Library does. | ||||
| 
 | ||||
|   1. You may copy and distribute verbatim copies of the Library's | ||||
| complete source code as you receive it, in any medium, provided that | ||||
| you conspicuously and appropriately publish on each copy an | ||||
| appropriate copyright notice and disclaimer of warranty; keep intact | ||||
| all the notices that refer to this License and to the absence of any | ||||
| warranty; and distribute a copy of this License along with the | ||||
| Library. | ||||
| 
 | ||||
|   You may charge a fee for the physical act of transferring a copy, | ||||
| and you may at your option offer warranty protection in exchange for a | ||||
| fee. | ||||
|  | ||||
|   2. You may modify your copy or copies of the Library or any portion | ||||
| of it, thus forming a work based on the Library, and copy and | ||||
| distribute such modifications or work under the terms of Section 1 | ||||
| above, provided that you also meet all of these conditions: | ||||
| 
 | ||||
|     a) The modified work must itself be a software library. | ||||
| 
 | ||||
|     b) You must cause the files modified to carry prominent notices | ||||
|     stating that you changed the files and the date of any change. | ||||
| 
 | ||||
|     c) You must cause the whole of the work to be licensed at no | ||||
|     charge to all third parties under the terms of this License. | ||||
| 
 | ||||
|     d) If a facility in the modified Library refers to a function or a | ||||
|     table of data to be supplied by an application program that uses | ||||
|     the facility, other than as an argument passed when the facility | ||||
|     is invoked, then you must make a good faith effort to ensure that, | ||||
|     in the event an application does not supply such function or | ||||
|     table, the facility still operates, and performs whatever part of | ||||
|     its purpose remains meaningful. | ||||
| 
 | ||||
|     (For example, a function in a library to compute square roots has | ||||
|     a purpose that is entirely well-defined independent of the | ||||
|     application.  Therefore, Subsection 2d requires that any | ||||
|     application-supplied function or table used by this function must | ||||
|     be optional: if the application does not supply it, the square | ||||
|     root function must still compute square roots.) | ||||
| 
 | ||||
| These requirements apply to the modified work as a whole.  If | ||||
| identifiable sections of that work are not derived from the Library, | ||||
| and can be reasonably considered independent and separate works in | ||||
| themselves, then this License, and its terms, do not apply to those | ||||
| sections when you distribute them as separate works.  But when you | ||||
| distribute the same sections as part of a whole which is a work based | ||||
| on the Library, the distribution of the whole must be on the terms of | ||||
| this License, whose permissions for other licensees extend to the | ||||
| entire whole, and thus to each and every part regardless of who wrote | ||||
| it. | ||||
| 
 | ||||
| Thus, it is not the intent of this section to claim rights or contest | ||||
| your rights to work written entirely by you; rather, the intent is to | ||||
| exercise the right to control the distribution of derivative or | ||||
| collective works based on the Library. | ||||
| 
 | ||||
| In addition, mere aggregation of another work not based on the Library | ||||
| with the Library (or with a work based on the Library) on a volume of | ||||
| a storage or distribution medium does not bring the other work under | ||||
| the scope of this License. | ||||
| 
 | ||||
|   3. You may opt to apply the terms of the ordinary GNU General Public | ||||
| License instead of this License to a given copy of the Library.  To do | ||||
| this, you must alter all the notices that refer to this License, so | ||||
| that they refer to the ordinary GNU General Public License, version 2, | ||||
| instead of to this License.  (If a newer version than version 2 of the | ||||
| ordinary GNU General Public License has appeared, then you can specify | ||||
| that version instead if you wish.)  Do not make any other change in | ||||
| these notices. | ||||
|  | ||||
|   Once this change is made in a given copy, it is irreversible for | ||||
| that copy, so the ordinary GNU General Public License applies to all | ||||
| subsequent copies and derivative works made from that copy. | ||||
| 
 | ||||
|   This option is useful when you wish to copy part of the code of | ||||
| the Library into a program that is not a library. | ||||
| 
 | ||||
|   4. You may copy and distribute the Library (or a portion or | ||||
| derivative of it, under Section 2) in object code or executable form | ||||
| under the terms of Sections 1 and 2 above provided that you accompany | ||||
| it with the complete corresponding machine-readable source code, which | ||||
| must be distributed under the terms of Sections 1 and 2 above on a | ||||
| medium customarily used for software interchange. | ||||
| 
 | ||||
|   If distribution of object code is made by offering access to copy | ||||
| from a designated place, then offering equivalent access to copy the | ||||
| source code from the same place satisfies the requirement to | ||||
| distribute the source code, even though third parties are not | ||||
| compelled to copy the source along with the object code. | ||||
| 
 | ||||
|   5. A program that contains no derivative of any portion of the | ||||
| Library, but is designed to work with the Library by being compiled or | ||||
| linked with it, is called a "work that uses the Library".  Such a | ||||
| work, in isolation, is not a derivative work of the Library, and | ||||
| therefore falls outside the scope of this License. | ||||
| 
 | ||||
|   However, linking a "work that uses the Library" with the Library | ||||
| creates an executable that is a derivative of the Library (because it | ||||
| contains portions of the Library), rather than a "work that uses the | ||||
| library".  The executable is therefore covered by this License. | ||||
| Section 6 states terms for distribution of such executables. | ||||
| 
 | ||||
|   When a "work that uses the Library" uses material from a header file | ||||
| that is part of the Library, the object code for the work may be a | ||||
| derivative work of the Library even though the source code is not. | ||||
| Whether this is true is especially significant if the work can be | ||||
| linked without the Library, or if the work is itself a library.  The | ||||
| threshold for this to be true is not precisely defined by law. | ||||
| 
 | ||||
|   If such an object file uses only numerical parameters, data | ||||
| structure layouts and accessors, and small macros and small inline | ||||
| functions (ten lines or less in length), then the use of the object | ||||
| file is unrestricted, regardless of whether it is legally a derivative | ||||
| work.  (Executables containing this object code plus portions of the | ||||
| Library will still fall under Section 6.) | ||||
| 
 | ||||
|   Otherwise, if the work is a derivative of the Library, you may | ||||
| distribute the object code for the work under the terms of Section 6. | ||||
| Any executables containing that work also fall under Section 6, | ||||
| whether or not they are linked directly with the Library itself. | ||||
|  | ||||
|   6. As an exception to the Sections above, you may also combine or | ||||
| link a "work that uses the Library" with the Library to produce a | ||||
| work containing portions of the Library, and distribute that work | ||||
| under terms of your choice, provided that the terms permit | ||||
| modification of the work for the customer's own use and reverse | ||||
| engineering for debugging such modifications. | ||||
| 
 | ||||
|   You must give prominent notice with each copy of the work that the | ||||
| Library is used in it and that the Library and its use are covered by | ||||
| this License.  You must supply a copy of this License.  If the work | ||||
| during execution displays copyright notices, you must include the | ||||
| copyright notice for the Library among them, as well as a reference | ||||
| directing the user to the copy of this License.  Also, you must do one | ||||
| of these things: | ||||
| 
 | ||||
|     a) Accompany the work with the complete corresponding | ||||
|     machine-readable source code for the Library including whatever | ||||
|     changes were used in the work (which must be distributed under | ||||
|     Sections 1 and 2 above); and, if the work is an executable linked | ||||
|     with the Library, with the complete machine-readable "work that | ||||
|     uses the Library", as object code and/or source code, so that the | ||||
|     user can modify the Library and then relink to produce a modified | ||||
|     executable containing the modified Library.  (It is understood | ||||
|     that the user who changes the contents of definitions files in the | ||||
|     Library will not necessarily be able to recompile the application | ||||
|     to use the modified definitions.) | ||||
| 
 | ||||
|     b) Use a suitable shared library mechanism for linking with the | ||||
|     Library.  A suitable mechanism is one that (1) uses at run time a | ||||
|     copy of the library already present on the user's computer system, | ||||
|     rather than copying library functions into the executable, and (2) | ||||
|     will operate properly with a modified version of the library, if | ||||
|     the user installs one, as long as the modified version is | ||||
|     interface-compatible with the version that the work was made with. | ||||
| 
 | ||||
|     c) Accompany the work with a written offer, valid for at | ||||
|     least three years, to give the same user the materials | ||||
|     specified in Subsection 6a, above, for a charge no more | ||||
|     than the cost of performing this distribution. | ||||
| 
 | ||||
|     d) If distribution of the work is made by offering access to copy | ||||
|     from a designated place, offer equivalent access to copy the above | ||||
|     specified materials from the same place. | ||||
| 
 | ||||
|     e) Verify that the user has already received a copy of these | ||||
|     materials or that you have already sent this user a copy. | ||||
| 
 | ||||
|   For an executable, the required form of the "work that uses the | ||||
| Library" must include any data and utility programs needed for | ||||
| reproducing the executable from it.  However, as a special exception, | ||||
| the materials to be distributed need not include anything that is | ||||
| normally distributed (in either source or binary form) with the major | ||||
| components (compiler, kernel, and so on) of the operating system on | ||||
| which the executable runs, unless that component itself accompanies | ||||
| the executable. | ||||
| 
 | ||||
|   It may happen that this requirement contradicts the license | ||||
| restrictions of other proprietary libraries that do not normally | ||||
| accompany the operating system.  Such a contradiction means you cannot | ||||
| use both them and the Library together in an executable that you | ||||
| distribute. | ||||
|  | ||||
|   7. You may place library facilities that are a work based on the | ||||
| Library side-by-side in a single library together with other library | ||||
| facilities not covered by this License, and distribute such a combined | ||||
| library, provided that the separate distribution of the work based on | ||||
| the Library and of the other library facilities is otherwise | ||||
| permitted, and provided that you do these two things: | ||||
| 
 | ||||
|     a) Accompany the combined library with a copy of the same work | ||||
|     based on the Library, uncombined with any other library | ||||
|     facilities.  This must be distributed under the terms of the | ||||
|     Sections above. | ||||
| 
 | ||||
|     b) Give prominent notice with the combined library of the fact | ||||
|     that part of it is a work based on the Library, and explaining | ||||
|     where to find the accompanying uncombined form of the same work. | ||||
| 
 | ||||
|   8. You may not copy, modify, sublicense, link with, or distribute | ||||
| the Library except as expressly provided under this License.  Any | ||||
| attempt otherwise to copy, modify, sublicense, link with, or | ||||
| distribute the Library is void, and will automatically terminate your | ||||
| rights under this License.  However, parties who have received copies, | ||||
| or rights, from you under this License will not have their licenses | ||||
| terminated so long as such parties remain in full compliance. | ||||
| 
 | ||||
|   9. You are not required to accept this License, since you have not | ||||
| signed it.  However, nothing else grants you permission to modify or | ||||
| distribute the Library or its derivative works.  These actions are | ||||
| prohibited by law if you do not accept this License.  Therefore, by | ||||
| modifying or distributing the Library (or any work based on the | ||||
| Library), you indicate your acceptance of this License to do so, and | ||||
| all its terms and conditions for copying, distributing or modifying | ||||
| the Library or works based on it. | ||||
| 
 | ||||
|   10. Each time you redistribute the Library (or any work based on the | ||||
| Library), the recipient automatically receives a license from the | ||||
| original licensor to copy, distribute, link with or modify the Library | ||||
| subject to these terms and conditions.  You may not impose any further | ||||
| restrictions on the recipients' exercise of the rights granted herein. | ||||
| You are not responsible for enforcing compliance by third parties with | ||||
| this License. | ||||
|  | ||||
|   11. If, as a consequence of a court judgment or allegation of patent | ||||
| infringement or for any other reason (not limited to patent issues), | ||||
| conditions are imposed on you (whether by court order, agreement or | ||||
| otherwise) that contradict the conditions of this License, they do not | ||||
| excuse you from the conditions of this License.  If you cannot | ||||
| distribute so as to satisfy simultaneously your obligations under this | ||||
| License and any other pertinent obligations, then as a consequence you | ||||
| may not distribute the Library at all.  For example, if a patent | ||||
| license would not permit royalty-free redistribution of the Library by | ||||
| all those who receive copies directly or indirectly through you, then | ||||
| the only way you could satisfy both it and this License would be to | ||||
| refrain entirely from distribution of the Library. | ||||
| 
 | ||||
| If any portion of this section is held invalid or unenforceable under any | ||||
| particular circumstance, the balance of the section is intended to apply, | ||||
| and the section as a whole is intended to apply in other circumstances. | ||||
| 
 | ||||
| It is not the purpose of this section to induce you to infringe any | ||||
| patents or other property right claims or to contest validity of any | ||||
| such claims; this section has the sole purpose of protecting the | ||||
| integrity of the free software distribution system which is | ||||
| implemented by public license practices.  Many people have made | ||||
| generous contributions to the wide range of software distributed | ||||
| through that system in reliance on consistent application of that | ||||
| system; it is up to the author/donor to decide if he or she is willing | ||||
| to distribute software through any other system and a licensee cannot | ||||
| impose that choice. | ||||
| 
 | ||||
| This section is intended to make thoroughly clear what is believed to | ||||
| be a consequence of the rest of this License. | ||||
| 
 | ||||
|   12. If the distribution and/or use of the Library is restricted in | ||||
| certain countries either by patents or by copyrighted interfaces, the | ||||
| original copyright holder who places the Library under this License may add | ||||
| an explicit geographical distribution limitation excluding those countries, | ||||
| so that distribution is permitted only in or among countries not thus | ||||
| excluded.  In such case, this License incorporates the limitation as if | ||||
| written in the body of this License. | ||||
| 
 | ||||
|   13. The Free Software Foundation may publish revised and/or new | ||||
| versions of the Lesser General Public License from time to time. | ||||
| Such new versions will be similar in spirit to the present version, | ||||
| but may differ in detail to address new problems or concerns. | ||||
| 
 | ||||
| Each version is given a distinguishing version number.  If the Library | ||||
| specifies a version number of this License which applies to it and | ||||
| "any later version", you have the option of following the terms and | ||||
| conditions either of that version or of any later version published by | ||||
| the Free Software Foundation.  If the Library does not specify a | ||||
| license version number, you may choose any version ever published by | ||||
| the Free Software Foundation. | ||||
|  | ||||
|   14. If you wish to incorporate parts of the Library into other free | ||||
| programs whose distribution conditions are incompatible with these, | ||||
| write to the author to ask for permission.  For software which is | ||||
| copyrighted by the Free Software Foundation, write to the Free | ||||
| Software Foundation; we sometimes make exceptions for this.  Our | ||||
| decision will be guided by the two goals of preserving the free status | ||||
| of all derivatives of our free software and of promoting the sharing | ||||
| and reuse of software generally. | ||||
| 
 | ||||
|                             NO WARRANTY | ||||
| 
 | ||||
|   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO | ||||
| WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. | ||||
| EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR | ||||
| OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY | ||||
| KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE | ||||
| IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||||
| PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE | ||||
| LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME | ||||
| THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. | ||||
| 
 | ||||
|   16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN | ||||
| WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY | ||||
| AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU | ||||
| FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR | ||||
| CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE | ||||
| LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING | ||||
| RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A | ||||
| FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF | ||||
| SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH | ||||
| DAMAGES. | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| Programs and licenses with other licenses and/or authors than the | ||||
| main license and authors: | ||||
| 
 | ||||
| lib/3rdParty/tcpdf/fonts/DejaVu*.ttf        A        Public Domain, Bitstream, Inc., Tavmjong Bah | ||||
| lib/3rdParty/tcpdf/fonts/DejaVu*.z          A        Public Domain, Bitstream, Inc., Tavmjong Bah | ||||
| lib/3rdParty/phpseclib                      B        Jim Wigginton | ||||
| templates/lib/*jquery*.js                   B  2010  John Resig, Paul Bakaus, Fred Heusschen | ||||
| lib/3rdParty/composer/beberlei                                       G  2013  Benjamin Eberlei | ||||
| lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano | ||||
| lib/3rdParty/composer/fgrosse                                        B  2015  Friedrich Große | ||||
| lib/3rdParty/composer/nyholm                                         B  2016  Tobias Nyholm | ||||
| lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Crypt_Blowfish       H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Exception            H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Idna                 G | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Imap_Client          H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_ListHeaders          H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Mail                 G | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Mime                 H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Secret               H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Socket_Client        H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream               H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Filter        H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Wrapper       G | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Support              G | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Text_Flowed          H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Translation          H | ||||
| lib/3rdParty/composer/pear-pear.horde.org/Horde_Util                 H | ||||
| lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team | ||||
| lib/3rdParty/composer/phpmailer                                      H | ||||
| lib/3rdParty/composer/psr                                            B  2018  PHP Framework Interoperability Group | ||||
| lib/3rdParty/composer/ramsey                                         B  2018  Ben Ramsey | ||||
| lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs | ||||
| lib/3rdParty/composer/symfony                                        B  2019  Fabien Potencier | ||||
| lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs | ||||
| lib/3rdParty/tcpdf                                                   D  2020  Nicola Asuni - Tecnick.com LTD | ||||
| lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah | ||||
| lib/3rdParty/phpseclib                                               B  2019  TerraFrost and other contributors | ||||
| lib/3rdParty/Monolog                                                 B  2011  Jordi Boggiano | ||||
| lib/3rdParty/Psr                                                     B  2012  PHP Framework Interoperability Group | ||||
| lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB | ||||
| templates/lib/*jquery*.js                                            B  2018  jQuery Foundation and other contributors | ||||
| style/120_jquery-ui*.css                                             B  2016  jQuery Foundation and other contributors | ||||
| templates/lib/*jquery-dropmenu-*.js                                  B  2010  Fred Heusschen | ||||
| templates/lib/*jquery-validationEngine-*.js B  2010  Cedric Dugas and Olivier Refalo | ||||
| style/150_jquery-dropmenu*.css                                       B  2010  Fred Heusschen | ||||
| templates/lib/*jquery-fineuploader-*.js                              B  2010  Andrew Valums | ||||
| style/150_jquery-fineuploader*.css                                   B  2010  Andrew Valums | ||||
| templates/lib/*jquery-validationEngine-*.js                          B  2010  Cedric Dugas and Olivier Refalo | ||||
| style/150_jquery-validationEngine*.css                               B  2010  Cedric Dugas and Olivier Refalo | ||||
| templates/lib/extra/cropperjs                                        B  2018  Chen Fengyuan | ||||
| style/600_cropper.css                       B  2018  Chen Fengyuan | ||||
| style/600_cropper*.css                                               B  2018  Chen Fengyuan | ||||
| templates/lib/extra/duo/*.js                                         E  2019  Duo Security | ||||
| lib/3rdParty/duo/*.php                                               E  2019  Duo Security | ||||
| graphics/webauthn.svg                                                F  2017  Duo Security, Inc. | ||||
| templates/lib/600_jquery.magnific-popup.js                           B  2016  Dmitry Semenov | ||||
| style/610_magnific-popup.css                                         B  2016  Dmitry Semenov | ||||
| style/responsive/105_normalize.css                                   B        Nicolas Gallagher and Jonathan Neal | ||||
| style/responsive/110_grid.css                                        B | ||||
| 
 | ||||
|  |  | |||
|  | @ -21,11 +21,11 @@ The main script for the account pages is located in <span | |||
| a very simple content. If the page is loaded for the first time it | ||||
| creates a new <span style="font-weight: bold;">accountContainer</span> | ||||
| inside the session and tells it to load/create an LDAP account. Then it | ||||
| calles the <span style="font-weight: bold;">continue_main()</span> | ||||
| calls the <span style="font-weight: bold;">continue_main()</span> | ||||
| function of the <span style="font-weight: bold;">accountContainer</span> | ||||
| object which prints all HTML output.<br> | ||||
| <br> | ||||
| Managing of user input etc. is completly made by the <span | ||||
| Managing of user input etc. is completely made by the <span | ||||
|  style="font-weight: bold;">accountContainer</span>.<br> | ||||
| <br> | ||||
| </body> | ||||
|  |  | |||
|  | @ -54,7 +54,7 @@ to make it easier for the user to modify the values. The dynamic | |||
| options provided by the modules do not include a comment.<br> | ||||
| <br> | ||||
| <h2>Master configuration file</h2> | ||||
| LAM stores the default configuartion profile and a master password in <span | ||||
| LAM stores the default configuration profile and a master password in <span | ||||
|  style="font-style: italic;">config/config.cfg</span>.<br> | ||||
| The master password is verified when the user wants to create/delete | ||||
| configuration profiles.<br> | ||||
|  |  | |||
|  | @ -39,7 +39,7 @@ attribute. Therefore we will save these two values.<br> | |||
|     * This function loads all needed attributes into the | ||||
| object.<br> | ||||
|     *<br> | ||||
|     * @param array $attr an array as it is retured from | ||||
|     * @param array $attr an array as it is returned from | ||||
| ldap_get_attributes<br> | ||||
|     */<br> | ||||
|     <span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_attributes</span>($attr) {<br> | ||||
|  |  | |||
|  | @ -58,7 +58,7 @@ class</span> <span style="color: rgb(255, 0, 0);">ieee802Device</span> | |||
| </table> | ||||
| <br> | ||||
| <h2>4. Meta data</h2> | ||||
| The module interface inludes a lot of required and optional functions. | ||||
| The module interface includes a lot of required and optional functions. | ||||
| Many of these functions do not need to be implemented directly in the | ||||
| module, you can define <span style="font-weight: bold;">meta data</span> | ||||
| for them and the <span style="font-weight: bold;">baseModule</span> | ||||
|  |  | |||
|  | @ -137,7 +137,7 @@ the <span style="font-style: italic;">baseModule</span> will use the <span style | |||
| check. This function already contains regular expressions for the most | ||||
| common cases.<br> | ||||
| To check if the minimum GID is smaller than the maximum GID we define a | ||||
| check for the nonexistant option "cmpGID" and define it as optional. | ||||
| check for the nonexistent option "cmpGID" and define it as optional. | ||||
| This will do the comparison check.<br> | ||||
| <br> | ||||
| <br> | ||||
|  |  | |||
|  | @ -122,7 +122,7 @@ get_metaData() {<br> | |||
| <br> | ||||
| <br> | ||||
| <h2>4. Dependencies</h2> | ||||
| Modules can depend on eachother. This is useful if you need to access | ||||
| Modules can depend on each other. This is useful if you need to access | ||||
| attributes from other modules or the managed object classes of your | ||||
| module are not structural.<br> | ||||
| <br> | ||||
|  | @ -198,7 +198,7 @@ is set dynamically<br> | |||
| You can tell LAM what object classes are managed by your module.<br> | ||||
| LAM will then check the spelling of the objectClass attributes and | ||||
| correct it automatically. This is useful if other applications (e.g. | ||||
| smbldap-tools) also create accounts and the spelling is differnt.<br> | ||||
| smbldap-tools) also create accounts and the spelling is different.<br> | ||||
| <br> | ||||
| <span style="font-weight: bold; text-decoration: underline;">Example:</span><br> | ||||
| <br> | ||||
|  |  | |||
|  | @ -21,7 +21,7 @@ They are configured on tab "Jobs" in LAM server profile.<br> | |||
| <div style="text-align: left;">See ppolicyUser module for an example.<br> | ||||
| <br> | ||||
| <h2>Adding the job class</h2> | ||||
| The module defines the list of suuported jobs with function | ||||
| The module defines the list of supported jobs with function | ||||
| getSupportedJobs().<br> | ||||
| <table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2"> | ||||
|   <tbody> | ||||
|  | @ -77,7 +77,7 @@ If your job requires any configuration options then use get/checkConfigOptions() | |||
| <br> | ||||
| <h2>Database</h2> | ||||
| Jobs can access a database to read and store data about job runs. Use | ||||
| this e.g. if you need to save any status information accross job runs.<br> | ||||
| this e.g. if you need to save any status information across job runs.<br> | ||||
| Database access is specified with needsDatabaseAccess().<br> | ||||
| <br> | ||||
| There is a built-in database upgrade mechanism. Your job must return | ||||
|  |  | |||
|  | @ -18,7 +18,7 @@ designed to be editable by hand. They do not allow to add comments and | |||
| have a simpler format.<br> | ||||
| <br> | ||||
| <h2>Format</h2> | ||||
| There is one option per line which is formated: <identifier>: | ||||
| There is one option per line which is formatted: <identifier>: | ||||
| <value><br> | ||||
| <br> | ||||
| Identifier is the option's name, value is the rest of the line after | ||||
|  |  | |||
|  | @ -88,10 +88,10 @@ class <span style="font-weight: bold;">toolProfileEditor</span> implements <span | |||
|     }<br> | ||||
|     <br> | ||||
|     /**<br> | ||||
|      * Returns the prefered position of this tool on the tools page.<br> | ||||
|      * Returns the preferred position of this tool on the tools page.<br> | ||||
|      * The position may be between 0 and 1000. 0 is the top position.<br> | ||||
|      *<br> | ||||
|      * @return int prefered position<br> | ||||
|      * @return int preferred position<br> | ||||
|      */<br> | ||||
|     function <span style="font-weight: bold;">getPosition</span>() {<br> | ||||
|         return 100;<br> | ||||
|  |  | |||
|  | @ -91,10 +91,10 @@ Example:<br> | |||
| <pre>    }</pre> | ||||
| <pre>    </pre> | ||||
| <pre>    /**</pre> | ||||
| <pre>     * Returns the prefered position of this tool on the tools page.</pre> | ||||
| <pre>     * Returns the preferred position of this tool on the tools page.</pre> | ||||
| <pre>     * The position may be between 0 and 1000. 0 is the top position.</pre> | ||||
| <pre>     *</pre> | ||||
| <pre>     * @return int prefered position</pre> | ||||
| <pre>     * @return int preferred position</pre> | ||||
| <pre>     */</pre> | ||||
| <pre>    function getPosition() {</pre> | ||||
| <pre>        return 600;</pre> | ||||
|  |  | |||
|  | @ -115,7 +115,7 @@ If you want to change more than just the labels, take a look at <span | |||
|  style="font-weight: bold;">lib/types/user.inc</span>. When a list is | ||||
| displayed then the <span style="font-weight: bold;">showPage()</span> | ||||
| function is called. You can overwrite this function to display a | ||||
| completly new list or just one of the other functions.<br> | ||||
| completely new list or just one of the other functions.<br> | ||||
| <br> | ||||
| <table style="width: 100%; text-align: left;" class="mod-code" | ||||
|  border="0" cellpadding="2" cellspacing="2"> | ||||
|  |  | |||
|  | @ -60,6 +60,14 @@ This is a list of API changes for all LAM releases. | |||
| 
 | ||||
| <br> | ||||
| 
 | ||||
| <h2>6.7 -> 6.8</h2> | ||||
| <ul> | ||||
|   <li>Module API | ||||
|     <ul> | ||||
|         <li>display_html_attributes(): use responsive HTML elements instead of tables</li> | ||||
|     </ul> | ||||
|   </li> | ||||
| </ul> | ||||
| <h2>6.3 -> 6.4</h2> | ||||
| <ul> | ||||
|   <li>Module API | ||||
|  |  | |||
|  | @ -1,28 +0,0 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | ||||
| <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | ||||
| "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> | ||||
|   <appendix id="mailSetup"> | ||||
|     <title>Setup of email (SMTP) server</title> | ||||
| 
 | ||||
|     <para>LAM always uses a local SMTP email server on the machine where LAM | ||||
|     is installed. Therefore, there is no need to configure any SMTP settings | ||||
|     inside LAM itself.</para> | ||||
| 
 | ||||
|     <para>The local email server should be configured to forward all emails to | ||||
|     your company mail server (so-called smarthost). You can use any SMTP | ||||
|     software that ships with a Sendmail wrapper (e.g. Exim, Postfix, QMail or | ||||
|     Sendmail itself).</para> | ||||
| 
 | ||||
|     <literallayout> | ||||
| 
 | ||||
| </literallayout> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|           <imagedata fileref="images/lam_mail.png" /> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|   </appendix> | ||||
|   | ||||
|  | @ -14,7 +14,7 @@ | |||
|     <tgroup cols="6"> | ||||
|       <thead> | ||||
|         <row> | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
| 
 | ||||
|           <entry>Account type</entry> | ||||
| 
 | ||||
|  | @ -32,7 +32,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_unix.png" /> | ||||
|                 <imagedata fileref="images/schema_unix.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -53,7 +53,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_inetOrgPerson.png" /> | ||||
|                 <imagedata fileref="images/schema_inetOrgPerson.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -65,13 +65,13 @@ | |||
| 
 | ||||
|           <entry>Part of OpenLDAP installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_samba.png" /> | ||||
|                 <imagedata fileref="images/schema_samba.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -83,13 +83,13 @@ | |||
| 
 | ||||
|           <entry>Part of Samba tarball (examples/LDAP/samba.schema)</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_samba.png" /> | ||||
|                 <imagedata fileref="images/schema_samba.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -97,17 +97,35 @@ | |||
| 
 | ||||
|           <entry>user, group, computer</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
| 
 | ||||
|           <entry>Samba 4 built-in</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_kolab.png" /> | ||||
|                 <imagedata fileref="images/schema_samba.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|           <entry>AD LDS</entry> | ||||
| 
 | ||||
|           <entry>user, group</entry> | ||||
| 
 | ||||
|           <entry/> | ||||
| 
 | ||||
|           <entry>AD LDS built-in</entry> | ||||
| 
 | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_kolab.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -119,13 +137,13 @@ | |||
| 
 | ||||
|           <entry>Part of Kolab 2/3 installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_asterisk.png" /> | ||||
|                 <imagedata fileref="images/schema_asterisk.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -137,13 +155,13 @@ | |||
| 
 | ||||
|           <entry>Part of Asterisk installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_pykota.png" /> | ||||
|                 <imagedata fileref="images/schema_pykota.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -156,13 +174,13 @@ | |||
| 
 | ||||
|           <entry>Part of PyKota installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_mailAlias.png" /> | ||||
|                 <imagedata fileref="images/schema_mailAlias.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -174,13 +192,13 @@ | |||
| 
 | ||||
|           <entry>Part of OpenLDAP installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_hostObject.png" /> | ||||
|                 <imagedata fileref="images/schema_hostObject.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -198,7 +216,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_authorizedServices.png" /> | ||||
|                 <imagedata fileref="images/schema_authorizedServices.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -210,13 +228,13 @@ | |||
| 
 | ||||
|           <entry>Part of libpam-ldap installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_mailAlias.png" /> | ||||
|                 <imagedata fileref="images/schema_mailAlias.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -228,13 +246,13 @@ | |||
| 
 | ||||
|           <entry>Part of OpenLDAP installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_mailAlias.png" /> | ||||
|                 <imagedata fileref="images/schema_mailAlias.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -253,7 +271,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_mac.png" /> | ||||
|                 <imagedata fileref="images/schema_mac.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -265,13 +283,13 @@ | |||
| 
 | ||||
|           <entry>Part of OpenLDAP installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_ipHost.png" /> | ||||
|                 <imagedata fileref="images/schema_ipHost.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -289,7 +307,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_puppet.png" /> | ||||
|                 <imagedata fileref="images/schema_puppet.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -303,13 +321,13 @@ | |||
|           url="https://github.com/puppetlabs/puppet/blob/master/ext/ldap/puppet.schema">Puppet | ||||
|           on GitHub</ulink></entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_eduPerson.png" /> | ||||
|                 <imagedata fileref="images/schema_eduPerson.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -322,13 +340,13 @@ | |||
|           <entry><ulink | ||||
|           url="http://middleware.internet2.edu/eduperson/">http://middleware.internet2.edu</ulink></entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_user.png" /> | ||||
|                 <imagedata fileref="images/schema_user.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -340,13 +358,13 @@ | |||
| 
 | ||||
|           <entry>Part of OpenLDAP installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_ssh.png" /> | ||||
|                 <imagedata fileref="images/schema_ssh.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -359,13 +377,13 @@ | |||
|           <entry>Included in patch from <ulink | ||||
|           url="http://code.google.com/p/openssh-lpk/">http://code.google.com/p/openssh-lpk/</ulink></entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_quota.png" /> | ||||
|                 <imagedata fileref="images/schema_quota.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -379,13 +397,13 @@ | |||
|           url="http://sourceforge.net/projects/linuxquota/">Linux | ||||
|           DiskQuota</ulink></entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_group.png" /> | ||||
|                 <imagedata fileref="images/schema_group.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -403,7 +421,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_group.png" /> | ||||
|                 <imagedata fileref="images/schema_group.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -421,7 +439,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_dhcp.png" /> | ||||
|                 <imagedata fileref="images/schema_dhcp.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -440,7 +458,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_bind.png" /> | ||||
|                 <imagedata fileref="images/schema_bind.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -460,7 +478,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_alias.png" /> | ||||
|                 <imagedata fileref="images/schema_alias.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -478,7 +496,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_netgroup.png" /> | ||||
|                 <imagedata fileref="images/schema_netgroup.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -490,13 +508,13 @@ | |||
| 
 | ||||
|           <entry>Part of OpenLDAP installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_nisObject.png" /> | ||||
|                 <imagedata fileref="images/schema_nisObject.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -514,7 +532,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_nisObject.png" /> | ||||
|                 <imagedata fileref="images/schema_nisObject.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -532,7 +550,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_oracle.png" /> | ||||
|                 <imagedata fileref="images/schema_oracle.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -553,7 +571,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_ppolicy.png" /> | ||||
|                 <imagedata fileref="images/schema_ppolicy.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -571,7 +589,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_freeRadius.png" /> | ||||
|                 <imagedata fileref="images/schema_freeRadius.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -583,13 +601,13 @@ | |||
| 
 | ||||
|           <entry>Part of FreeRadius installation</entry> | ||||
| 
 | ||||
|           <entry></entry> | ||||
|           <entry/> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_heimdal.png" /> | ||||
|                 <imagedata fileref="images/schema_heimdal.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -607,7 +625,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_mitKerberos.png" /> | ||||
|                 <imagedata fileref="images/schema_mitKerberos.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -625,7 +643,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_sudo.png" /> | ||||
|                 <imagedata fileref="images/schema_sudo.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -643,7 +661,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_kopano.png" /> | ||||
|                 <imagedata fileref="images/schema_kopano.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -662,7 +680,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_zarafa.png" /> | ||||
|                 <imagedata fileref="images/schema_zarafa.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -680,7 +698,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_mailAlias.png" /> | ||||
|                 <imagedata fileref="images/schema_mailAlias.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -698,7 +716,7 @@ | |||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_nsview.png" /> | ||||
|                 <imagedata fileref="images/schema_nsview.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|  | @ -712,6 +730,25 @@ | |||
| 
 | ||||
|           <entry>LAM Pro only</entry> | ||||
|         </row> | ||||
| 
 | ||||
|         <row> | ||||
|           <entry><inlinemediaobject> | ||||
|               <imageobject> | ||||
|                 <imagedata fileref="images/schema_autoDelete.png"/> | ||||
|               </imageobject> | ||||
|             </inlinemediaobject></entry> | ||||
| 
 | ||||
|           <entry>All</entry> | ||||
| 
 | ||||
|           <entry>dynamicObject</entry> | ||||
| 
 | ||||
|           <entry>built-in with DDS module</entry> | ||||
| 
 | ||||
|           <entry>Part of LDAP server installation</entry> | ||||
| 
 | ||||
|           <entry>LAM Pro only, requires DDS extension on LDAP server | ||||
|           side</entry> | ||||
|         </row> | ||||
|       </tbody> | ||||
|     </tgroup> | ||||
|   </table> | ||||
|  |  | |||
|  | @ -34,7 +34,7 @@ | |||
|   <section> | ||||
|     <title>Use of SSL</title> | ||||
| 
 | ||||
|     <para>The data which is transfered between you and LAM is very sensitive. | ||||
|     <para>The data which is transferred between you and LAM is very sensitive. | ||||
|     Please always use SSL encrypted connections between LAM and your browser | ||||
|     to protect yourself against network sniffers.</para> | ||||
|   </section> | ||||
|  | @ -257,7 +257,7 @@ semodule -i httpdlocal.pp</programlisting> | |||
| 
 | ||||
|         <listitem> | ||||
|           <para>directory contents must be accessible by browser but directory | ||||
|           itself needs not to be browseable</para> | ||||
|           itself needs not to be browsable</para> | ||||
|         </listitem> | ||||
|       </itemizedlist> | ||||
|     </section> | ||||
|  | @ -319,7 +319,7 @@ semodule -i httpdlocal.pp</programlisting> | |||
| 
 | ||||
|       <para><inlinemediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/selfServiceProxy.png" /> | ||||
|             <imagedata fileref="images/selfServiceProxy.png"/> | ||||
|           </imageobject> | ||||
|         </inlinemediaobject></para> | ||||
| 
 | ||||
|  | @ -333,8 +333,7 @@ semodule -i httpdlocal.pp</programlisting> | |||
|         CustomLog /var/log/apache2/lam-proxy-access.log combined | ||||
|         DocumentRoot /var/www/lam-proxy | ||||
|         <Proxy *> | ||||
|             Order deny,allow | ||||
|             Allow from all | ||||
|             Require all granted | ||||
|         </Proxy> | ||||
|         SSLProxyEngine on | ||||
|         SSLEngine on | ||||
|  | @ -446,4 +445,51 @@ semodule -i httpdlocal.pp</programlisting> | |||
| </programlisting> | ||||
|     </section> | ||||
|   </section> | ||||
| 
 | ||||
|   <section id="a_webauthn"> | ||||
|     <title>Webauthn/FIDO2</title> | ||||
| 
 | ||||
|     <para>LAM allows to secure logins via <ulink | ||||
|     url="https://en.wikipedia.org/wiki/WebAuthn">Webauthn/FIDO2</ulink>. This | ||||
|     means your users login with their LDAP password and an additional hardware | ||||
|     token (e.g. Yubico Security Key, Windows Hello and many more).</para> | ||||
| 
 | ||||
|     <para>Webauthn/FIDO2 is a very strong 2-factor-authentication method as it | ||||
|     also checks the website domain. This prevents attacks via web | ||||
|     proxies.</para> | ||||
| 
 | ||||
|     <para>To use this feature you need to activate the 2-factor authentication | ||||
|     in LAM.</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">LAM admin interface</emphasis></para> | ||||
| 
 | ||||
|     <para>Please activate Webauthn/FIDO2 in your <link | ||||
|     linkend="conf_serverprofile_2fa">LAM server profile</link>. Then users | ||||
|     will be asked to authenticate via Webauthn/FIDO2 on each login.</para> | ||||
| 
 | ||||
|     <para>If no device is registered for a user then LAM will ask for this | ||||
|     during login. Afterwards, users can manage their devices with the <link | ||||
|     linkend="tool_webauthn">Webauthn tool</link>.</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">LAM Self Service</emphasis></para> | ||||
| 
 | ||||
|     <para>Please activate Webauthn/FIDO2 in your <link | ||||
|     linkend="selfservice_2fa">LAM self service profile</link>. Then users will | ||||
|     be asked to authenticate via Webauthn/FIDO2 on each login.</para> | ||||
| 
 | ||||
|     <para>If no device is registered for a user then LAM will ask for this | ||||
|     during login. Afterwards, users can manage their devices with the <link | ||||
|     linkend="selfservice_fields">Webauthn field</link>.</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Global device management</emphasis></para> | ||||
| 
 | ||||
|     <para>This is for cases where one of your users has no more access to his | ||||
|     device and cannot login anymore. In this case you can delete his device(s) | ||||
|     in the <link linkend="confmain_webauthn">LAM main | ||||
|     configuration</link>.</para> | ||||
| 
 | ||||
|     <para>Note that devices can only be deleted. Registration of devices can | ||||
|     only be done by the user during login or on the management pages listed | ||||
|     above.</para> | ||||
|   </section> | ||||
| </appendix> | ||||
|  |  | |||
|  | @ -1,7 +1,7 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | ||||
| <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | ||||
| "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> | ||||
|   <appendix id="a_passwordSelfResetSchema"> | ||||
| <appendix id="a_passwordSelfResetSchema"> | ||||
|   <title>Setup password self reset schema (LAM Pro)</title> | ||||
| 
 | ||||
|   <section id="passwordSelfResetSchema_new"> | ||||
|  | @ -13,8 +13,8 @@ | |||
| 
 | ||||
|     <para><emphasis role="bold">Schema installation</emphasis></para> | ||||
| 
 | ||||
|       <para>Please install the schema that comes with LAM Pro. The schema | ||||
|       files are located in:</para> | ||||
|     <para>Please install the schema that comes with LAM Pro. The schema files | ||||
|     are located in:</para> | ||||
| 
 | ||||
|     <itemizedlist> | ||||
|       <listitem> | ||||
|  | @ -26,8 +26,7 @@ | |||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|           <para>RPM: | ||||
|           /usr/share/doc/ldap-account-manager-{VERSION}/schema</para> | ||||
|         <para>RPM: /usr/share/doc/ldap-account-manager-{VERSION}/schema</para> | ||||
|       </listitem> | ||||
|     </itemizedlist> | ||||
| 
 | ||||
|  | @ -51,12 +50,13 @@ | |||
|     <para>For slapd.d configurations you need to upload the schema file | ||||
|     passwordSelfReset.ldif via ldapadd command:</para> | ||||
| 
 | ||||
|       <para>ldapadd -x -W -H ldap://localhost -D "cn=admin,o=test,c=de" -f | ||||
|     <para>ldapadd -x -W -H ldap://<emphasis>localhost</emphasis> -D | ||||
|     "<emphasis>cn=admin,o=test,c=de</emphasis>" -f | ||||
|     passwordSelfReset.ldif</para> | ||||
| 
 | ||||
|       <para>Please replace "localhost" with your LDAP server and | ||||
|       "cn=admin,o=test,c=de" with your LDAP admin user (usually starts with | ||||
|       cn=admin or cn=manager).</para> | ||||
|     <para>Please replace "<emphasis>localhost</emphasis>" with your LDAP | ||||
|     server and "<emphasis>cn=admin,o=test,c=de</emphasis>" with your LDAP | ||||
|     admin user (usually starts with cn=admin or cn=manager).</para> | ||||
| 
 | ||||
|     <literallayout> | ||||
| </literallayout> | ||||
|  | @ -191,10 +191,9 @@ | |||
| 
 | ||||
|     <para><emphasis role="bold">Samba 4</emphasis></para> | ||||
| 
 | ||||
|       <para>Install the these update files by following the install | ||||
|       instructions in the file. In case you you upgrade with a version | ||||
|       difference of 2 or more you will need to apply all intermediate update | ||||
|       scripts.</para> | ||||
|     <para>Install the these update files by following the install instructions | ||||
|     in the file. In case you you upgrade with a version difference of 2 or | ||||
|     more you will need to apply all intermediate update scripts.</para> | ||||
| 
 | ||||
|     <itemizedlist> | ||||
|       <listitem> | ||||
|  | @ -218,8 +217,7 @@ | |||
|       </listitem> | ||||
|     </itemizedlist> | ||||
| 
 | ||||
|       <para>Please note that attributes file needs to be installed | ||||
|       first.</para> | ||||
|     <para>Please note that attributes file needs to be installed first.</para> | ||||
| 
 | ||||
|     <literallayout> | ||||
| </literallayout> | ||||
|  | @ -232,8 +230,7 @@ | |||
| 
 | ||||
|     <itemizedlist> | ||||
|       <listitem> | ||||
|           <para>windows_version_1_to_2.ldif (upgrade from version 1 | ||||
|           only)</para> | ||||
|         <para>windows_version_1_to_2.ldif (upgrade from version 1 only)</para> | ||||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|  | @ -241,5 +238,4 @@ | |||
|       </listitem> | ||||
|     </itemizedlist> | ||||
|   </section> | ||||
|   </appendix> | ||||
|   | ||||
| </appendix> | ||||
|  |  | |||
|  | @ -85,7 +85,7 @@ | |||
| 
 | ||||
|       <para>If there are any object classes or attributes missing you will get | ||||
|       a notice. See <link linkend="a_schema">LDAP schema files</link> for a | ||||
|       list of used schemas. You may also want to deactive unused modules in | ||||
|       list of used schemas. You may also want to deactivate unused modules in | ||||
|       your LAM server profile (tab "Modules").</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|  |  | |||
|  | @ -93,9 +93,7 @@ | |||
|           <para>If the user account has set the mail attribute then LAM can | ||||
|           send your user a mail with the new password. You can change the mail | ||||
|           template to fit your needs. Please configure your LAM server profile | ||||
|           to setup the sender address, subject and mail body. Please see <link | ||||
|           linkend="mailEOL">email format option</link> in case of broken | ||||
|           mails. See <link linkend="mailSetup">here</link> for setting up your | ||||
|           to setup the sender address, subject and mail body. See <link linkend="mailSetup">here</link> for setting up your | ||||
|           SMTP server.</para> | ||||
| 
 | ||||
|           <para>Using this method will prevent that your support staff knows | ||||
|  |  | |||
|  | @ -292,7 +292,7 @@ | |||
| 
 | ||||
|       <para><emphasis role="bold">LAM runtime environment:</emphasis></para> | ||||
| 
 | ||||
|       <para>LAM runs on PHP. Therefore, it is independant of CPU architecture | ||||
|       <para>LAM runs on PHP. Therefore, it is independent of CPU architecture | ||||
|       and operating system (OS). You can run LAM on any OS which supports | ||||
|       Apache, Nginx or other PHP compatible web servers.</para> | ||||
| 
 | ||||
|  |  | |||
|  | @ -60,6 +60,10 @@ | |||
|       <para>When you entered the license key then the license details can be | ||||
|       seen on LAM configuration overview page.</para> | ||||
| 
 | ||||
|       <para>By default, LAM Pro will show a warning message on the login page | ||||
|       3 weeks before expiration. You can disable this here and/or send out an | ||||
|       email instead.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|  | @ -193,16 +197,41 @@ | |||
|     <section id="conf_logging"> | ||||
|       <title>Logging</title> | ||||
| 
 | ||||
|       <para>LAM can log events (e.g. user logins). You can use system logging | ||||
|       (syslog for Unix, event viewer for Windows) or log to a separate file. | ||||
|       Please note that LAM may log sensitive data (e.g. passwords) at log | ||||
|       level "Debug". Production systems should be set to "Warning" or | ||||
|       <para>LAM can log events (e.g. user logins). You can use e.g. system | ||||
|       logging (syslog for Unix, event viewer for Windows) or log to a separate | ||||
|       file. Please note that LAM may log sensitive data (e.g. passwords) at | ||||
|       log level "Debug". Production systems should be set to "Warning" or | ||||
|       "Error".</para> | ||||
| 
 | ||||
|       <para>The PHP error reporting is only for developers. By default LAM | ||||
|       does not show PHP notice messages in the web pages. You can select to | ||||
|       use the php.ini setting here or printing all errors and notices.</para> | ||||
| 
 | ||||
|       <para>Log destinations:</para> | ||||
| 
 | ||||
|       <itemizedlist> | ||||
|         <listitem> | ||||
|           <para>File: all messages will be written to the given file. LAM will | ||||
|           create it if not yet existing.</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>Syslog: uses local system logging (syslog for Unix, event | ||||
|           viewer for Windows)</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>Remote: sends log messages to a remote server that supports | ||||
|           the Unix <ulink url="https://www.rsyslog.com/">remote | ||||
|           Syslogd</ulink> protocol. Please enter destination as "server:port", | ||||
|           e.g. "myserver:123".</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>No logging: disabled logging</para> | ||||
|         </listitem> | ||||
|       </itemizedlist> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|  | @ -212,18 +241,23 @@ | |||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Additional options</title> | ||||
|     <section id="mailSetup"> | ||||
|       <title>Mail options (LAM Pro)</title> | ||||
| 
 | ||||
|       <para id="mailEOL"><emphasis role="bold">Email format</emphasis></para> | ||||
|       <para>Here you can configure the mail server settings. If you do not set | ||||
|       a mail server then LAM will try to use a locally installed one (e.g. | ||||
|       postfix, exim, sendmail).</para> | ||||
| 
 | ||||
|       <para>Some email servers are not standards compatible. If you receive | ||||
|       mails that look broken you can change the line endings for sent mails | ||||
|       here. Default is to use "\r\n".</para> | ||||
|       <para>SMTP setup:</para> | ||||
| 
 | ||||
|       <para>At the moment, this option is only available in LAM Pro as there | ||||
|       is no mail sending in the free version. See <link | ||||
|       linkend="mailSetup">here</link> for setting up your SMTP server.</para> | ||||
|       <para>Mail server: enter name + port separated by ":". E.g. "server:25" | ||||
|       will use "server" on port 25. Please note that your mail server | ||||
|       <emphasis role="bold">must</emphasis> support TLS encryption.</para> | ||||
| 
 | ||||
|       <para>User name: enter the user name if your SMTP server requires | ||||
|       authentication</para> | ||||
| 
 | ||||
|       <para>Password: enter the password for the user above</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|  | @ -234,6 +268,33 @@ | |||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <section id="confmain_webauthn"> | ||||
|       <title>Webauthn/FIDO2 devices</title> | ||||
| 
 | ||||
|       <para>See the <link linkend="a_webauthn">Webauthn/FIDO2 appendix</link> | ||||
|       for an overview about Webauthn/FIDO2 in LAM.</para> | ||||
| 
 | ||||
|       <para>Here you can delete any webauthn device registrations. This | ||||
|       section is only shown if at least one device is registered.</para> | ||||
| 
 | ||||
|       <para>Enter a part of the user's DN in the input box and perform a | ||||
|       search. LAM will show users and devices that match the search. You can | ||||
|       then delete a device registration. If the user has no more registered | ||||
|       devices then LAM will ask for registration on next login.</para> | ||||
| 
 | ||||
|       <para>Note: You cannot add any device here. This can only be done by the | ||||
|       user during login, <link linkend="tool_webauthn">webauthn tool</link> or | ||||
|       self service.</para> | ||||
| 
 | ||||
|       <para><screenshot> | ||||
|           <mediaobject> | ||||
|             <imageobject> | ||||
|               <imagedata fileref="images/configGeneral8.png"/> | ||||
|             </imageobject> | ||||
|           </mediaobject> | ||||
|         </screenshot></para> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Change master password</title> | ||||
| 
 | ||||
|  | @ -442,6 +503,9 @@ | |||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para>Hide password prompt for expired password: Hides the password | ||||
|         prompt when a user with expired password logs into LAM.</para> | ||||
| 
 | ||||
|         <literallayout> | ||||
| </literallayout> | ||||
| 
 | ||||
|  | @ -464,6 +528,30 @@ | |||
|         is located. The default rights for new home directories can be set, | ||||
|         too.</para> | ||||
| 
 | ||||
|         <para><emphasis role="bold">Note:</emphasis> This requires lamdaemon | ||||
|         to be installed on the remote server. This comes as separate package | ||||
|         for DEB/RPM. See <link linkend="a_lamdaemon">here</link>.</para> | ||||
| 
 | ||||
|         <para>Script server format:</para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>"server": "server" is the DNS name of your script | ||||
|             server</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>"server:NAME": NAME is the display name of this | ||||
|             server</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>"server:NAME:/prefix": /prefix is the directory prefix for | ||||
|             all operations. E.g. creating a home directory "/home/user" would | ||||
|             create "/prefix/home/user" then.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para>You can provide a fixed user name. If you leave the field empty | ||||
|         then LAM will use your current account (the account you used to login | ||||
|         to LAM).</para> | ||||
|  | @ -476,7 +564,9 @@ | |||
|             <para>SSH key (recommended): Please generate a SSH key pair and | ||||
|             provide the location to the <emphasis | ||||
|             role="bold">private</emphasis> key file. If the key is protected | ||||
|             by a password you can also specify it here.</para> | ||||
|             by a password you can also specify it here. Please note that only | ||||
|             RSA keys (with "-----BEGIN RSA PRIVATE KEY-----" at the beginning | ||||
|             of the file) are supported.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|  | @ -580,7 +670,8 @@ | |||
|           </mediaobject> | ||||
|         </screenshot> | ||||
| 
 | ||||
|         <para><emphasis role="bold">2-factor authentication</emphasis></para> | ||||
|         <para id="conf_serverprofile_2fa"><emphasis role="bold">2-factor | ||||
|         authentication</emphasis></para> | ||||
| 
 | ||||
|         <para>LAM supports 2-factor authentication for your users. This means | ||||
|         the user will not only authenticate by user+password but also with | ||||
|  | @ -596,11 +687,139 @@ | |||
|             <para><ulink | ||||
|             url="https://www.privacyidea.org/">privacyIdea</ulink></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><ulink url="https://www.yubico.com/">YubiKey</ulink></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><ulink url="https://duo.com/">Duo</ulink></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><ulink | ||||
|             url="https://webauthn.io/">Webauthn/FIDO2</ulink></para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para>By default LAM will enforce to use a token and reject users that | ||||
|         did not setup one. You can set this check to optional. But if a user | ||||
|         has setup a token then this will always be required.</para> | ||||
|         <para>Configuration options:</para> | ||||
| 
 | ||||
|         <para><emphasis role="bold">privacyIDEA</emphasis></para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>Base URL: please enter the URL of your privacyIDEA | ||||
|             instance</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>User name attribute: please enter the LDAP attribute name | ||||
|             that contains the user ID (e.g. "uid").</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Optional: By default LAM will enforce to use a token and | ||||
|             reject users that did not setup one. You can set this check to | ||||
|             optional. But if a user has setup a token then this will always be | ||||
|             required.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Disable certificate check: This should be used on | ||||
|             development instances only. It skips the certificate check when | ||||
|             connecting to verification server.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para><emphasis role="bold">YubiKey</emphasis></para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>Base URLs: please enter the URL(s) of your YubiKey | ||||
|             verification server(s). If you run a custom verification API such | ||||
|             as yubiserver then enter its URL (e.g. | ||||
|             http://www.example.com:8000/wsapi/2.0/verify). The URL needs to | ||||
|             end with "/wsapi/2.0/verify". For YubiKey cloud these are | ||||
|             "https://api.yubico.com/wsapi/2.0/verify", | ||||
|             "https://api2.yubico.com/wsapi/2.0/verify", | ||||
|             "https://api3.yubico.com/wsapi/2.0/verify", | ||||
|             "https://api4.yubico.com/wsapi/2.0/verify" and | ||||
|             "https://api5.yubico.com/wsapi/2.0/verify". Enter one URL per | ||||
|             line.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Client id: this is only required for YubiKey cloud. You can | ||||
|             register here: https://upgrade.yubico.com/getapikey/</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Secret key: this is only required for YubiKey cloud. You can | ||||
|             register here: https://upgrade.yubico.com/getapikey/</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Optional: By default LAM will enforce to use a token and | ||||
|             reject users that did not setup one. You can set this check to | ||||
|             optional. But if a user has setup a token then this will always be | ||||
|             required.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Disable certificate check: This should be used on | ||||
|             development instances only. It skips the certificate check when | ||||
|             connecting to verification server.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para><emphasis role="bold">Duo</emphasis></para> | ||||
| 
 | ||||
|         <para>This requires to register a new "Web SDK" application in your | ||||
|         Duo admin panel.</para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>User name attribute: please enter the LDAP attribute name | ||||
|             that contains the user ID (e.g. "uid").</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Base URL: please enter the API-URL of your Duo instance | ||||
|             (e.g. api-12345.duosecurity.com).</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Client id: please enter your integration key.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Secret key: please enter your secret key.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para><emphasis role="bold">Webauthn/FIDO2</emphasis></para> | ||||
| 
 | ||||
|         <para>See the <link linkend="a_webauthn">Webauthn/FIDO2 | ||||
|         appendix</link> for an overview about Webauthn/FIDO2 in LAM.</para> | ||||
| 
 | ||||
|         <para>Users will be asked to register a device during login if no | ||||
|         device is setup.</para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>Domain: Please enter the WebAuthn domain. This is the public | ||||
|             domain of the web server (e.g. "example.com"). Do not include | ||||
|             protocol or port. Browsers will reject authentication if the | ||||
|             domain does not match the web server domain.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Optional: By default LAM will enforce to use a 2FA device | ||||
|             and reject users that do not setup one. You can set this check to | ||||
|             optional. But if a user has setup a device then this will always | ||||
|             be required.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <screenshot> | ||||
|           <mediaobject> | ||||
|  | @ -879,7 +1098,77 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|           </mediaobject> | ||||
|         </screenshot> | ||||
| 
 | ||||
|         <section> | ||||
|         <para>Available jobs:</para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para><link linkend="job_ppolicy_password_expire">PPolicy: Notify | ||||
|             users about password expiration</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_389_password_expire">389ds: Notify users | ||||
|             about password expiration</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_shadow_password_expire">Shadow: Notify | ||||
|             users about password expiration</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_shadow_move_expired">Shadow: Delete or | ||||
|             move expired accounts</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_shadow_account_expiration_note">Shadow: | ||||
|             Notify users about account expiration</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_windows_password_expire">Windows: Notify | ||||
|             users about password expiration</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_windows_account_expiration_note">Windows: | ||||
|             Notify users about account expiration</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_windows_move_expired">Windows: Delete or | ||||
|             move expired accounts</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_windows_notify_groups">Windows: Notify | ||||
|             users about their managed groups</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_freeradius_move_expired">FreeRadius: | ||||
|             Delete or move expired accounts</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link | ||||
|             linkend="job_freeradius_account_expiration_notification">FreeRadius: | ||||
|             Notify users about account expiration</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_qmail_move_expired">Qmail: Delete or move | ||||
|             expired accounts</link></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><link linkend="job_qmail_account_expire_notify">Qmail: | ||||
|             Notify users about account expiration</link></para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <section id="job_ppolicy_password_expire"> | ||||
|           <title>PPolicy: Notify users about password expiration</title> | ||||
| 
 | ||||
|           <para>This will send your users an email reminder before their | ||||
|  | @ -993,7 +1282,7 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|           "2016-12-31".</para> | ||||
|         </section> | ||||
| 
 | ||||
|         <section> | ||||
|         <section id="job_389_password_expire"> | ||||
|           <title>389ds: Notify users about password expiration</title> | ||||
| 
 | ||||
|           <para>This will send your users an email reminder before their | ||||
|  | @ -1086,7 +1375,7 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|           "2016-12-31".</para> | ||||
|         </section> | ||||
| 
 | ||||
|         <section> | ||||
|         <section id="job_shadow_password_expire"> | ||||
|           <title>Shadow: Notify users about password expiration</title> | ||||
| 
 | ||||
|           <para>This will send your users an email reminder before their | ||||
|  | @ -1187,7 +1476,7 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|           "2016-12-31".</para> | ||||
|         </section> | ||||
| 
 | ||||
|         <section> | ||||
|         <section id="job_shadow_move_expired"> | ||||
|           <title>Shadow: Delete or move expired accounts</title> | ||||
| 
 | ||||
|           <para>You can automatically delete or move expired accounts. The job | ||||
|  | @ -1237,7 +1526,91 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|           </table> | ||||
|         </section> | ||||
| 
 | ||||
|         <section> | ||||
|         <section id="job_shadow_account_expiration_note"> | ||||
|           <title>Shadow: Notify users about account expiration</title> | ||||
| 
 | ||||
|           <para>This will send your users an email reminder before their whole | ||||
|           account expires.</para> | ||||
| 
 | ||||
|           <para>You need to activate the Shadow module for users to be able to | ||||
|           add this job. The job can be added multiple times (e.g. to send a | ||||
|           second warning at a later time).</para> | ||||
| 
 | ||||
|           <screenshot> | ||||
|             <graphic fileref="images/jobs_shadow3.png"/> | ||||
|           </screenshot> | ||||
| 
 | ||||
|           <para><table> | ||||
|               <title>Options</title> | ||||
| 
 | ||||
|               <tgroup cols="2"> | ||||
|                 <tbody> | ||||
|                   <row> | ||||
|                     <entry><emphasis role="bold">Option</emphasis></entry> | ||||
| 
 | ||||
|                     <entry><emphasis | ||||
|                     role="bold">Description</emphasis></entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>From address</entry> | ||||
| 
 | ||||
|                     <entry>The email address to set as FROM.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Reply-to address</entry> | ||||
| 
 | ||||
|                     <entry>Optional Reply-to address for email.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>CC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional CC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>BCC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional BCC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Subject</entry> | ||||
| 
 | ||||
|                     <entry>The email subject line. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Text</entry> | ||||
| 
 | ||||
|                     <entry>The email body text. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Notification period</entry> | ||||
| 
 | ||||
|                     <entry>Number of days to notify before account | ||||
|                     expires.</entry> | ||||
|                   </row> | ||||
|                 </tbody> | ||||
|               </tgroup> | ||||
|             </table>Wildcards:</para> | ||||
| 
 | ||||
|           <para>You can enter LDAP attributes as wildcards in the form | ||||
|           @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". | ||||
|           For the common name it would be "@@cn@@".</para> | ||||
| 
 | ||||
|           <para>There are also two special wildcards for the expiration date. | ||||
|           @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016". | ||||
|           @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. | ||||
|           "2016-12-31".</para> | ||||
|         </section> | ||||
| 
 | ||||
|         <section id="job_windows_password_expire"> | ||||
|           <title>Windows: Notify users about password expiration</title> | ||||
| 
 | ||||
|           <para>This will send your users an email reminder before their | ||||
|  | @ -1329,7 +1702,91 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|           "2016-12-31".</para> | ||||
|         </section> | ||||
| 
 | ||||
|         <section> | ||||
|         <section id="job_windows_account_expiration_note"> | ||||
|           <title>Windows: Notify users about account expiration</title> | ||||
| 
 | ||||
|           <para>This will send your users an email reminder before their whole | ||||
|           account expires.</para> | ||||
| 
 | ||||
|           <para>You need to activate the Windows module for users to be able | ||||
|           to add this job. The job can be added multiple times (e.g. to send a | ||||
|           second warning at a later time).</para> | ||||
| 
 | ||||
|           <screenshot> | ||||
|             <graphic fileref="images/jobs_windowsAccountExpiration.png"/> | ||||
|           </screenshot> | ||||
| 
 | ||||
|           <para><table> | ||||
|               <title>Options</title> | ||||
| 
 | ||||
|               <tgroup cols="2"> | ||||
|                 <tbody> | ||||
|                   <row> | ||||
|                     <entry><emphasis role="bold">Option</emphasis></entry> | ||||
| 
 | ||||
|                     <entry><emphasis | ||||
|                     role="bold">Description</emphasis></entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>From address</entry> | ||||
| 
 | ||||
|                     <entry>The email address to set as FROM.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Reply-to address</entry> | ||||
| 
 | ||||
|                     <entry>Optional Reply-to address for email.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>CC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional CC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>BCC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional BCC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Subject</entry> | ||||
| 
 | ||||
|                     <entry>The email subject line. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Text</entry> | ||||
| 
 | ||||
|                     <entry>The email body text. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Notification period</entry> | ||||
| 
 | ||||
|                     <entry>Number of days to notify before account | ||||
|                     expires.</entry> | ||||
|                   </row> | ||||
|                 </tbody> | ||||
|               </tgroup> | ||||
|             </table>Wildcards:</para> | ||||
| 
 | ||||
|           <para>You can enter LDAP attributes as wildcards in the form | ||||
|           @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". | ||||
|           For the common name it would be "@@cn@@".</para> | ||||
| 
 | ||||
|           <para>There are also two special wildcards for the expiration date. | ||||
|           @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016". | ||||
|           @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. | ||||
|           "2016-12-31".</para> | ||||
|         </section> | ||||
| 
 | ||||
|         <section id="job_windows_move_expired"> | ||||
|           <title>Windows: Delete or move expired accounts</title> | ||||
| 
 | ||||
|           <para>You can automatically delete or move expired accounts.</para> | ||||
|  | @ -1377,7 +1834,96 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|           </table> | ||||
|         </section> | ||||
| 
 | ||||
|         <section> | ||||
|         <section id="job_windows_notify_groups"> | ||||
|           <title>Windows: Notify users about their managed groups</title> | ||||
| 
 | ||||
|           <para>This will send your users an email with the groups they | ||||
|           manage. This also includes a list of users in these groups. The | ||||
|           users and groups are searched using the user+group account types | ||||
|           that are specified in server profile.</para> | ||||
| 
 | ||||
|           <para>You need to activate the Windows module for users to be able | ||||
|           to add this job. The job can be added multiple times.</para> | ||||
| 
 | ||||
|           <screenshot> | ||||
|             <graphic fileref="images/jobs_windowsNotifyGroups.png"/> | ||||
|           </screenshot> | ||||
| 
 | ||||
|           <para><table> | ||||
|               <title>Options</title> | ||||
| 
 | ||||
|               <tgroup cols="2"> | ||||
|                 <tbody> | ||||
|                   <row> | ||||
|                     <entry><emphasis role="bold">Option</emphasis></entry> | ||||
| 
 | ||||
|                     <entry><emphasis | ||||
|                     role="bold">Description</emphasis></entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>From address</entry> | ||||
| 
 | ||||
|                     <entry>The email address to set as FROM.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Reply-to address</entry> | ||||
| 
 | ||||
|                     <entry>Optional Reply-to address for email.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>CC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional CC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>BCC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional BCC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Subject</entry> | ||||
| 
 | ||||
|                     <entry>The email subject line. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>HTML format</entry> | ||||
| 
 | ||||
|                     <entry>Send email as HTML instead of plain text.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Text</entry> | ||||
| 
 | ||||
|                     <entry>The email body text. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Period</entry> | ||||
| 
 | ||||
|                     <entry>Defines how often the mail is sent (e.g. | ||||
|                     quarterly).</entry> | ||||
|                   </row> | ||||
|                 </tbody> | ||||
|               </tgroup> | ||||
|             </table>Wildcards:</para> | ||||
| 
 | ||||
|           <para>You can enter LDAP attributes as wildcards in the form | ||||
|           @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". | ||||
|           For the common name it would be "@@cn@@".</para> | ||||
| 
 | ||||
|           <para>Use the wildcard "@@LAM_MANAGED_GROUPS@@" to insert the group | ||||
|           listing. This wildcard is mandatory.</para> | ||||
|         </section> | ||||
| 
 | ||||
|         <section id="job_freeradius_move_expired"> | ||||
|           <title>FreeRadius: Delete or move expired accounts</title> | ||||
| 
 | ||||
|           <para>You can automatically delete or move expired accounts.</para> | ||||
|  | @ -1425,7 +1971,91 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|           </table> | ||||
|         </section> | ||||
| 
 | ||||
|         <section> | ||||
|         <section id="job_freeradius_account_expiration_notification"> | ||||
|           <title>FreeRadius: Notify users about account expiration</title> | ||||
| 
 | ||||
|           <para>This will send your users an email reminder before their | ||||
|           FreeRadius account expires.</para> | ||||
| 
 | ||||
|           <para>You need to activate the FreeRadius module for users to be | ||||
|           able to add this job. The job can be added multiple times (e.g. to | ||||
|           send a second warning at a later time).</para> | ||||
| 
 | ||||
|           <screenshot> | ||||
|             <graphic fileref="images/jobs_freeradiusAccountExpiration.png"/> | ||||
|           </screenshot> | ||||
| 
 | ||||
|           <para><table> | ||||
|               <title>Options</title> | ||||
| 
 | ||||
|               <tgroup cols="2"> | ||||
|                 <tbody> | ||||
|                   <row> | ||||
|                     <entry><emphasis role="bold">Option</emphasis></entry> | ||||
| 
 | ||||
|                     <entry><emphasis | ||||
|                     role="bold">Description</emphasis></entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>From address</entry> | ||||
| 
 | ||||
|                     <entry>The email address to set as FROM.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Reply-to address</entry> | ||||
| 
 | ||||
|                     <entry>Optional Reply-to address for email.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>CC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional CC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>BCC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional BCC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Subject</entry> | ||||
| 
 | ||||
|                     <entry>The email subject line. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Text</entry> | ||||
| 
 | ||||
|                     <entry>The email body text. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Notification period</entry> | ||||
| 
 | ||||
|                     <entry>Number of days to notify before account | ||||
|                     expires.</entry> | ||||
|                   </row> | ||||
|                 </tbody> | ||||
|               </tgroup> | ||||
|             </table>Wildcards:</para> | ||||
| 
 | ||||
|           <para>You can enter LDAP attributes as wildcards in the form | ||||
|           @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". | ||||
|           For the common name it would be "@@cn@@".</para> | ||||
| 
 | ||||
|           <para>There are also two special wildcards for the expiration date. | ||||
|           @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016". | ||||
|           @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. | ||||
|           "2016-12-31".</para> | ||||
|         </section> | ||||
| 
 | ||||
|         <section id="job_qmail_move_expired"> | ||||
|           <title>Qmail: Delete or move expired accounts</title> | ||||
| 
 | ||||
|           <para>You can automatically delete or move expired accounts. The job | ||||
|  | @ -1473,6 +2103,90 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|             </tgroup> | ||||
|           </table> | ||||
|         </section> | ||||
| 
 | ||||
|         <section id="job_qmail_account_expire_notify"> | ||||
|           <title>Qmail: Notify users about account expiration</title> | ||||
| 
 | ||||
|           <para>This will send your users an email reminder before their Qmail | ||||
|           account expires.</para> | ||||
| 
 | ||||
|           <para>You need to activate the Qmail module for users to be able to | ||||
|           add this job. The job can be added multiple times (e.g. to send a | ||||
|           second warning at a later time).</para> | ||||
| 
 | ||||
|           <screenshot> | ||||
|             <graphic fileref="images/jobs_qmailAccountExpiration.png"/> | ||||
|           </screenshot> | ||||
| 
 | ||||
|           <para><table> | ||||
|               <title>Options</title> | ||||
| 
 | ||||
|               <tgroup cols="2"> | ||||
|                 <tbody> | ||||
|                   <row> | ||||
|                     <entry><emphasis role="bold">Option</emphasis></entry> | ||||
| 
 | ||||
|                     <entry><emphasis | ||||
|                     role="bold">Description</emphasis></entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>From address</entry> | ||||
| 
 | ||||
|                     <entry>The email address to set as FROM.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Reply-to address</entry> | ||||
| 
 | ||||
|                     <entry>Optional Reply-to address for email.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>CC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional CC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>BCC address</entry> | ||||
| 
 | ||||
|                     <entry>Optional BCC mail address.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Subject</entry> | ||||
| 
 | ||||
|                     <entry>The email subject line. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Text</entry> | ||||
| 
 | ||||
|                     <entry>The email body text. Supports wildcards, see | ||||
|                     below.</entry> | ||||
|                   </row> | ||||
| 
 | ||||
|                   <row> | ||||
|                     <entry>Notification period</entry> | ||||
| 
 | ||||
|                     <entry>Number of days to notify before account | ||||
|                     expires.</entry> | ||||
|                   </row> | ||||
|                 </tbody> | ||||
|               </tgroup> | ||||
|             </table>Wildcards:</para> | ||||
| 
 | ||||
|           <para>You can enter LDAP attributes as wildcards in the form | ||||
|           @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@". | ||||
|           For the common name it would be "@@cn@@".</para> | ||||
| 
 | ||||
|           <para>There are also two special wildcards for the expiration date. | ||||
|           @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016". | ||||
|           @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g. | ||||
|           "2016-12-31".</para> | ||||
|         </section> | ||||
|       </section> | ||||
| 
 | ||||
|       <section> | ||||
|  | @ -1591,4 +2305,50 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost'; | |||
|       </section> | ||||
|     </section> | ||||
|   </section> | ||||
| 
 | ||||
|   <section> | ||||
|     <title>Self Service (LAM Pro)</title> | ||||
| 
 | ||||
|     <para>See <link linkend="a_selfService">Self Service | ||||
|     chapter</link>.</para> | ||||
|   </section> | ||||
| 
 | ||||
|   <section> | ||||
|     <title>Import and export configuration</title> | ||||
| 
 | ||||
|     <para>Here you can export and import LAM's whole configuration. You can | ||||
|     use this to backup the configuration or migrate from one server to | ||||
|     another.</para> | ||||
| 
 | ||||
|     <para>You will need to login with the configuration master password to use | ||||
|     this feature.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <graphic fileref="images/confImportExport1.png"/> | ||||
|     </screenshot> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Export</emphasis></para> | ||||
| 
 | ||||
|     <para>This will dump the whole configuration to one big single file. It is | ||||
|     not possible to dump only parts of the configuration. During import you | ||||
|     can select what exactly to import.</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Import</emphasis></para> | ||||
| 
 | ||||
|     <para>Please select the import file first and submit. LAM will then | ||||
|     present you possible import data. You can select what to import using the | ||||
|     checkboxes.</para> | ||||
| 
 | ||||
|     <para>Please note that LAM will not delete e.g. server profiles that are | ||||
|     not in the import file.</para> | ||||
| 
 | ||||
|     <para>Example: You have profile1+profile2 in your LAM installation and | ||||
|     profile2+profile3 in your import file. When you select to import all | ||||
|     server profiles then profile1 stays untouched, profile2 will be | ||||
|     overwritten and profile3 will be added.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <graphic fileref="images/confImportExport2.png"/> | ||||
|     </screenshot> | ||||
|   </section> | ||||
| </chapter> | ||||
|  |  | |||
|  | @ -15,7 +15,7 @@ | |||
|       <itemizedlist> | ||||
|         <listitem> | ||||
|           <para>Apache/Nginx webserver (SSL recommended) with PHP module (PHP | ||||
|           (>= 5.6.0) with ldap, gettext, xml, openssl and optional | ||||
|           (>= 7.0.0) with ldap, gettext, xml, openssl and optional | ||||
|           OpenSSL)</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|  | @ -150,9 +150,9 @@ | |||
|                 role="bold">rpm -i <path to LAM | ||||
|                 package></emphasis></para><literallayout> | ||||
| </literallayout><para><emphasis role="bold">Note:</emphasis> The RPM packages | ||||
|                 for Fedora/CentOS do not contain a dependency to PHP due to | ||||
|                 the various package names for it. Please make sure that you | ||||
|                 install Apache/Nginx with PHP.</para></entry> | ||||
|                 do not contain a dependency to PHP due to the various package | ||||
|                 names for it. Please make sure that you install Apache/Nginx | ||||
|                 with PHP.</para></entry> | ||||
|               </row> | ||||
|             </tbody> | ||||
|           </tgroup> | ||||
|  | @ -313,6 +313,45 @@ | |||
|       </section> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Docker</title> | ||||
| 
 | ||||
|       <para>You can run LAM inside Docker.</para> | ||||
| 
 | ||||
|       <para>Possible environment variables are documented in the <ulink | ||||
|       url="https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env">sample | ||||
|       .env</ulink> file.</para> | ||||
| 
 | ||||
|       <para>See here:</para> | ||||
| 
 | ||||
|       <para><ulink | ||||
|       url="https://hub.docker.com/r/ldapaccountmanager/lam">https://hub.docker.com/r/ldapaccountmanager/lam</ulink></para> | ||||
| 
 | ||||
|       <para/> | ||||
| 
 | ||||
|       <para>LAM Pro:</para> | ||||
| 
 | ||||
|       <para>Please request access at support providing your Docker Hub user | ||||
|       ID.</para> | ||||
| 
 | ||||
|       <para><ulink | ||||
|       url="https://hub.docker.com/r/ldapaccountmanager/lampro">https://hub.docker.com/r/ldapaccountmanager/lampro</ulink></para> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Configuration files</emphasis></para> | ||||
| 
 | ||||
|       <para>All configuration files are stored in:</para> | ||||
| 
 | ||||
|       <itemizedlist> | ||||
|         <listitem> | ||||
|           <para>/etc/ldap-account-manager</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>/var/lib/ldap-account-manager</para> | ||||
|         </listitem> | ||||
|       </itemizedlist> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>System configuration</title> | ||||
| 
 | ||||
|  | @ -574,6 +613,46 @@ | |||
|       version. Unless explicitly noticed there is no need to install an | ||||
|       intermediate release.</para> | ||||
| 
 | ||||
|       <section> | ||||
|         <title>7.2 -> 7.3</title> | ||||
| 
 | ||||
|         <para>No actions required.</para> | ||||
|       </section> | ||||
| 
 | ||||
|       <section> | ||||
|         <title>7.1 -> 7.2</title> | ||||
| 
 | ||||
|         <para>LAM Pro: All emails need a specified FROM address. This affects | ||||
|         password email, self registration, password self reset and cron | ||||
|         emails.</para> | ||||
|       </section> | ||||
| 
 | ||||
|       <section> | ||||
|         <title>6.7 -> 7.1</title> | ||||
| 
 | ||||
|         <para>No actions required.</para> | ||||
|       </section> | ||||
| 
 | ||||
|       <section> | ||||
|         <title>6.6 -> 6.7</title> | ||||
| 
 | ||||
|         <para>Self service: please verify the self service base URL in your | ||||
|         self service profiles in case you have password self reset / user self | ||||
|         registration enabled.</para> | ||||
|       </section> | ||||
| 
 | ||||
|       <section> | ||||
|         <title>6.5 -> 6.6</title> | ||||
| 
 | ||||
|         <para>No actions required.</para> | ||||
|       </section> | ||||
| 
 | ||||
|       <section> | ||||
|         <title>6.4 -> 6.5</title> | ||||
| 
 | ||||
|         <para>No actions required.</para> | ||||
|       </section> | ||||
| 
 | ||||
|       <section> | ||||
|         <title>6.3 -> 6.4</title> | ||||
| 
 | ||||
|  |  | |||
|  | @ -755,7 +755,9 @@ | |||
|         <listitem> | ||||
|           <para>Password hash type: If possible use CRYPT-SHA512 or SSHA to | ||||
|           protect your user's passwords. The option SASL will set the password | ||||
|           to "{SASL}<user name>".</para> | ||||
|           to "{SASL}<user name>". If you want to use an LDAP EXOP | ||||
|           password operation to update the password then select | ||||
|           LDAP_EXOP.</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|  | @ -1184,7 +1186,7 @@ | |||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Windows (Samba 4)</title> | ||||
|       <title>Windows (Samba 4/Active Directory)</title> | ||||
| 
 | ||||
|       <para>Please activate the account type "Users" in your LAM server | ||||
|       profile and then add the user module "Windows (windowsUser)(*)".</para> | ||||
|  | @ -1216,10 +1218,14 @@ | |||
| 
 | ||||
|       <para>NIS support is deactivated by default. Enable it if needed.</para> | ||||
| 
 | ||||
|       <para>You can also set maximum values for user photos in advanced | ||||
|       options.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_windowsUser5.png"/> | ||||
|             <imagedata contentwidth="1172" | ||||
|                        fileref="images/mod_windowsUser5.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
|  | @ -1343,6 +1349,146 @@ | |||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>AD LDS (formerly ADAM) (LAM Pro)</title> | ||||
| 
 | ||||
|       <para>Please activate the account type "Users" in your LAM server | ||||
|       profile and then add the user module "AD LDS | ||||
|       (windowsLDSUser)(*)".</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_windowsUser4.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>The default list attributes are for Unix and not suitable for AD | ||||
|       LDS (blank lines in account table). Please use | ||||
|       "#cn;#givenName;#sn;#mail" or select your own attributes to display in | ||||
|       the account list.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_adLds1.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>On tab "Module settings" you can specify the possible Windows | ||||
|       domain names.</para> | ||||
| 
 | ||||
|       <para>You can also set maximum values for user photos in advanced | ||||
|       options.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata contentwidth="1172" fileref="images/mod_adLds3.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Now you can manage your AD LDS users and e.g. assign groups. You | ||||
|       might want to set the default domain name in the <link | ||||
|       linkend="a_accountProfile">profile editor</link>.</para> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Attention:</emphasis></para> | ||||
| 
 | ||||
|       <para>Password changes require a secure connection via ldaps://. Check | ||||
|       your LAM server profile if password changes are refused by the | ||||
|       server.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_adLds4a.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_adLds4b.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Wildcards</emphasis></para> | ||||
| 
 | ||||
|       <para>This module provides the following wildcards (others may be | ||||
|       provided by other modules):</para> | ||||
| 
 | ||||
|       <itemizedlist> | ||||
|         <listitem> | ||||
|           <para>$firstname: First name</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>$lastname: Last name</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>$user: User name</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>$commonname: Common name</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>$email: Email address</para> | ||||
|         </listitem> | ||||
|       </itemizedlist> | ||||
| 
 | ||||
|       <para>You can use them in the following input fields on user edit | ||||
|       screen:</para> | ||||
| 
 | ||||
|       <itemizedlist> | ||||
|         <listitem> | ||||
|           <para>Common name</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>Display name</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>Email</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>Email alias</para> | ||||
|         </listitem> | ||||
|       </itemizedlist> | ||||
| 
 | ||||
|       <para>Use this when some of your data always follows the same schema. | ||||
|       E.g. using "$firstname $lastname" in common name field can be used like | ||||
|       this to get "Demo User". You can set the wildcards in profile editor so | ||||
|       they are automatically applied for new users.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_adLds5a.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para/> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_adLds5b.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Filesystem quota (lamdaemon)</title> | ||||
| 
 | ||||
|  | @ -1408,33 +1554,11 @@ | |||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Attention: LAM will add the object class "mailrecipient" by | ||||
|       default. This object class is available on 389 directory server but may | ||||
|       not be present on e.g. OpenLDAP. Please deactivate the following setting | ||||
|       (LAM server profile, module settings) if you do not use this object | ||||
|       class.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_kolab5.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Please enter an email address at the Personal page and set a Unix | ||||
|       password first. Both are required that Kolab accepts the accounts. The | ||||
|       email address ("Personal" page) must match your Kolab domain, otherwise | ||||
|       the account will not work.</para> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Attention:</emphasis> The mailbox server | ||||
|       cannot be changed after the account has been saved. Please make sure | ||||
|       that the value is correct.</para> | ||||
| 
 | ||||
|       <para>Kolab users should not be directly deleted with LAM. You can mark | ||||
|       an account for deletion which then is done by the Kolab server itself. | ||||
|       This makes sure that the mailbox etc. is also deleted.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|  | @ -1683,7 +1807,7 @@ | |||
|       <para><emphasis role="bold">Setup password changing</emphasis></para> | ||||
| 
 | ||||
|       <para>LAM Pro cannot generate the password hashes itself because Heimdal | ||||
|       uses a propietary format for them. Therefore, LAM Pro needs to call e.g. | ||||
|       uses a proprietary format for them. Therefore, LAM Pro needs to call e.g. | ||||
|       kadmin to set the password.</para> | ||||
| 
 | ||||
|       <para>The wildcards @@password@@ and @@principal@@ are replaced with | ||||
|  | @ -1732,7 +1856,7 @@ | |||
|       <para><emphasis role="bold">Setup password changing</emphasis></para> | ||||
| 
 | ||||
|       <para>LAM Pro cannot generate the password hashes itself because MIT | ||||
|       uses a propietary format for them. Therefore, LAM Pro needs to call | ||||
|       uses a proprietary format for them. Therefore, LAM Pro needs to call | ||||
|       kadmin/kadmin.local to set the password.</para> | ||||
| 
 | ||||
|       <para>LAM will add "-q 'cpw -pw PASSWORD PRINCIPAL'" to the command to | ||||
|  | @ -1746,9 +1870,9 @@ | |||
|       password change.</para> | ||||
| 
 | ||||
|       <para>Please note that kadmin/kadmin.local often returns a successful | ||||
|       command even if errors occured (e.g. password policy violations). You | ||||
|       command even if errors occurred (e.g. password policy violations). You | ||||
|       need to test this before and if affected then write a wrapper script | ||||
|       arround kadmin that returns non-zero return codes for errors.</para> | ||||
|       around kadmin that returns non-zero return codes for errors.</para> | ||||
| 
 | ||||
|       <para>Example commands:</para> | ||||
| 
 | ||||
|  | @ -1832,7 +1956,7 @@ | |||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>You can add the user to existing alias entries or create completly | ||||
|       <para>You can add the user to existing alias entries or create completely | ||||
|       new ones.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|  | @ -2012,6 +2136,74 @@ ldapsearch -x -h $server -p $port -b $baseDN -s sub "(&(objectclass=posixAcc | |||
| AuthorizedKeysCommandUser root</literallayout> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>YubiKey</title> | ||||
| 
 | ||||
|       <para>You can manage your YubiKey ids with LAM. It supports the <ulink | ||||
|       url="https://github.com/mludvig/yubikey-ldap">yubiKeyUser schema</ulink> | ||||
|       or any other attribute mapping.</para> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Configuration</emphasis></para> | ||||
| 
 | ||||
|       <para>First, you need to activate the YubiKey module for users in your | ||||
|       LAM server profile.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_yubikey1.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Second, you need to specify which object class and attribute name | ||||
|       should be used.</para> | ||||
| 
 | ||||
|       <para>Object class: If you have an object class just for the YubiKey ids | ||||
|       then enter it here. LAM will then provide options to add and remove it. | ||||
|       In case you reuse some existing attribute from e.g. inetOrgPerson please | ||||
|       leave object class name blank.</para> | ||||
| 
 | ||||
|       <para>Attribute name: please enter the attribute name that is used for | ||||
|       the key ids.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_yubikey2.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>You will then be able to manage the key ids for your users.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_yubikey3.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Self Service (LAM Pro)</emphasis></para> | ||||
| 
 | ||||
|       <para>This will allow your users to update their own keys.</para> | ||||
| 
 | ||||
|       <para>You need to configure the object class and attribute name first. | ||||
|       This is done on tab "Module settings" in self service profile.</para> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Attention: </emphasis>Please note that both | ||||
|       fields are mandatory here. Even if you reused an attribute from some | ||||
|       existing object class you need to set it here. LAM needs this to detect | ||||
|       if the user can add keys.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_yubikey5.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Then add the YubiKey ids field to your self service profile on tab | ||||
|       "Page layout".</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_yubikey4.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>When a user with the specified object class logs in then the key | ||||
|       input fields are shown.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_yubikey6.png"/> | ||||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Authorized services</title> | ||||
| 
 | ||||
|  | @ -2091,7 +2283,7 @@ AuthorizedKeysCommandUser root</literallayout> | |||
|       security reasons.</para> | ||||
| 
 | ||||
|       <para>The user name can either be a fixed name (e.g. "admin") or it can | ||||
|       be generated with LDAP attributes of the LAM admn user. E.g. $uid$ will | ||||
|       be generated with LDAP attributes of the LAM admin user. E.g. $uid$ will | ||||
|       be transformed to "myUser" if you login with | ||||
|       "uid=myUser,ou=people,dc=example,dc=com".</para> | ||||
| 
 | ||||
|  | @ -2207,8 +2399,8 @@ AuthorizedKeysCommandUser root</literallayout> | |||
| 
 | ||||
|       <para><emphasis role="bold">Configuration</emphasis></para> | ||||
| 
 | ||||
|       <para>Please add the account type "Groups" and then select account | ||||
|       module "Unix (posixGroup)".</para> | ||||
|       <para>Special Please add the account type "Groups" and then select | ||||
|       account module "Unix (posixGroup)".</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|  | @ -2218,6 +2410,43 @@ AuthorizedKeysCommandUser root</literallayout> | |||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Virtual list attributes:</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_unixGroupConfig2.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>The following virtual attributes can be shown in the group list. | ||||
|       These are no real LDAP attributes but extra data that can be shown by | ||||
|       LAM.</para> | ||||
| 
 | ||||
|       <itemizedlist> | ||||
|         <listitem> | ||||
|           <para>memberuid_count: number of entries in attribute | ||||
|           "memberuid"</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>member_count: number of entries in attribute "member"</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>uniqueMember_count: number of entries in attribute | ||||
|           "uniquemember"</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>owner_count: number of entries in attribute "owner"</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>roleOccupant_count: number of entries in attribute | ||||
|           "roleOccupant"</para> | ||||
|         </listitem> | ||||
|       </itemizedlist> | ||||
| 
 | ||||
|       <para>Module settings:</para> | ||||
| 
 | ||||
|       <para>GID generator: LAM will suggest GID numbers for your accounts. | ||||
|       Please note that it may happen that there are duplicate IDs assigned if | ||||
|       users create groups at the same time. Use an <ulink | ||||
|  | @ -2491,6 +2720,52 @@ AuthorizedKeysCommandUser root</literallayout> | |||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>AD LDS (formerly ADAM) (LAM Pro)</title> | ||||
| 
 | ||||
|       <para>LAM can manage your AD LDS groups. Please enable the account type | ||||
|       "Groups" in your LAM server profile and then add the group module "AD | ||||
|       LDS (windowsLDSGroup)(*)".</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_windowsGroup3.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>The default list attributes are for Unix and not suitable for AD | ||||
|       LDS (blank lines in account table). Please use | ||||
|       "#cn;#member;#description" or select your own attributes to display in | ||||
|       the account list.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_adLds2.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para/> | ||||
| 
 | ||||
|       <para>Now you can edit your groups inside LAM. You can manage the group | ||||
|       name, description and its type. Of course, you can also set the group | ||||
|       members.</para> | ||||
| 
 | ||||
|       <para>With "Show effective members" you can show a list of all members | ||||
|       of this group including members of subgroups and their subgroups.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|             <imagedata fileref="images/mod_adLds6.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Kolab</title> | ||||
| 
 | ||||
|  | @ -2984,6 +3259,38 @@ AuthorizedKeysCommandUser root</literallayout> | |||
|       </mediaobject> | ||||
|     </screenshot> | ||||
| 
 | ||||
|     <para>Virtual list attributes:</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <graphic fileref="images/mod_gon.png"/> | ||||
|     </screenshot> | ||||
| 
 | ||||
|     <para>The following virtual attributes can be shown in the group list. | ||||
|     These are no real LDAP attributes but extra data that can be shown by | ||||
|     LAM.</para> | ||||
| 
 | ||||
|     <itemizedlist> | ||||
|       <listitem> | ||||
|         <para>member_count: number of entries in attribute "member"</para> | ||||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|         <para>uniqueMember_count: number of entries in attribute | ||||
|         "uniquemember"</para> | ||||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|         <para>owner_count: number of entries in attribute "owner"</para> | ||||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|         <para>roleOccupant_count: number of entries in attribute | ||||
|         "roleOccupant"</para> | ||||
|       </listitem> | ||||
|     </itemizedlist> | ||||
| 
 | ||||
|     <para>Module settings:</para> | ||||
| 
 | ||||
|     <para>On the module settings tab you set some options like the display | ||||
|     format for members/owners and if fields like description should not be | ||||
|     displayed.</para> | ||||
|  | @ -4046,9 +4353,13 @@ Run slapindex to rebuild the index. | |||
|     extension to the DNS server <ulink | ||||
|     url="http://www.isc.org/software/bind">Bind</ulink> that allows to store | ||||
|     DNS entries inside LDAP. Please install the Bind DLZ schema file on your | ||||
|     LDAP server. It is part of the DLZ patch.</para> | ||||
|     LDAP server. It is part of the Bind download. You can also get it from | ||||
|     Bind's <ulink | ||||
|     url="https://gitlab.isc.org/isc-projects/bind9/blob/master/contrib/dlz/modules/ldap/testing/dlz.schema">git | ||||
|     repository</ulink>.</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Configuration</emphasis></para> | ||||
|     <section> | ||||
|       <title>Configuration</title> | ||||
| 
 | ||||
|       <para>First, you need to add the Bind DNS account type and the Bind DLZ | ||||
|       module:</para> | ||||
|  | @ -4061,8 +4372,9 @@ Run slapindex to rebuild the index. | |||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|     <para>Please set the LDAP suffix either to an existing DNS zone (dlzZone) | ||||
|     or an organizational unit that should include your DNS zones.</para> | ||||
|       <para>Please set the LDAP suffix either to an existing DNS zone | ||||
|       (dlzZone) or an organizational unit that should include your DNS | ||||
|       zones.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|  | @ -4075,6 +4387,9 @@ Run slapindex to rebuild the index. | |||
|       <literallayout> | ||||
| </literallayout> | ||||
| 
 | ||||
|       <para>For regular entry management use "DNS entry (bindDLZ)(*)" | ||||
|       module.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|  | @ -4083,6 +4398,23 @@ Run slapindex to rebuild the index. | |||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para><emphasis role="bold">XFR</emphasis></para> | ||||
| 
 | ||||
|       <para>If you want to edit XFR entries please add a second account type | ||||
|       for XFR. Recommended list attributes are | ||||
|       "#dlzipaddr;#dlzrecordid".</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_bind13.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Now use the "XFR (bindDLZXfr)(*)" module for this account | ||||
|       type.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_bind14.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Automatic PTR management</emphasis></para> | ||||
| 
 | ||||
|       <para>LAM can automatically create/delete PTR entries for the entered | ||||
|  | @ -4104,12 +4436,12 @@ Run slapindex to rebuild the index. | |||
|       <para><emphasis role="bold">Zone management</emphasis></para> | ||||
| 
 | ||||
|       <para>If you do not yet have a DNS zone then LAM can create one for you. | ||||
|     In list view switch the suffix to an organizational unit DN. Now you will | ||||
|     see a button "New zone".</para> | ||||
|       In list view switch the suffix to an organizational unit DN. Now you | ||||
|       will see a button "New zone".</para> | ||||
| 
 | ||||
|       <para>This will create the zone container entry and a default DNS entry | ||||
|     "@" for authoritative information. Now switch the suffix to your new zone | ||||
|     and start adding DNS entries.</para> | ||||
|       "@" for authoritative information. Now switch the suffix to your new | ||||
|       zone and start adding DNS entries.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|  | @ -4118,8 +4450,10 @@ Run slapindex to rebuild the index. | |||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <para><emphasis role="bold">DNS entries</emphasis></para> | ||||
|     <section> | ||||
|       <title>DNS entries</title> | ||||
| 
 | ||||
|       <para>LAM supports the following DNS record types:</para> | ||||
| 
 | ||||
|  | @ -4163,9 +4497,9 @@ Run slapindex to rebuild the index. | |||
|       <para><emphasis role="bold">Authoritative (SOA) and name server (NS) | ||||
|       records</emphasis></para> | ||||
| 
 | ||||
|     <para>Here you can manage general information about the zone like timeouts | ||||
|     and name servers. Please note that name servers must be inserted in a | ||||
|     special format (dot at the end).</para> | ||||
|       <para>Here you can manage general information about the zone like | ||||
|       timeouts and name servers. Please note that name servers must be | ||||
|       inserted in a special format (dot at the end).</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|  | @ -4196,9 +4530,9 @@ Run slapindex to rebuild the index. | |||
| 
 | ||||
|       <para><emphasis role="bold">Reverse DNS entries</emphasis></para> | ||||
| 
 | ||||
|     <para>Reverse DNS entries are important when you need to find the DNS name | ||||
|     that is associated with a given IP address. Reverse DNS entries are stored | ||||
|     in a separate DNS zone.</para> | ||||
|       <para>Reverse DNS entries are important when you need to find the DNS | ||||
|       name that is associated with a given IP address. Reverse DNS entries are | ||||
|       stored in a separate DNS zone.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|  | @ -4246,8 +4580,8 @@ Run slapindex to rebuild the index. | |||
| 
 | ||||
|       <para><emphasis role="bold">Text records (TXT)</emphasis></para> | ||||
| 
 | ||||
|     <para>Text records can be added to store a description or other data (e.g. | ||||
|     SPF information).</para> | ||||
|       <para>Text records can be added to store a description or other data | ||||
|       (e.g. SPF information).</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|  | @ -4262,8 +4596,8 @@ Run slapindex to rebuild the index. | |||
| 
 | ||||
|       <para><emphasis role="bold">Services (SRV)</emphasis></para> | ||||
| 
 | ||||
|     <para>Service records can be used to specify which servers provide common | ||||
|     services such as LDAP. Please note that the host name must be | ||||
|       <para>Service records can be used to specify which servers provide | ||||
|       common services such as LDAP. Please note that the host name must be | ||||
|       _SERVICE._PROTOCOL (e.g. _ldap._tcp).</para> | ||||
| 
 | ||||
|       <literallayout> | ||||
|  | @ -4294,8 +4628,8 @@ Run slapindex to rebuild the index. | |||
| 
 | ||||
|       <para><emphasis role="bold">File upload</emphasis></para> | ||||
| 
 | ||||
|     <para>You can upload complete DNS zones via LAM's file upload. Here is an | ||||
|     example for a zone file and the corresponding CSV file.</para> | ||||
|       <para>You can upload complete DNS zones via LAM's file upload. Here is | ||||
|       an example for a zone file and the corresponding CSV file.</para> | ||||
| 
 | ||||
|       <table> | ||||
|         <title>Zone file</title> | ||||
|  | @ -4399,11 +4733,11 @@ Run slapindex to rebuild the index. | |||
|       <para>Please check that you have an existing zone entry that can be used | ||||
|       for the file upload. See above to create a new zone.</para> | ||||
| 
 | ||||
|     <para>Hint: If you use the function above to create a new zone then please | ||||
|     skip the "@" entry in the CSV file below. LAM creates this entry with | ||||
|     sample data.</para> | ||||
|       <para>Hint: If you use the function above to create a new zone then | ||||
|       please skip the "@" entry in the CSV file below. LAM creates this entry | ||||
|       with sample data.</para> | ||||
| 
 | ||||
|     <para>In this example we assume that the following zone extry | ||||
|       <para>In this example we assume that the following zone entry | ||||
|       exists:</para> | ||||
| 
 | ||||
|       <literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com | ||||
|  | @ -4417,6 +4751,25 @@ objectclass: top | |||
|       url="resources/bindUpload.csv">bindUpload.csv</ulink></para> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>XFR entries</title> | ||||
| 
 | ||||
|       <para>You can manage the XFR entries in the second tab that you | ||||
|       configured before.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_bind16.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>For each XFR entry you can set a record ID and the IP | ||||
|       address.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/mod_bind15.png"/> | ||||
|       </screenshot> | ||||
|     </section> | ||||
|   </section> | ||||
| 
 | ||||
|   <section> | ||||
|     <title>Aliases (LAM Pro)</title> | ||||
| 
 | ||||
|  | @ -5007,7 +5360,7 @@ OK (10 msec)</programlisting> | |||
|     <para>LAM will display a default icon and "Custom fields" as label if you | ||||
|     do not enter any values.</para> | ||||
| 
 | ||||
|     <para>You may also specify how LAM displays cutom fields when there are | ||||
|     <para>You may also specify how LAM displays custom fields when there are | ||||
|     multiple field groups. The default is accordion view where you can switch | ||||
|     field groups by clicking on the title. You may also deactivate this mode. | ||||
|     Then all field groups are displayed one below the other.</para> | ||||
|  | @ -5022,7 +5375,7 @@ OK (10 msec)</programlisting> | |||
| 
 | ||||
|     <para><emphasis role="bold">Defining groups:</emphasis></para> | ||||
| 
 | ||||
|     <para>All input fields are devided into groups. A group may contain one or | ||||
|     <para>All input fields are divided into groups. A group may contain one or | ||||
|     more object classes and allows you to add/remove a certain set of input | ||||
|     fields.</para> | ||||
| 
 | ||||
|  | @ -5312,6 +5665,10 @@ OK (10 msec)</programlisting> | |||
|     <para>Attribute name: The values of this attribute will be used to build | ||||
|     the selection list.</para> | ||||
| 
 | ||||
|     <para>Display attributes: List of attributes to show as label for the | ||||
|     options in select box. Attribute wildcards are surrounded by "$", e.g. | ||||
|     "$cn$" will be replaced by "cn" attribute. Default is "$dn$".</para> | ||||
| 
 | ||||
|     <para>Presentation:</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|  | @ -5367,7 +5724,7 @@ OK (10 msec)</programlisting> | |||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|         <para>§attribute|;§; attribute values separted by ";" (you can set | ||||
|         <para>§attribute|;§; attribute values separated by ";" (you can set | ||||
|         other separators if you want)</para> | ||||
|       </listitem> | ||||
|     </itemizedlist> | ||||
|  | @ -5483,7 +5840,7 @@ OK (10 msec)</programlisting> | |||
|     <para>LAM Pro allows you to execute scripts whenever an account is | ||||
|     created, modified or deleted. This can be useful to automate processes | ||||
|     which needed manual work afterwards (e.g. sending your user a welcome mail | ||||
|     or register a mailbox). Additionally, you can specify manual scipts that | ||||
|     or register a mailbox). Additionally, you can specify manual scripts that | ||||
|     can be executed from within LAM Pro.</para> | ||||
| 
 | ||||
|     <para>To activate this feature please add the "Custom scripts" module to | ||||
|  | @ -5617,7 +5974,7 @@ OK (10 msec)</programlisting> | |||
|     <para>You can switch LAM's logging to debug mode if you are unsure which | ||||
|     attributes with which values are available.</para> | ||||
| 
 | ||||
|     <para>The following special wildcards are available for automatical | ||||
|     <para>The following special wildcards are available for automatic | ||||
|     scripts:</para> | ||||
| 
 | ||||
|     <itemizedlist> | ||||
|  | @ -5792,6 +6149,76 @@ OK (10 msec)</programlisting> | |||
|     </screenshot> | ||||
|   </section> | ||||
| 
 | ||||
|   <section> | ||||
|     <title>Auto delete (LAM Pro)</title> | ||||
| 
 | ||||
|     <para>This module allows to mark any new entry to be marked for auto | ||||
|     deletion. The cleanup is done by the LDAP server itself. Please note that | ||||
|     this will not delete any relations etc. in other entries (e.g. group | ||||
|     memberships).</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Requirements</emphasis></para> | ||||
| 
 | ||||
|     <itemizedlist> | ||||
|       <listitem> | ||||
|         <para>PHP 7.2 or later: the module will not be shown if you use an | ||||
|         older PHP version since the required LDAP commands are not | ||||
|         supported.</para> | ||||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|         <para>LDAP server with DDS (Dynamic Directory Services) support: your | ||||
|         LDAP server needs to be configured to allow auto deletion of entries. | ||||
|         See e.g. <ulink | ||||
|         url="http://www.openldap.org/doc/admin24/overlays.html">OpenLDAP | ||||
|         configuration</ulink>.</para> | ||||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|         <para>Your user has the right to set a deletion date. This is | ||||
|         configured on your LDAP server via ACLs. E.g. OpenLDAP requires manage | ||||
|         rights to attribute "entryTtl".</para> | ||||
|       </listitem> | ||||
|     </itemizedlist> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Restrictions</emphasis></para> | ||||
| 
 | ||||
|     <para>The maximum time for auto deletion is one year and six days. This is | ||||
|     a restriction by the DDS standard itself. The deletion date can be | ||||
|     extended for existing accounts but always by a maximum of one year and six | ||||
|     days.</para> | ||||
| 
 | ||||
|     <para>You should configure the maximum TTL value on your LDAP server as | ||||
|     default is often much less than a year.</para> | ||||
| 
 | ||||
|     <para>A deletion date on an existing entry cannot be removed but only be | ||||
|     extended.</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Configuration</emphasis></para> | ||||
| 
 | ||||
|     <para>You can add the auto delete module to any account type.</para> | ||||
| 
 | ||||
|     <para><graphic fileref="images/mod_autoDelete1.png"/></para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Usage</emphasis></para> | ||||
| 
 | ||||
|     <para>You can set a deletion time for any new account. Please note the | ||||
|     restrictions above. If you get an error about invalid TTL then you might | ||||
|     have exceeded the maximum TTL.</para> | ||||
| 
 | ||||
|     <para>Existing accounts cannot be marked for deletion. But you may update | ||||
|     the deletion date on existing accounts that are already marked for | ||||
|     deletion.</para> | ||||
| 
 | ||||
|     <para>Profile editor can be used to setup a default deletion time.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <graphic fileref="images/mod_autoDelete2.png"/> | ||||
|     </screenshot> | ||||
| 
 | ||||
|     <para/> | ||||
|   </section> | ||||
| 
 | ||||
|   <section> | ||||
|     <title>General information</title> | ||||
| 
 | ||||
|  | @ -5830,9 +6257,6 @@ OK (10 msec)</programlisting> | |||
| 
 | ||||
|     <para>There are also some special functions available:</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Export:</emphasis> This allows you to export | ||||
|     entries to a file (e.g. LDIF or CSV format).</para> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Show internal attributes:</emphasis> Shows | ||||
|     internal attributes of the current entry. This includes information about | ||||
|     the creator and creation time of the entry.</para> | ||||
|  |  | |||
|  | @ -204,6 +204,34 @@ | |||
|               url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink>.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Default language</entry> | ||||
| 
 | ||||
|               <entry>This language is preselected on login.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Enforce language</entry> | ||||
| 
 | ||||
|               <entry>Disables language selection and uses default | ||||
|               language.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Time zone</entry> | ||||
| 
 | ||||
|               <entry>Please provide your time zone.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Base URL</entry> | ||||
| 
 | ||||
|               <entry>Please enter the base URL of your webserver (e.g. | ||||
|               https://www.example.com). This is used to generate links in | ||||
|               emails for password self reset and user self | ||||
|               registration.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Login attribute label</entry> | ||||
| 
 | ||||
|  | @ -222,15 +250,29 @@ | |||
|             <row> | ||||
|               <entry>Login caption</entry> | ||||
| 
 | ||||
|               <entry>This text is displayed at the login page. You can input | ||||
|               HTML, too.</entry> | ||||
|               <entry>This text is displayed on the login page inside the login | ||||
|               mask.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Login footer</entry> | ||||
| 
 | ||||
|               <entry>This text is displayed on the login page below the login | ||||
|               mask.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Main page caption</entry> | ||||
| 
 | ||||
|               <entry>This text is displayed at self service main page where | ||||
|               your users change their data. You can input HTML, too.</entry> | ||||
|               <entry>This text is displayed on the self service main page | ||||
|               where your users change their data.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Main page footer</entry> | ||||
| 
 | ||||
|               <entry>This text is displayed as footer on the self service main | ||||
|               page where your users change their data.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|  | @ -241,6 +283,13 @@ | |||
|               code is permitted.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Base color</entry> | ||||
| 
 | ||||
|               <entry>Here you can change the background color for the user | ||||
|               pages.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Additional CSS links</entry> | ||||
| 
 | ||||
|  | @ -255,7 +304,7 @@ | |||
| 
 | ||||
|       <para/> | ||||
| 
 | ||||
|       <section> | ||||
|       <section id="selfservice_2fa"> | ||||
|         <title>2-factor authentication</title> | ||||
| 
 | ||||
|         <para>LAM supports 2-factor authentication for your users. This means | ||||
|  | @ -272,11 +321,137 @@ | |||
|             <para><ulink | ||||
|             url="https://www.privacyidea.org/">privacyIdea</ulink></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><ulink url="https://www.yubico.com/">YubiKey</ulink></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><ulink url="https://duo.com/">Duo</ulink></para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para><ulink | ||||
|             url="https://en.wikipedia.org/wiki/WebAuthn">Webauthn/FIDO2</ulink></para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para>By default LAM will enforce to use a token and reject users that | ||||
|         did not setup one. You can set this check to optional. But if a user | ||||
|         has setup a token then this will always be required.</para> | ||||
|         <para><emphasis role="bold">privacyIDEA</emphasis></para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>Base URL: please enter the URL of your privacyIDEA | ||||
|             instance</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>User name attribute: please enter the LDAP attribute name | ||||
|             that contains the user ID (e.g. "uid")</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Optional: By default LAM will enforce to use a token and | ||||
|             reject users that did not setup one. You can set this check to | ||||
|             optional. But if a user has setup a token then this will always be | ||||
|             required.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Disable certificate check: This should be used on | ||||
|             development instances only. It skips the certificate check when | ||||
|             connecting to verification server.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para><emphasis role="bold">YubiKey</emphasis></para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>Base URLs: please enter the URL(s) of your YubiKey | ||||
|             verification server(s). If you run a custom verification API such | ||||
|             as yubiserver then enter its URL (e.g. | ||||
|             http://www.example.com:8000/wsapi/2.0/verify). The URL needs to | ||||
|             end with "/wsapi/2.0/verify". For YubiKey cloud these are | ||||
|             "https://api.yubico.com/wsapi/2.0/verify", | ||||
|             "https://api2.yubico.com/wsapi/2.0/verify", | ||||
|             "https://api3.yubico.com/wsapi/2.0/verify", | ||||
|             "https://api4.yubico.com/wsapi/2.0/verify" and | ||||
|             "https://api5.yubico.com/wsapi/2.0/verify". Enter one URL per | ||||
|             line.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Client id: this is only required for YubiKey cloud. You can | ||||
|             register here: https://upgrade.yubico.com/getapikey/</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Secret key: this is only required for YubiKey cloud. You can | ||||
|             register here: https://upgrade.yubico.com/getapikey/</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Optional: By default LAM will enforce to use a token and | ||||
|             reject users that did not setup one. You can set this check to | ||||
|             optional. But if a user has setup a token then this will always be | ||||
|             required.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Disable certificate check: This should be used on | ||||
|             development instances only. It skips the certificate check when | ||||
|             connecting to verification server.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para><emphasis role="bold">Duo</emphasis></para> | ||||
| 
 | ||||
|         <para>This requires to register a new "Web SDK" application in your | ||||
|         Duo admin panel.</para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>User name attribute: please enter the LDAP attribute name | ||||
|             that contains the user ID (e.g. "uid").</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Base URL: please enter the API-URL of your Duo instance | ||||
|             (e.g. api-12345.duosecurity.com).</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Client id: please enter your integration key.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Secret key: please enter your secret key.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <para><emphasis role="bold">Webauthn/FIDO2</emphasis></para> | ||||
| 
 | ||||
|         <para>See the <link linkend="a_webauthn">Webauthn/FIDO2 | ||||
|         appendix</link> for an overview about Webauthn/FIDO2 in LAM.</para> | ||||
| 
 | ||||
|         <para>Users will be asked to register a device during login if no | ||||
|         device is setup.</para> | ||||
| 
 | ||||
|         <itemizedlist> | ||||
|           <listitem> | ||||
|             <para>Domain: Please enter the WebAuthn domain. This is the public | ||||
|             domain of the web server (e.g. "example.com"). Do not include | ||||
|             protocol or port. Browsers will reject authentication if the | ||||
|             domain does not match the web server domain.</para> | ||||
|           </listitem> | ||||
| 
 | ||||
|           <listitem> | ||||
|             <para>Optional: By default LAM will enforce to use a 2FA device | ||||
|             and reject users that do not setup one. You can set this check to | ||||
|             optional. But if a user has setup a device then this will always | ||||
|             be required.</para> | ||||
|           </listitem> | ||||
|         </itemizedlist> | ||||
| 
 | ||||
|         <screenshot> | ||||
|           <mediaobject> | ||||
|  | @ -349,7 +524,8 @@ | |||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Possible input fields</emphasis></para> | ||||
|       <para id="selfservice_fields"><emphasis role="bold">Possible input | ||||
|       fields</emphasis></para> | ||||
| 
 | ||||
|       <para>This is a list of input fields you may add to the self service | ||||
|       page.</para> | ||||
|  | @ -395,6 +571,18 @@ | |||
|               password each time the Unix password is changed.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|                     <imagedata fileref="images/schema_groupOfNames.png"/> | ||||
|                   </imageobject> | ||||
|                 </inlinemediaobject>Group of names</entry> | ||||
| 
 | ||||
|               <entry>Group memberships (read-only)</entry> | ||||
| 
 | ||||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|  | @ -638,6 +826,24 @@ | |||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry morerows="1"><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|                     <imagedata fileref="images/schema_mailAlias.png"/> | ||||
|                   </imageobject> | ||||
|                 </inlinemediaobject> Mail routing</entry> | ||||
| 
 | ||||
|               <entry>Local address (read-only)</entry> | ||||
| 
 | ||||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Mail routing address (read-only)</entry> | ||||
| 
 | ||||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry morerows="4"><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|  | @ -681,12 +887,18 @@ | |||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry><inlinemediaobject> | ||||
|               <entry morerows="1"><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|                     <imagedata fileref="images/schema_ssh.png"/> | ||||
|                   </imageobject> | ||||
|                 </inlinemediaobject> Shadow</entry> | ||||
| 
 | ||||
|               <entry>Account expiration date (read-only)</entry> | ||||
| 
 | ||||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Last password change (read-only)</entry> | ||||
| 
 | ||||
|               <entry>Displays the date and time of the user's last password | ||||
|  | @ -694,11 +906,11 @@ | |||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry morerows="8"><inlinemediaobject> | ||||
|               <entry morerows="10"><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|                     <imagedata fileref="images/schema_samba.png"/> | ||||
|                   </imageobject> | ||||
|                 </inlinemediaobject> Windows</entry> | ||||
|                 </inlinemediaobject> Windows (AD, AD LDS, Samba 4)</entry> | ||||
| 
 | ||||
|               <entry>Password</entry> | ||||
| 
 | ||||
|  | @ -711,6 +923,12 @@ | |||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Mail alias (read-only)</entry> | ||||
| 
 | ||||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Office name</entry> | ||||
| 
 | ||||
|  | @ -729,6 +947,12 @@ | |||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Proxy-Addresses (read-only)</entry> | ||||
| 
 | ||||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>State</entry> | ||||
| 
 | ||||
|  | @ -754,7 +978,7 @@ | |||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry morerows="3"><inlinemediaobject> | ||||
|               <entry morerows="4"><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|                     <imagedata fileref="images/schema_unix.png"/> | ||||
|                   </imageobject> | ||||
|  | @ -765,6 +989,12 @@ | |||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Group memberships (read-only)</entry> | ||||
| 
 | ||||
|               <entry/> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry>Login shell</entry> | ||||
| 
 | ||||
|  | @ -785,6 +1015,19 @@ | |||
|               each time the Windows password is changed.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|                     <imagedata fileref="images/webauthn.png"/> | ||||
|                   </imageobject> | ||||
|                 </inlinemediaobject>Webauthn</entry> | ||||
| 
 | ||||
|               <entry>Webauthn devices</entry> | ||||
| 
 | ||||
|               <entry>Allows the user to manage his webauthn/FIDO2 security | ||||
|               keys.</entry> | ||||
|             </row> | ||||
| 
 | ||||
|             <row> | ||||
|               <entry morerows="1"><inlinemediaobject> | ||||
|                   <imageobject> | ||||
|  | @ -910,7 +1153,7 @@ | |||
|       <para>To enable this feature please activate the checkbox "Enable | ||||
|       password self reset link".</para> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Hint:</emphasis> Plese note that LAM Pro | ||||
|       <para><emphasis role="bold">Hint:</emphasis> Please note that LAM Pro | ||||
|       uses security questions by default. Activate confirmation mails and then | ||||
|       deactivate security questions if you want to use only email | ||||
|       validation.</para> | ||||
|  | @ -923,6 +1166,35 @@ | |||
|         </mediaobject> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Identification method, used LDAP attributes:</para> | ||||
| 
 | ||||
|       <itemizedlist> | ||||
|         <listitem> | ||||
|           <para>Email: mail</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>Employee number: employeeNumber</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>Self service login attribute: same as configured on first tab | ||||
|           of self service profile</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>User name: uid</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>User name and email address: uid and mail</para> | ||||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>User name or email address: uid and mail</para> | ||||
|         </listitem> | ||||
|       </itemizedlist> | ||||
| 
 | ||||
|       <para>You can now configure the minimum answer length for password reset | ||||
|       answers. This is checked when you allow you users to specify their | ||||
|       answers via the self service. Additionally, you can specify the text of | ||||
|  | @ -952,10 +1224,8 @@ | |||
|       The mail can include the new password by using the special wildcard | ||||
|       "@@newPassword@@". Additionally, you may want to insert other wildcards | ||||
|       that are replaced by the corresponding LDAP attributes. E.g. "@@uid@@" | ||||
|       will be replaced by the user name. Please see <link | ||||
|       linkend="mailEOL">email format option</link> in case of broken mails. | ||||
|       See <link linkend="mailSetup">here</link> for setting up your SMTP | ||||
|       server.</para> | ||||
|       will be replaced by the user name. See <link | ||||
|       linkend="mailSetup">here</link> for setting up your SMTP server.</para> | ||||
| 
 | ||||
|       <literallayout> </literallayout> | ||||
| 
 | ||||
|  | @ -1130,9 +1400,14 @@ | |||
|       object class in each line. If you use LAM Pro password self reset | ||||
|       feature then do not forget to add "passwordSelfReset" here.</para> | ||||
| 
 | ||||
|       <para/> | ||||
| 
 | ||||
|       <para><emphasis>Attributes:</emphasis> This is a list of additional | ||||
|       attributes that the user can enter. Please note that user name, password | ||||
|       and email address are mandatory anyway and need not be specified.</para> | ||||
|       and email address (attribute "mail") are mandatory anyway and need not | ||||
|       be specified. Just in case you use the legacy attribute "email" for | ||||
|       account it needs to be specified (attribute "mail" will then not be | ||||
|       shown).</para> | ||||
| 
 | ||||
|       <para>Each line represents one LDAP attribute. The settings are | ||||
|       separated by "::". The first setting specifies the field type. The | ||||
|  | @ -1234,7 +1509,9 @@ | |||
|       url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is | ||||
|       optional, you can leave these options blank.</para> | ||||
| 
 | ||||
|       <para><emphasis role="bold">Example:</emphasis></para> | ||||
|       <para><emphasis role="bold">Examples:</emphasis></para> | ||||
| 
 | ||||
|       <para>Unix account:</para> | ||||
| 
 | ||||
|       <para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please enter | ||||
|       a valid first name.</para> | ||||
|  | @ -1249,6 +1526,20 @@ | |||
|       <para>If you use the object class "inetOrgPerson" and do not provide the | ||||
|       "cn" attribute then LAM will set it to the user name value.</para> | ||||
| 
 | ||||
|       <literallayout> | ||||
| </literallayout> | ||||
| 
 | ||||
|       <para>Active Directory/Samba4:</para> | ||||
| 
 | ||||
|       <para>required::cn::Common Name::/^[[:alnum:] ]+$/u::Enter common | ||||
|       name.</para> | ||||
| 
 | ||||
|       <para>constant::userPrincipalName::@@uid@@@samba4.test</para> | ||||
| 
 | ||||
|       <para>constant::sAMAccountName::@@uid@@</para> | ||||
| 
 | ||||
|       <para>constant::userAccountControl::512</para> | ||||
| 
 | ||||
|       <literallayout> | ||||
| </literallayout> | ||||
| 
 | ||||
|  | @ -1312,9 +1603,6 @@ | |||
|       valid for 24 hours. When he clicks on this link then the account will be | ||||
|       created in the self service user suffix. The DN will look like this: | ||||
|       <emphasis>uid=<user name>,...</emphasis></para> | ||||
| 
 | ||||
|       <para>Please see <link linkend="mailEOL">email format option</link> in | ||||
|       case of broken mails.</para> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|  | @ -1595,6 +1883,10 @@ | |||
|       <para>Attribute name: The values of this attribute will be used to build | ||||
|       the selection list.</para> | ||||
| 
 | ||||
|       <para>Display attributes: List of attributes to show as label for the | ||||
|       options in select box. Attribute wildcards are surrounded by "$", e.g. | ||||
|       "$cn$" will be replaced by "cn" attribute. Default is "$dn$".</para> | ||||
| 
 | ||||
|       <para>Presentation:</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|  | @ -1653,7 +1945,7 @@ | |||
|         </listitem> | ||||
| 
 | ||||
|         <listitem> | ||||
|           <para>§attribute|;§; attribute values separted by ";" (you can set | ||||
|           <para>§attribute|;§; attribute values separated by ";" (you can set | ||||
|           other separators if you want)</para> | ||||
|         </listitem> | ||||
|       </itemizedlist> | ||||
|  |  | |||
|  | @ -1,25 +1,25 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | ||||
| <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | ||||
| "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> | ||||
|   <chapter> | ||||
| <chapter> | ||||
|   <title>Tools</title> | ||||
| 
 | ||||
|     <para></para> | ||||
|   <para/> | ||||
| 
 | ||||
|   <section id="a_accountProfile"> | ||||
|     <title>Profile editor</title> | ||||
| 
 | ||||
|     <para>The account profiles are templates for your accounts. Here you can | ||||
|       specify default values which can then be loaded when you create | ||||
|       accounts. You may also load a template for an existing account to reset | ||||
|       it to default values. When you create a new account then LAM will always | ||||
|       load the profile named <emphasis role="bold">"default"</emphasis>. This | ||||
|       account profile can include default values for all your accounts.</para> | ||||
|     specify default values which can then be loaded when you create accounts. | ||||
|     You may also load a template for an existing account to reset it to | ||||
|     default values. When you create a new account then LAM will always load | ||||
|     the profile named <emphasis role="bold">"default"</emphasis>. This account | ||||
|     profile can include default values for all your accounts.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/profileEditor2.png" /> | ||||
|           <imagedata fileref="images/profileEditor2.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -30,7 +30,7 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/profileEditor.png" /> | ||||
|           <imagedata fileref="images/profileEditor.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -43,7 +43,7 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/profileEditor3.png" /> | ||||
|           <imagedata fileref="images/profileEditor3.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -51,45 +51,47 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/profileEditor4.png" /> | ||||
|           <imagedata fileref="images/profileEditor4.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
| 
 | ||||
|     <para>There is a special export target called "*Global templates". All | ||||
|       profiles exported here will be copied to all other server profiles | ||||
|       (incl. new ones). But existing profiles with the same name are not | ||||
|       overwritten. So a profile in global templates is treated as default | ||||
|       profile for all server profiles.</para> | ||||
|     profiles exported here will be copied to all other server profiles (incl. | ||||
|     new ones). But existing profiles with the same name are not overwritten. | ||||
|     So a profile in global templates is treated as default profile for all | ||||
|     server profiles.</para> | ||||
| 
 | ||||
|       <para>Use this if you would like to setup default profiles that are | ||||
|       valid for all server profiles.</para> | ||||
|     <para>Use this if you would like to setup default profiles that are valid | ||||
|     for all server profiles.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/profileEditor5.png" /> | ||||
|           <imagedata fileref="images/profileEditor5.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|   </section> | ||||
| 
 | ||||
|     <section> | ||||
|   <section id="tool_upload"> | ||||
|     <title>File upload</title> | ||||
| 
 | ||||
|       <para>When you need to create lots of accounts then you can use LAM's | ||||
|       file upload to create them. LAM will read a CSV formatted file and | ||||
|       create the related LDAP entries. Please check the data in you CSV file | ||||
|       carefully. LAM will do less checks for the file upload than for single | ||||
|       account creation.</para> | ||||
|     <para>When you need to create lots of accounts then you can use LAM's file | ||||
|     upload to create them. In contrast to <link linkend="tool_upload">LDAP | ||||
|     import/export</link> this operates on account type level.</para> | ||||
| 
 | ||||
|       <para>At the first page please select the account type and what | ||||
|       extensions should be activated.</para> | ||||
|     <para>LAM will read a CSV formatted file and create the related LDAP | ||||
|     entries. Please check the data in you CSV file carefully. LAM will do less | ||||
|     checks for the file upload than for single account creation.</para> | ||||
| 
 | ||||
|     <para>At the first page please select the account type and what extensions | ||||
|     should be activated.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/fileUpload1.png" /> | ||||
|           <imagedata fileref="images/fileUpload1.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -99,18 +101,18 @@ | |||
|     CSV file. All red options are required columns in the file. You need to | ||||
|     specify a value for each account.</para> | ||||
| 
 | ||||
|       <para>When you upload the CSV file then LAM first does some checks on | ||||
|       this file. This includes syntax checks and if all required data was | ||||
|       entered. No changes in the LDAP directory are done at this time.</para> | ||||
|     <para>When you upload the CSV file then LAM first does some checks on this | ||||
|     file. This includes syntax checks and if all required data was entered. No | ||||
|     changes in the LDAP directory are done at this time.</para> | ||||
| 
 | ||||
|       <para>If the checks were successful then LAM will ask again if you want | ||||
|       to create the accounts. You will also have the chance to check the | ||||
|       upload by viewing the changes in LDIF format.</para> | ||||
|     <para>If the checks were successful then LAM will ask again if you want to | ||||
|     create the accounts. You will also have the chance to check the upload by | ||||
|     viewing the changes in LDIF format.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/fileUpload2.png" /> | ||||
|           <imagedata fileref="images/fileUpload2.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -119,20 +121,19 @@ | |||
|   <section> | ||||
|     <title id="toolMultiEdit">Multi edit</title> | ||||
| 
 | ||||
|       <para>This tool allows you to modify a large list of LDAP entries in | ||||
|       batch mode. You can add new attributes/object classes, remove attributes | ||||
|       and set attributes to a specific value.</para> | ||||
|     <para>This tool allows you to modify a large list of LDAP entries in batch | ||||
|     mode. You can add new attributes/object classes, remove attributes and set | ||||
|     attributes to a specific value.</para> | ||||
| 
 | ||||
|     <para>At the beginning, you need to specify where the entries are stored | ||||
|       that should be changed. You can select an account suffix, the tree | ||||
|       suffix or enter your own DN by selecting "Other".</para> | ||||
|     that should be changed. You can select an account suffix, the tree suffix | ||||
|     or enter your own DN by selecting "Other".</para> | ||||
| 
 | ||||
|     <para>Next, enter an additional LDAP filter to limit the entries that | ||||
|     should be changed. E.g. use "(objectclass=inetOrgPerson)" to filter for | ||||
|     users. You may also enter e.g. "(!(objectClass=passwordSelfReset))" to | ||||
|     match all accounts that do not yet have the <link | ||||
|       linkend="passwordSelfResetUser">password self reset</link> | ||||
|       feature.</para> | ||||
|     linkend="passwordSelfResetUser">password self reset</link> feature.</para> | ||||
| 
 | ||||
|     <literallayout> | ||||
| </literallayout> | ||||
|  | @ -142,9 +143,8 @@ | |||
| 
 | ||||
|     <itemizedlist> | ||||
|       <listitem> | ||||
|           <para>Add: Adds an attribute value if not yet existing. Please do | ||||
|           not use for single-value attributes that already have a | ||||
|           value.</para> | ||||
|         <para>Add: Adds an attribute value if not yet existing. Please do not | ||||
|         use for single-value attributes that already have a value.</para> | ||||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|  | @ -154,20 +154,20 @@ | |||
|       </listitem> | ||||
| 
 | ||||
|       <listitem> | ||||
|           <para>Delete: Deletes the specified value from this attribute. If | ||||
|           you leave the value field blank then all attribute values are | ||||
|         <para>Delete: Deletes the specified value from this attribute. If you | ||||
|         leave the value field blank then all attribute values are | ||||
|         removed.</para> | ||||
|       </listitem> | ||||
|     </itemizedlist> | ||||
| 
 | ||||
|       <para>Please note that all actions are run as separate LDAP commands. | ||||
|       You cannot add an object class and a required attribute at the same | ||||
|     <para>Please note that all actions are run as separate LDAP commands. You | ||||
|     cannot add an object class and a required attribute at the same | ||||
|     time.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/multiEdit1.png" /> | ||||
|           <imagedata fileref="images/multiEdit1.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -175,34 +175,94 @@ | |||
|     <para><emphasis role="bold">Dry run</emphasis></para> | ||||
| 
 | ||||
|     <para>You should always start with a dry run. It will not do any changes | ||||
|       to your LDAP directory but print out all modifications that will be | ||||
|       done. You will also be able to download the changes in LDIF format to | ||||
|       use with ldapmodify. This is useful if you want to adjust some actions | ||||
|     to your LDAP directory but print out all modifications that will be done. | ||||
|     You will also be able to download the changes in LDIF format to use with | ||||
|     ldapmodify. This is useful if you want to adjust some actions | ||||
|     manually.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/multiEdit2.png" /> | ||||
|           <imagedata fileref="images/multiEdit2.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
| 
 | ||||
|     <para><emphasis role="bold">Apply changes</emphasis></para> | ||||
| 
 | ||||
|       <para>This will run the actions against your LDAP directory. You will | ||||
|       see which accounts are edited in the progress area and also if any | ||||
|       errors occured.</para> | ||||
|     <para>This will run the actions against your LDAP directory. You will see | ||||
|     which accounts are edited in the progress area and also if any errors | ||||
|     occurred.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/multiEdit3.png" /> | ||||
|           <imagedata fileref="images/multiEdit3.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|   </section> | ||||
| 
 | ||||
|   <section id="tool_importexport"> | ||||
|     <title>LDAP import/export</title> | ||||
| 
 | ||||
|     <para>Here you can import and export plain LDAP data. In contrast to <link | ||||
|     linkend="tool_upload">file upload</link> this operates on plain LDAP | ||||
|     attribute level.</para> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Import</title> | ||||
| 
 | ||||
|       <para>The LDAP import supports input data in <ulink | ||||
|       url="https://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format">LDIF</ulink> | ||||
|       format. You can provide plain text or upload an LDIF file.</para> | ||||
| 
 | ||||
|       <para>The "Don't stop on errors" option will cause the import to | ||||
|       continue even if entries could not be created.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/tool_import.png"/> | ||||
|       </screenshot> | ||||
|     </section> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Export</title> | ||||
| 
 | ||||
|       <para>Here you can export your plain LDAP data as LDIF or CSV | ||||
|       file.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <graphic fileref="images/tool_export.png"/> | ||||
|       </screenshot> | ||||
| 
 | ||||
|       <para>Base DN: this is the starting point of the export. Enter a DN or | ||||
|       press the magnifying glass icon to open the DN selection dialog.</para> | ||||
| 
 | ||||
|       <para>Search scope: You can export just the base DN, base DN + its | ||||
|       direct children or the whole subtree.</para> | ||||
| 
 | ||||
|       <para>Search filter: this can be used to filter the entries by | ||||
|       specifying a standard LDAP filter. The preselected filter | ||||
|       "(objectclass=*)" matches all entries.</para> | ||||
| 
 | ||||
|       <para>Attributes: the list of attributes that should be part of export. | ||||
|       "*" matches all standard attributes (excluding system | ||||
|       attributes).</para> | ||||
| 
 | ||||
|       <para>Include system attributes: this will also include system | ||||
|       attributes like the entry creation time and creator's DN.</para> | ||||
| 
 | ||||
|       <para>Save as file: will save to file instead of printing the data on | ||||
|       the web page.</para> | ||||
| 
 | ||||
|       <para>Export format: you can select LDIF or CSV (e.g. for usage in | ||||
|       spreadsheet applications).</para> | ||||
| 
 | ||||
|       <para>End of line: use the one appropriate for your operating | ||||
|       system.</para> | ||||
|     </section> | ||||
|   </section> | ||||
| 
 | ||||
|   <section> | ||||
|     <title>OU editor</title> | ||||
| 
 | ||||
|  | @ -212,7 +272,7 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/ouEditor.png" /> | ||||
|           <imagedata fileref="images/ouEditor.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -228,20 +288,20 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/pdfEditor2.png" /> | ||||
|           <imagedata fileref="images/pdfEditor2.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
| 
 | ||||
|     <para>When you export accounts to PDF then each account will get its own | ||||
|       page inside the PDF. There is a headline on each page where you can show | ||||
|       a page title. You may also add a logo to each page. To add more logos | ||||
|       please use the logo management on the PDF editor main page.</para> | ||||
|     page inside the PDF. There is a headline on each page where you can show a | ||||
|     page title. You may also add a logo to each page. To add more logos please | ||||
|     use the logo management on the PDF editor main page.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/pdfEditor.png" /> | ||||
|           <imagedata fileref="images/pdfEditor.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -252,8 +312,8 @@ | |||
|     can be moved by using the arrows next to the section title.</para> | ||||
| 
 | ||||
|     <para>Each section can contain multiple fields which usually represent | ||||
|       LDAP attributes. You can simply add new fields by selecting the field | ||||
|       name and its position. Then use the arrows to move the field inside the | ||||
|     LDAP attributes. You can simply add new fields by selecting the field name | ||||
|     and its position. Then use the arrows to move the field inside the | ||||
|     section.</para> | ||||
| 
 | ||||
|     <literallayout> | ||||
|  | @ -267,7 +327,7 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/pdfEditor3.png" /> | ||||
|           <imagedata fileref="images/pdfEditor3.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -275,24 +335,24 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/pdfEditor4.png" /> | ||||
|           <imagedata fileref="images/pdfEditor4.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
| 
 | ||||
|       <para>There is a special export target called "*Global templates". All | ||||
|       PDF structures exported here will be copied to all other server profiles | ||||
|     <para>There is a special export target called "*Global templates". All PDF | ||||
|     structures exported here will be copied to all other server profiles | ||||
|     (incl. new ones). But existing PDF structures with the same name are not | ||||
|       overwritten. So a PDF structure in global templates is treated as | ||||
|       default structure for all server profiles.</para> | ||||
|     overwritten. So a PDF structure in global templates is treated as default | ||||
|     structure for all server profiles.</para> | ||||
| 
 | ||||
|       <para>Use this if you would like to setup default PDF structures that | ||||
|       are valid for all server profiles.</para> | ||||
|     <para>Use this if you would like to setup default PDF structures that are | ||||
|     valid for all server profiles.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/pdfEditor5.png" /> | ||||
|           <imagedata fileref="images/pdfEditor5.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -300,13 +360,12 @@ | |||
|     <para><emphasis role="bold">Logo management:</emphasis></para> | ||||
| 
 | ||||
|     <para>You can upload image files to put a custom logo on the PDF files. | ||||
|       The image file name must end with .png or .jpg and the size must not | ||||
|       exceed 2000x300px.</para> | ||||
|     The image file name must end with .png or .jpg.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/pdfEditor6.png" /> | ||||
|           <imagedata fileref="images/pdfEditor6.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -323,7 +382,7 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/schemaBrowser.png" /> | ||||
|           <imagedata fileref="images/schemaBrowser.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|  | @ -334,8 +393,8 @@ | |||
| 
 | ||||
|     <para>This shows information and statistics about your LDAP server. This | ||||
|     includes the suffixes, used overlays, connection data and operation | ||||
|       statistics. You will need "cn=monitor" setup to see all details. Some | ||||
|       data may not be available depending on your LDAP server software.</para> | ||||
|     statistics. You will need "cn=monitor" setup to see all details. Some data | ||||
|     may not be available depending on your LDAP server software.</para> | ||||
| 
 | ||||
|     <para>Please see the following links how to setup "cn=monitor":</para> | ||||
| 
 | ||||
|  | @ -355,17 +414,34 @@ | |||
|     <screenshot> | ||||
|       <mediaobject> | ||||
|         <imageobject> | ||||
|             <imagedata fileref="images/serverInfo.png" /> | ||||
|           <imagedata fileref="images/serverInfo.png"/> | ||||
|         </imageobject> | ||||
|       </mediaobject> | ||||
|     </screenshot> | ||||
|   </section> | ||||
| 
 | ||||
|   <section> | ||||
|     <title id="tool_webauthn">Webauthn devices</title> | ||||
| 
 | ||||
|     <para>See the <link linkend="a_webauthn">Webauthn/FIDO2 appendix</link> | ||||
|     for an overview about Webauthn/FIDO2 in LAM.</para> | ||||
| 
 | ||||
|     <para>Here you can manage your webauthn/FIDO2 devices.</para> | ||||
| 
 | ||||
|     <para>You can register additional security devices and remove old ones. If | ||||
|     no more device is registered then LAM will ask you for registration on | ||||
|     next login.</para> | ||||
| 
 | ||||
|     <screenshot> | ||||
|       <graphic fileref="images/tool_webauthn1.png"/> | ||||
|     </screenshot> | ||||
|   </section> | ||||
| 
 | ||||
|   <section> | ||||
|     <title>Tests</title> | ||||
| 
 | ||||
|       <para>This allows you to check if your LDAP schema is compatible with | ||||
|       LAM and to find possible problems.</para> | ||||
|     <para>This allows you to check if your LDAP schema is compatible with LAM | ||||
|     and to find possible problems.</para> | ||||
| 
 | ||||
|     <section> | ||||
|       <title>Lamdaemon test</title> | ||||
|  | @ -381,7 +457,7 @@ | |||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|               <imagedata fileref="images/lamdaemonTest.png" /> | ||||
|             <imagedata fileref="images/lamdaemonTest.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
|  | @ -390,21 +466,21 @@ | |||
|     <section> | ||||
|       <title>Schema test</title> | ||||
| 
 | ||||
|         <para>This will test if your LDAP schema supports all object classes | ||||
|         and attributes of the active LAM modules. If you get a message that | ||||
|       <para>This will test if your LDAP schema supports all object classes and | ||||
|       attributes of the active LAM modules. If you get a message that | ||||
|       something is missing please check that you installed all <link | ||||
|       linkend="a_schema">required schemas</link>.</para> | ||||
| 
 | ||||
|         <para>If you get error messages about object class violations then | ||||
|         this test can tell you what is missing.</para> | ||||
|       <para>If you get error messages about object class violations then this | ||||
|       test can tell you what is missing.</para> | ||||
| 
 | ||||
|       <screenshot> | ||||
|         <mediaobject> | ||||
|           <imageobject> | ||||
|               <imagedata fileref="images/schemaTest.png" /> | ||||
|             <imagedata fileref="images/schemaTest.png"/> | ||||
|           </imageobject> | ||||
|         </mediaobject> | ||||
|       </screenshot> | ||||
|     </section> | ||||
|   </section> | ||||
|   </chapter> | ||||
| </chapter> | ||||
|  |  | |||
|  | @ -15,7 +15,6 @@ | |||
| <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-schema.xml"/> | ||||
| <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-security.xml"/> | ||||
| <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-ldapConfig.xml"/> | ||||
| <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-email.xml"/> | ||||
| <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-lamdaemon.xml"/> | ||||
| <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-selfResetSchema.xml"/> | ||||
| <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-design.xml"/> | ||||
|  |  | |||
| Before Width: | Height: | Size: 33 KiB After Width: | Height: | Size: 72 KiB | 
| After Width: | Height: | Size: 16 KiB | 
| After Width: | Height: | Size: 32 KiB | 
| Before Width: | Height: | Size: 4.5 KiB After Width: | Height: | Size: 16 KiB | 
| Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 70 KiB | 
| After Width: | Height: | Size: 35 KiB | 
| Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 43 KiB | 
| Before Width: | Height: | Size: 39 KiB After Width: | Height: | Size: 78 KiB | 
| Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 59 KiB | 
| After Width: | Height: | Size: 30 KiB | 
| After Width: | Height: | Size: 30 KiB | 
| After Width: | Height: | Size: 56 KiB | 
| After Width: | Height: | Size: 33 KiB | 
| After Width: | Height: | Size: 70 KiB | 
| After Width: | Height: | Size: 47 KiB | 
| After Width: | Height: | Size: 39 KiB | 
| After Width: | Height: | Size: 80 KiB | 
| After Width: | Height: | Size: 156 KiB | 
| After Width: | Height: | Size: 60 KiB | 
| After Width: | Height: | Size: 52 KiB | 
| After Width: | Height: | Size: 51 KiB | 
| After Width: | Height: | Size: 53 KiB | 
| After Width: | Height: | Size: 45 KiB | 
| After Width: | Height: | Size: 17 KiB | 
| After Width: | Height: | Size: 43 KiB | 
| After Width: | Height: | Size: 37 KiB | 
| After Width: | Height: | Size: 25 KiB | 
| After Width: | Height: | Size: 45 KiB | 
| After Width: | Height: | Size: 44 KiB | 
| Before Width: | Height: | Size: 68 KiB After Width: | Height: | Size: 39 KiB | 
| Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 22 KiB | 
| Before Width: | Height: | Size: 48 KiB After Width: | Height: | Size: 36 KiB | 
| After Width: | Height: | Size: 46 KiB | 
| Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 95 KiB | 
| After Width: | Height: | Size: 45 KiB | 
| After Width: | Height: | Size: 18 KiB | 
| After Width: | Height: | Size: 27 KiB | 
| After Width: | Height: | Size: 7.2 KiB | 
| After Width: | Height: | Size: 8.6 KiB |