Compare commits
729 Commits
lam_6_5_RC
...
develop
Author | SHA1 | Date |
---|---|---|
Roland Gruber | 72ef7f1ac5 | |
Roland Gruber | 4f8b1e81ea | |
Roland Gruber | c5b6c8132c | |
Roland Gruber | 6c306bcb9e | |
Roland Gruber | 3c7fdca8eb | |
Roland Gruber | d0b18ad8b5 | |
Roland Gruber | 4455a5a15d | |
Roland Gruber | 598fa546a9 | |
Roland Gruber | df0e02da9f | |
Roland Gruber | 2ee58dd737 | |
Roland Gruber | 8375f9e0d0 | |
Roland Gruber | ad23fd0fc2 | |
Roland Gruber | 5972e94fdb | |
gruberroland | 9a9bb3dce7 | |
Roland Gruber | bfa22c6aa3 | |
Roland Gruber | 09989ee804 | |
Roland Gruber | 08a65e2608 | |
gruberroland | 3368b4ab10 | |
Roland Gruber | b3905d73ca | |
Roland Gruber | e5344b0568 | |
Roland Gruber | b00fd8d83e | |
Roland Gruber | 018513ac95 | |
Roland Gruber | 75120fc25d | |
Roland Gruber | 3ad5dcf65a | |
Roland Gruber | 6768c7e7ef | |
Roland Gruber | 1dd0f64f5b | |
Roland Gruber | cb58a27972 | |
Roland Gruber | 9394eeeabd | |
Roland Gruber | ffb3ed9357 | |
Roland Gruber | 4158ebb91d | |
Roland Gruber | 2698995cc2 | |
Roland Gruber | 840289e360 | |
Roland Gruber | 60109eb47c | |
Roland Gruber | e070accf18 | |
Roland Gruber | 21e7e4a95d | |
Roland Gruber | 5e770d8920 | |
Roland Gruber | e03cd1f57c | |
Roland Gruber | d32d8d3a0d | |
Roland Gruber | 1523f0ee8f | |
Roland Gruber | bc277e4c0a | |
Roland Gruber | f75f813a9a | |
Roland Gruber | 87986e93cc | |
Roland Gruber | 780daded11 | |
Roland Gruber | 38cbfb9dab | |
Roland Gruber | 60199a41b5 | |
Roland Gruber | aed8ce867c | |
Roland Gruber | 30909b385a | |
gruberroland | 55ccddbf1e | |
Roland Gruber | ee75385e7d | |
gruberroland | 9ec8d2ce57 | |
Roland Gruber | 605713a181 | |
Roland Gruber | fd8e7c1de3 | |
Roland Gruber | bdd3dd39b9 | |
Roland Gruber | 4d0a6d92e7 | |
Roland Gruber | e58459d351 | |
Roland Gruber | 316c979ef2 | |
Roland Gruber | 3bd507a47d | |
Roland Gruber | 01844a0d05 | |
Roland Gruber | 57dcbd880d | |
Roland Gruber | 12581a5dc0 | |
Roland Gruber | 2fcabf0c07 | |
Roland Gruber | db523af70f | |
Roland Gruber | 69796a98f3 | |
gruberroland | 82905cb4e5 | |
Steffen Moser | 6f88ec8d9d | |
Roland Gruber | 75fd361116 | |
Roland Gruber | f36446fe43 | |
gruberroland | 1196c56287 | |
gruberroland | 48ace3c3f9 | |
Roland Gruber | 5a09f8159f | |
Roland Gruber | 6ade23ce65 | |
Roland Gruber | 03f6fd858b | |
Roland Gruber | f23d2a4455 | |
Roland Gruber | f091b653b8 | |
Roland Gruber | aa43b4721b | |
Roland Gruber | 7bd799bee3 | |
gruberroland | 3ba7fa18bd | |
Roland Gruber | 2e61e2dca9 | |
Roland Gruber | 71af42442b | |
Roland Gruber | 3018a887c0 | |
Roland Gruber | aaddb6eead | |
Roland Gruber | 95bdb04949 | |
Roland Gruber | 93a7ffdd65 | |
Roland Gruber | ed28d3b8e7 | |
gruberroland | 3c305f26fa | |
Patrick Baumgartner | ecdd23e843 | |
Patrick Baumgartner | 1081b51fe9 | |
Patrick Baumgartner | b91333ff12 | |
Roland Gruber | 2e5419b3ac | |
Roland Gruber | 9198187a26 | |
Roland Gruber | 32b5a14226 | |
Roland Gruber | 5151d96592 | |
Roland Gruber | 0a72bc9635 | |
Roland Gruber | 6fc259d718 | |
Roland Gruber | 40fd19e3bf | |
Roland Gruber | 9b4261ca36 | |
Roland Gruber | 2db6bf23eb | |
Roland Gruber | ffd74d88e4 | |
Roland Gruber | a246fde0e2 | |
Roland Gruber | 665ca9daad | |
Roland Gruber | 81587a9b00 | |
Roland Gruber | 9c6e30a03b | |
Roland Gruber | c9d32bf2de | |
Roland Gruber | a6b39d522f | |
Roland Gruber | 8e9700d230 | |
Roland Gruber | e44f3d3243 | |
Roland Gruber | 8743285719 | |
Roland Gruber | 7fcc2cf38d | |
Roland Gruber | 1d107c4a24 | |
Roland Gruber | ec2a017fc7 | |
Roland Gruber | a724638886 | |
Roland Gruber | acbdec11dd | |
Roland Gruber | 8d50dd59b0 | |
Roland Gruber | ea72ab63a9 | |
Roland Gruber | d0e88cf80b | |
Roland Gruber | 2331e42e34 | |
Roland Gruber | df189f69e7 | |
Roland Gruber | 5b17baa628 | |
Roland Gruber | 5a40e6fed1 | |
Roland Gruber | d980ffc1a5 | |
Roland Gruber | 56d51c8e8c | |
Roland Gruber | a52393dc79 | |
Roland Gruber | 58882affa7 | |
Roland Gruber | 8b38839dae | |
Roland Gruber | 24a6e14251 | |
Roland Gruber | 9936c834db | |
Roland Gruber | e8d421ae04 | |
Roland Gruber | 00c5a014b4 | |
Roland Gruber | 38293656b6 | |
Roland Gruber | 9ed53f51de | |
Roland Gruber | f0f81c085b | |
Roland Gruber | 8af2132926 | |
Roland Gruber | 541684d49f | |
Roland Gruber | 07f5ae2d7a | |
Roland Gruber | b65125beaf | |
Roland Gruber | c9990fa189 | |
gruberroland | 18e1e5e3c1 | |
Roland Gruber | 6f5a8cb0cd | |
gruberroland | 9cf564e500 | |
Roland Gruber | e9eca9ab74 | |
Roland Gruber | ffb8fca488 | |
Roland Gruber | 365389cd0b | |
Roland Gruber | 0609c748ea | |
Roland Gruber | 394cbedb2a | |
Roland Gruber | 028f8adcfd | |
Roland Gruber | 56eb28c2ba | |
Roland Gruber | 468a95e434 | |
Roland Gruber | b12ba2369e | |
Roland Gruber | 726f1e13b4 | |
gruberroland | 802b16797a | |
Roland Gruber | a07c0013ae | |
Roland Gruber | bd7d32d2d0 | |
gruberroland | 824ec1917a | |
Roland Gruber | c192886117 | |
Roland Gruber | bf52e55f5f | |
Roland Gruber | 4a5ef05f38 | |
Roland Gruber | 54f6c82cee | |
Roland Gruber | b6425b9abd | |
Roland Gruber | 96c4b49f06 | |
Roland Gruber | 04065ccf58 | |
Roland Gruber | 0647faf744 | |
Roland Gruber | 012e2b450f | |
Roland Gruber | 2904f178a0 | |
Roland Gruber | 6d5971d716 | |
Roland Gruber | 50596a358e | |
Roland Gruber | 0f40ba18c0 | |
Roland Gruber | 44dff694c4 | |
Roland Gruber | e386b9dad4 | |
Roland Gruber | b4007b5d8e | |
Roland Gruber | 0230241b15 | |
Roland Gruber | 51ed41f4fa | |
Roland Gruber | 8894146c06 | |
Roland Gruber | 2495dae78a | |
Roland Gruber | ad2bce6a6a | |
Roland Gruber | 5b14134108 | |
Roland Gruber | 45b4bdb7d5 | |
Roland Gruber | b7ab251f6c | |
Roland Gruber | 041a8eb833 | |
Roland Gruber | eae8f36dab | |
Roland Gruber | 799d9b24fc | |
Roland Gruber | f3747d176e | |
Roland Gruber | cb5291cb1a | |
Roland Gruber | 5f09fe6ebe | |
Roland Gruber | 110d693aaf | |
Roland Gruber | 8eb07c27f4 | |
Roland Gruber | 4090fff0f3 | |
Roland Gruber | 0610004c7d | |
Roland Gruber | cc5fab6e5a | |
Roland Gruber | aec46823ba | |
Roland Gruber | 74d8210b01 | |
Roland Gruber | 5153f6ea17 | |
Roland Gruber | 098c28339a | |
Roland Gruber | 45cbadd56c | |
Roland Gruber | a98fe5786a | |
Roland Gruber | afdfa543d6 | |
gruberroland | e923a03979 | |
Roland Gruber | 0f8fb1e146 | |
Roland Gruber | 59e9635e90 | |
Roland Gruber | c0e1e026d8 | |
Roland Gruber | bd3777f764 | |
Roland Gruber | 362014ddf6 | |
Roland Gruber | aa0228c34c | |
Roland Gruber | 3f06070b89 | |
Roland Gruber | 3d409d6e48 | |
Roland Gruber | fdb6aaa809 | |
Roland Gruber | 7981f59b0e | |
Roland Gruber | 2fbac1d9f0 | |
Roland Gruber | 29f41b8774 | |
gruberroland | 64b41eb8e1 | |
Roland Gruber | 2b83758564 | |
Roland Gruber | b15b94cb29 | |
lasat | 4d3af3daaa | |
Roland Gruber | c468ba6479 | |
Roland Gruber | daa2fec5c7 | |
Roland Gruber | e28efcfd21 | |
Roland Gruber | 3dc40d1f99 | |
Roland Gruber | c8d1e5ab82 | |
Roland Gruber | 981b0320f9 | |
Roland Gruber | 1e4ff3ce11 | |
Roland Gruber | 9316803fc6 | |
Roland Gruber | 7aa038a710 | |
Roland Gruber | c1d09bba09 | |
Roland Gruber | 4131d5fe6c | |
Roland Gruber | 60b3ffb9ca | |
Roland Gruber | 02770b7759 | |
Roland Gruber | 9a855266ab | |
Roland Gruber | 1440bf22d6 | |
Roland Gruber | 7d1c2afd21 | |
Roland Gruber | d9fd4b36e2 | |
gruberroland | 7b222d9edb | |
Roland Gruber | 0c65e5bedb | |
Roland Gruber | 8ee96c56d2 | |
Roland Gruber | c1e6b61ecd | |
Roland Gruber | f1db477fda | |
Roland Gruber | 691055b83e | |
Roland Gruber | 286e447553 | |
Roland Gruber | 4e329f1f55 | |
Roland Gruber | 3ac7ae668b | |
Roland Gruber | c29be12a9e | |
Roland Gruber | 0990d61507 | |
Roland Gruber | 8a014f3a8a | |
Roland Gruber | 9e1e0634e6 | |
Roland Gruber | 03ced7c697 | |
Roland Gruber | 3299d48e95 | |
Roland Gruber | 7df361d6d0 | |
Roland Gruber | 38addc429c | |
Roland Gruber | ef9b3dd64e | |
Roland Gruber | f97359f466 | |
Roland Gruber | 9d9c37a44a | |
Roland Gruber | 91e98b6926 | |
Roland Gruber | 7514ec6b84 | |
Roland Gruber | 68f6f3eafe | |
Roland Gruber | 7a096cfc94 | |
Roland Gruber | 06d19858e3 | |
Roland Gruber | 6f28f17e41 | |
Roland Gruber | 3e20940d34 | |
Roland Gruber | 3ffefbd821 | |
Roland Gruber | 4e892e2171 | |
Roland Gruber | eae502c629 | |
Roland Gruber | de19770211 | |
Roland Gruber | 27a4234634 | |
Roland Gruber | 0e835e3003 | |
Roland Gruber | 0ed0d17676 | |
Roland Gruber | 934f3be4a1 | |
Roland Gruber | 1851f02832 | |
Roland Gruber | 9136d79751 | |
Roland Gruber | 10f6897e7e | |
Roland Gruber | 54d4bd40c9 | |
Roland Gruber | 65a10ef62c | |
Roland Gruber | 8abd515ac6 | |
Roland Gruber | 1d4bdd7156 | |
Roland Gruber | c6bb9d5b22 | |
Roland Gruber | 023d5c833c | |
Roland Gruber | c2a8501cac | |
Roland Gruber | dbc096f7af | |
Roland Gruber | 9208cb2349 | |
Roland Gruber | 9086f5847e | |
Roland Gruber | 6469d8fb4c | |
Roland Gruber | b985110def | |
Roland Gruber | 80c97d49c6 | |
Roland Gruber | 7e3635a3c2 | |
Roland Gruber | e20689dfe6 | |
Roland Gruber | 49c088915f | |
gruberroland | 1bc26a314e | |
Roland Gruber | 7734b33e26 | |
Roland Gruber | 3054f38d7c | |
Roland Gruber | 3d7e2e9c47 | |
gruberroland | c170a0954c | |
Roland Gruber | 22d15581a9 | |
Roland Gruber | 8e9641fad3 | |
Roland Gruber | 596b5bb1f8 | |
Roland Gruber | 0723b5f6bb | |
Roland Gruber | a8738a5e53 | |
Roland Gruber | 2aabad9a3d | |
Roland Gruber | 0f13e3c8ba | |
Roland Gruber | 0a30964011 | |
Roland Gruber | 18eb9ed216 | |
Roland Gruber | 84d20e204a | |
Roland Gruber | c71b01a73e | |
Roland Gruber | 41b4869052 | |
Roland Gruber | e4363b83c4 | |
Roland Gruber | 2d90e73b2f | |
Roland Gruber | 4d5d93c62b | |
Roland Gruber | 58e15da1a8 | |
Roland Gruber | 1535bf4da6 | |
Roland Gruber | 9637c2dff6 | |
Roland Gruber | e329c28c3e | |
Roland Gruber | db48e32dc6 | |
Roland Gruber | 38045cbac1 | |
Roland Gruber | deca797a80 | |
Roland Gruber | 4cb095f0f7 | |
Roland Gruber | a5036782bd | |
Roland Gruber | ffd47f8ca5 | |
Roland Gruber | 62dcd743fb | |
Roland Gruber | e471b5586d | |
Roland Gruber | df09375be3 | |
gruberroland | 1dac968a02 | |
Roland Gruber | 3719e55105 | |
Roland Gruber | 61025edd68 | |
Roland Gruber | 128dc774fb | |
Roland Gruber | b65623742d | |
Roland Gruber | 6395756ceb | |
Felix Bartels | 75cfafebc9 | |
Roland Gruber | 65412574a0 | |
gruberroland | 690ba0407d | |
Roland Gruber | 42fb854601 | |
Roland Gruber | b0d786c86e | |
Roland Gruber | d991ec578c | |
Roland Gruber | 83a0ff71c9 | |
Roland Gruber | 714dbaa0fd | |
Roland Gruber | a3f0c07096 | |
Roland Gruber | 5a12fc7a2e | |
Roland Gruber | e3b0d10bf8 | |
Roland Gruber | eddbc27d3d | |
Roland Gruber | c05d07d8f5 | |
Roland Gruber | 50102f2c3f | |
Roland Gruber | 00a299e80f | |
Roland Gruber | dbb2e8aa37 | |
Roland Gruber | 3169c85802 | |
Roland Gruber | 75ce322789 | |
Roland Gruber | cbff63567c | |
Roland Gruber | 622a72ef18 | |
Roland Gruber | 22b4da76e9 | |
Roland Gruber | 6039d77a7d | |
Roland Gruber | 58828c9836 | |
Roland Gruber | 3c5ef4eb30 | |
gruberroland | 51e9c29973 | |
Roland Gruber | b91b28d013 | |
Roland Gruber | 1c5c760f6e | |
Roland Gruber | 20c1ea8991 | |
gruberroland | f21f8ee423 | |
Roland Gruber | 624c94bff0 | |
Roland Gruber | eef69a7a35 | |
Roland Gruber | 04c00f0850 | |
Roland Gruber | 7334947d54 | |
gruberroland | 21e50208ed | |
Roland Gruber | d074e2377d | |
Roland Gruber | 162ed79946 | |
Roland Gruber | d2a07f697c | |
Roland Gruber | 4128f703aa | |
Roland Gruber | de988316a5 | |
Roland Gruber | cc3e8057d8 | |
Roland Gruber | dc94c51cda | |
Roland Gruber | 8426cc6ccd | |
Roland Gruber | b5e163cfc3 | |
Roland Gruber | ff8fd47bed | |
Roland Gruber | 0240dec74e | |
Roland Gruber | d5b779c5e1 | |
Roland Gruber | 6052047b52 | |
Roland Gruber | ac56e61a0f | |
Roland Gruber | 9530f704e2 | |
Roland Gruber | 461a9819c7 | |
Roland Gruber | 5a2fa00b37 | |
Roland Gruber | e2b92878fa | |
Roland Gruber | b327e72a46 | |
Roland Gruber | af9f714ffb | |
Roland Gruber | 426e1cf80f | |
Roland Gruber | 969d681104 | |
Roland Gruber | 0eff6e7065 | |
Roland Gruber | 807925d9a7 | |
Roland Gruber | 302acfa2d9 | |
Roland Gruber | 3ad1b5c20a | |
Roland Gruber | 728e3cacc3 | |
Roland Gruber | a1da6a897d | |
Roland Gruber | cb699635c5 | |
Roland Gruber | a9c0833250 | |
Roland Gruber | 7add41b48e | |
Roland Gruber | 2bc62a34cf | |
Roland Gruber | 6298546620 | |
Roland Gruber | fa3baf8f86 | |
Roland Gruber | 45e0968059 | |
Roland Gruber | fa6a40a7a0 | |
Roland Gruber | f646e1e8ff | |
Roland Gruber | a8eb89aaf2 | |
Roland Gruber | 533ea1645f | |
Roland Gruber | 482226a955 | |
Roland Gruber | 51eaeed060 | |
Roland Gruber | 44fc341de9 | |
Roland Gruber | caf809c87e | |
Roland Gruber | 967ff33b34 | |
Roland Gruber | 065232505e | |
Roland Gruber | b21b3657fb | |
Roland Gruber | 9db074c1e7 | |
Roland Gruber | cfcb1efd8f | |
Roland Gruber | 60c3053901 | |
Roland Gruber | ab3d13cf28 | |
Roland Gruber | d73ffee957 | |
Roland Gruber | c7c1d030e3 | |
Roland Gruber | 156252ef7f | |
Roland Gruber | 3c4e558e6c | |
Roland Gruber | 1b31c893fd | |
Roland Gruber | 4c05994a6f | |
Roland Gruber | 92110ed8da | |
Roland Gruber | 5668f5f634 | |
Roland Gruber | 99c4130435 | |
Roland Gruber | 8c7d06e4ae | |
Roland Gruber | 493150ab6f | |
Roland Gruber | 9fa374e2b4 | |
Roland Gruber | e63900b566 | |
Roland Gruber | 47c55d76c5 | |
Roland Gruber | fa259a2168 | |
Roland Gruber | 6815777b8c | |
Roland Gruber | 4084972bd2 | |
Roland Gruber | 46cfdb821c | |
Roland Gruber | 368a3988dc | |
Roland Gruber | 1acf7c95e4 | |
Roland Gruber | 17ac43d503 | |
Roland Gruber | 39f363ba83 | |
Roland Gruber | 49ae8b49b6 | |
Roland Gruber | 43326b515f | |
Roland Gruber | 1783f6f9b6 | |
Roland Gruber | 1d994cc5b8 | |
Roland Gruber | 8df75742d2 | |
Roland Gruber | edf2f61df4 | |
Roland Gruber | f88b5ee74f | |
Roland Gruber | febba5803a | |
Roland Gruber | bb32bb6424 | |
Roland Gruber | 4a373743af | |
Roland Gruber | f77adfe858 | |
Roland Gruber | 71283f3b53 | |
Roland Gruber | 9cae521150 | |
gruberroland | a7f2f753c5 | |
Roland Gruber | 095e728104 | |
Roland Gruber | bf777b2e99 | |
Roland Gruber | edb50f4d4b | |
Roland Gruber | 5f15b2fae2 | |
Roland Gruber | 9781e951a6 | |
gruberroland | 02d100b5f0 | |
Roland Gruber | 5d87fd7037 | |
Roland Gruber | e0a82bc70d | |
Roland Gruber | 6d392e51ee | |
Roland Gruber | 34431b286d | |
Roland Gruber | fa7c9699db | |
Roland Gruber | 778fde3357 | |
Roland Gruber | 29a7b0c3e0 | |
Roland Gruber | f8cfcf9f34 | |
Roland Gruber | 2bb7470fa2 | |
Roland Gruber | 3cabf78630 | |
Roland Gruber | 877d35362b | |
Roland Gruber | 2ade724c40 | |
Roland Gruber | b831414ca4 | |
Roland Gruber | 03caa12d31 | |
Roland Gruber | f6d80e3abd | |
Roland Gruber | 85ebe6ff04 | |
Roland Gruber | 14f6ecd91b | |
Roland Gruber | 259fff76af | |
gruberroland | 7ebfa14029 | |
Roland Gruber | f3516ba92d | |
Roland Gruber | 6086765d16 | |
Roland Gruber | 8fa29aa1d0 | |
Roland Gruber | 1e54f0fb08 | |
Roland Gruber | ddb8402b0a | |
Roland Gruber | 105cbd7403 | |
Roland Gruber | 0faebfe928 | |
Roland Gruber | b25ad345d7 | |
Roland Gruber | 3ba7a75d0c | |
Roland Gruber | f285f83c3e | |
Roland Gruber | ef0673decd | |
Roland Gruber | 929b37ce40 | |
Roland Gruber | 94ee2317a6 | |
Roland Gruber | 51e0c41fae | |
gruberroland | 2993588a2a | |
Roland Gruber | 86e37191fa | |
Roland Gruber | 49423d778c | |
Roland Gruber | 213807efc6 | |
Roland Gruber | d0dadf2949 | |
Roland Gruber | 5a9c4660e1 | |
Roland Gruber | 5989df4a43 | |
Roland Gruber | 6c47d1528a | |
Roland Gruber | e5484ee833 | |
Roland Gruber | 8186aed796 | |
Roland Gruber | 89aa75c61a | |
Roland Gruber | a20cc2652a | |
Roland Gruber | c79170a34f | |
Roland Gruber | ae511610ec | |
Roland Gruber | b1f85eb050 | |
Roland Gruber | 1f20b1d48e | |
Roland Gruber | bd28b7160f | |
Roland Gruber | 0879961b61 | |
Roland Gruber | c3a7fac3f3 | |
Roland Gruber | a69ab717bd | |
Roland Gruber | 2938be9308 | |
Roland Gruber | 3b35aa29da | |
Roland Gruber | 54b68e7765 | |
Roland Gruber | 99da1f05e6 | |
Roland Gruber | 2924e3e652 | |
Roland Gruber | de2ff0afa2 | |
Roland Gruber | f8a91f3f4f | |
Roland Gruber | 9bac92a4a5 | |
Roland Gruber | 415d3c11b8 | |
Roland Gruber | 04bd9acc37 | |
Roland Gruber | 3d0a53cb07 | |
Roland Gruber | c253c67af5 | |
Roland Gruber | 25539ee021 | |
Roland Gruber | 9c4d068592 | |
Roland Gruber | 63e3adf89f | |
Roland Gruber | 03108cc055 | |
Roland Gruber | 050519215f | |
Roland Gruber | 788a10d293 | |
Roland Gruber | f85d64aaa4 | |
Roland Gruber | 9ba767eb30 | |
Roland Gruber | e38c184cd7 | |
Roland Gruber | b4ddddee58 | |
Roland Gruber | 01f037c5fc | |
Roland Gruber | a15a3ea233 | |
Roland Gruber | 534afc281b | |
Roland Gruber | f91d29bb58 | |
Roland Gruber | 0ff0131dc8 | |
Roland Gruber | a5a7a66e2a | |
Roland Gruber | 68e3b3f076 | |
Roland Gruber | 4f04dcb48e | |
Roland Gruber | 19ea7dd3dd | |
Roland Gruber | 2ac5b95e63 | |
Roland Gruber | 7564ba33f4 | |
Roland Gruber | e10416f588 | |
Roland Gruber | 87921f07c7 | |
Roland Gruber | a93bcf830f | |
gruberroland | b2d1f5de58 | |
Daniel Hoffend | 8da632d4a0 | |
Roland Gruber | cc90b307b0 | |
Roland Gruber | 39f0730434 | |
Roland Gruber | 82201ec448 | |
Roland Gruber | 12d5ac115a | |
Roland Gruber | dd2fb80375 | |
Roland Gruber | 8af9661254 | |
Roland Gruber | 5a6506cf6d | |
Roland Gruber | da4788b3cc | |
Roland Gruber | ad41a10036 | |
Roland Gruber | ab12d24703 | |
Roland Gruber | 1eac04648a | |
Roland Gruber | 3d1ce91759 | |
gruberroland | 3587661a9d | |
Roland Gruber | 7c87eb0324 | |
Roland Gruber | dfc8e5e5d3 | |
Roland Gruber | fb78790a39 | |
Roland Gruber | 575b700604 | |
Roland Gruber | ffe2316003 | |
Roland Gruber | 4949b1b70a | |
Roland Gruber | 34ffbb4f36 | |
Roland Gruber | 5f32b829b6 | |
Roland Gruber | 8ac696ed22 | |
Roland Gruber | 1c708bb816 | |
Roland Gruber | 716d119d34 | |
Roland Gruber | 1bd598b0c3 | |
Roland Gruber | 77e7c77e20 | |
Roland Gruber | ec19de29c0 | |
gruberroland | b00282afb0 | |
Christian M | f0e69fa6a3 | |
Roland Gruber | d15cde2507 | |
Roland Gruber | b3d5b641f6 | |
Roland Gruber | db0150b0f6 | |
Roland Gruber | 992814d1c6 | |
Roland Gruber | 3b6dd49278 | |
Roland Gruber | 189cabf5f4 | |
Roland Gruber | ac936dd34a | |
Roland Gruber | 7403a95104 | |
Roland Gruber | 8f14cab65e | |
Roland Gruber | 104bfb0682 | |
Roland Gruber | 20f617ebdf | |
Roland Gruber | 18547baad2 | |
gruberroland | 5682245739 | |
Roland Gruber | e43d520e52 | |
Roland Gruber | 8c4612c2ff | |
Roland Gruber | d0a97c47a9 | |
Roland Gruber | 89ab8d0f1f | |
Roland Gruber | 4fea8155c8 | |
Roland Gruber | 098618704a | |
Roland Gruber | fc24f4a2aa | |
Roland Gruber | a55c337efd | |
Roland Gruber | a206e9fefe | |
Roland Gruber | f0086e725b | |
Roland Gruber | cf25c31a37 | |
Roland Gruber | 87e47ae9b1 | |
Roland Gruber | aa8fdf5369 | |
Roland Gruber | 6af8cf3dc3 | |
Roland Gruber | bc3152c03a | |
Roland Gruber | 5e4c692f6f | |
Roland Gruber | 57d5e1ce3f | |
Roland Gruber | 2ce96573c0 | |
Roland Gruber | 727390064f | |
Roland Gruber | e8c0fb9371 | |
Roland Gruber | fbb7749425 | |
Roland Gruber | ffcf1c82df | |
Roland Gruber | 36782d1a1a | |
Roland Gruber | d35aa31a8f | |
Roland Gruber | e14b199feb | |
Roland Gruber | cbb94aecc4 | |
Roland Gruber | 53d1d1d865 | |
Roland Gruber | 5b4c9b8c38 | |
Roland Gruber | efdaa29136 | |
Roland Gruber | 4e7c972187 | |
Roland Gruber | 19858a03f5 | |
Roland Gruber | 615e0f4947 | |
Roland Gruber | 36b91b2785 | |
Roland Gruber | e43b106c95 | |
Roland Gruber | 77282fed29 | |
Roland Gruber | de2b6e1631 | |
Roland Gruber | 077556a6a9 | |
Roland Gruber | 2a10013f36 | |
Roland Gruber | e289cabe3f | |
Roland Gruber | 5a6ee994cb | |
Roland Gruber | 4636b63e7b | |
Roland Gruber | 6b24c8f7f0 | |
Roland Gruber | 5eb0bcbc39 | |
Roland Gruber | cbad61519e | |
Roland Gruber | d3608c7bd0 | |
Roland Gruber | 680b99aba3 | |
Roland Gruber | 2e0637cf7b | |
Roland Gruber | d3ce330b62 | |
Roland Gruber | e64abbaf46 | |
Roland Gruber | bb061d128f | |
Roland Gruber | 2f453aa5db | |
Roland Gruber | b988411011 | |
Roland Gruber | 5517a48e56 | |
Roland Gruber | 0c52c929c5 | |
Roland Gruber | 57b2add165 | |
Roland Gruber | 74deb30986 | |
Roland Gruber | d9e2393f89 | |
Roland Gruber | a90d377faa | |
Roland Gruber | 4a94a19535 | |
Roland Gruber | f257cdede4 | |
Roland Gruber | ce4486a1e4 | |
Roland Gruber | 44e8fc232d | |
Roland Gruber | d07d20f546 | |
Roland Gruber | bb9a1b1719 | |
Roland Gruber | 2d3f584bb4 | |
Roland Gruber | 8852dd170d | |
Roland Gruber | bf34dd43bc | |
Roland Gruber | 691ccbc477 | |
Roland Gruber | fe913bd5bf | |
Roland Gruber | 42bca3db59 | |
Roland Gruber | 92115264fb | |
Roland Gruber | bb9f1f0eff | |
Roland Gruber | 4ced8c519f | |
Roland Gruber | 01fa846f86 | |
Roland Gruber | 085be08eea | |
Roland Gruber | 74e8fb830d | |
Roland Gruber | b7396de612 | |
Roland Gruber | 29c3f6582c | |
Roland Gruber | 89b46e63fc | |
Roland Gruber | d983e86605 | |
Roland Gruber | 4b4b982ad9 | |
Roland Gruber | 22bc951171 | |
gruberroland | b42c694a8a | |
Roland Gruber | 94c122e44f | |
Roland Gruber | 898afd25e2 | |
Roland Gruber | 10fef6d1d2 | |
Roland Gruber | 55cdd56465 | |
Roland Gruber | 14edd44652 | |
Roland Gruber | 6f3bbf11a4 | |
Roland Gruber | 54f93d1424 | |
Roland Gruber | baeaa0f98b | |
Roland Gruber | b197b6297b | |
Roland Gruber | 510d69e28b | |
gruberroland | a97e489ba7 | |
Roland Gruber | 1935d3def8 | |
Roland Gruber | 985828da3a | |
Roland Gruber | dec9585733 | |
Roland Gruber | fe5260b5e6 | |
Roland Gruber | 62ae3267d2 | |
Roland Gruber | aa921cadf8 | |
Roland Gruber | ec5fcebd7f | |
Roland Gruber | a6f11073ca | |
Roland Gruber | b0edc4c6f9 | |
Roland Gruber | 1b198403d7 | |
Roland Gruber | a804f94d6f | |
Roland Gruber | ea40d3b796 | |
Roland Gruber | fc71a984bf | |
Roland Gruber | 5ac81d90eb | |
Roland Gruber | dc5f2f5bbf | |
Roland Gruber | 9dffa0ed12 | |
gruberroland | 65de9a2d18 | |
Roland Gruber | b324cca20c | |
Roland Gruber | 5f62f9aed3 | |
Roland Gruber | f0cbe217eb | |
Roland Gruber | d0388973e5 | |
Roland Gruber | 89df814e77 | |
Roland Gruber | a202ed8824 | |
Roland Gruber | 1247e1f22b | |
Roland Gruber | ef41215d22 | |
Roland Gruber | 1d7db3794b | |
Roland Gruber | 378ab6cf93 | |
Roland Gruber | cfce928df4 | |
Roland Gruber | 0b66a600a2 | |
Roland Gruber | a811c8ee7f | |
Roland Gruber | f2d77dc851 | |
Roland Gruber | 9e5c2f0fd8 | |
Roland Gruber | 23e58208cf | |
Roland Gruber | 98f6c2bf84 | |
Roland Gruber | 4afd3d940e | |
Roland Gruber | 0bd7fcacf0 | |
Roland Gruber | 0cc31a4391 | |
Roland Gruber | cd749730a4 | |
Roland Gruber | 2b9d775347 | |
Roland Gruber | 5b81c8e03c | |
Roland Gruber | 28118bdaef | |
Roland Gruber | 08f8007f3e | |
Roland Gruber | 11258d7f1f | |
Roland Gruber | fe3c054825 | |
Roland Gruber | 1cbe9d546f | |
Roland Gruber | 109e7d679c | |
Roland Gruber | 08c0f40282 | |
Roland Gruber | 6031795a6d | |
Roland Gruber | a44350407e | |
Roland Gruber | 33b35fa23b | |
Roland Gruber | c9cff54937 | |
Roland Gruber | a4c867d6b3 | |
Roland Gruber | 18a22ef1c4 | |
Roland Gruber | 7222f10fe6 |
|
@ -0,0 +1,3 @@
|
||||||
|
|
||||||
|
github: [LDAPAccountManager]
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
name: "LAM CodeQL config"
|
||||||
|
|
||||||
|
queries:
|
||||||
|
- uses: security-and-quality
|
||||||
|
|
||||||
|
paths-ignore:
|
||||||
|
- '**/3rdParty/**/*.*'
|
||||||
|
- '**/lib/extra/**/*.*'
|
||||||
|
- '**/lib/*jquery*.js'
|
||||||
|
paths:
|
||||||
|
- lam
|
|
@ -0,0 +1,56 @@
|
||||||
|
name: "CodeQL"
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [develop]
|
||||||
|
pull_request:
|
||||||
|
# The branches below must be a subset of the branches above
|
||||||
|
branches: [develop]
|
||||||
|
schedule:
|
||||||
|
- cron: '0 10 * * 0'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
analyse:
|
||||||
|
name: Analyse
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
# We must fetch at least the immediate parents so that if this is
|
||||||
|
# a pull request then we can checkout the head.
|
||||||
|
fetch-depth: 2
|
||||||
|
|
||||||
|
# If this run was triggered by a pull request event, then checkout
|
||||||
|
# the head of the pull request instead of the merge commit.
|
||||||
|
- run: git checkout HEAD^2
|
||||||
|
if: ${{ github.event_name == 'pull_request' }}
|
||||||
|
|
||||||
|
# Initializes the CodeQL tools for scanning.
|
||||||
|
- name: Initialize CodeQL
|
||||||
|
uses: github/codeql-action/init@v1
|
||||||
|
# Override language selection by uncommenting this and choosing your languages
|
||||||
|
# with:
|
||||||
|
# languages: go, javascript, csharp, python, cpp, java
|
||||||
|
with:
|
||||||
|
config-file: ./.github/codeql/codeql-config.yml
|
||||||
|
|
||||||
|
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||||
|
# If this step fails, then you should remove it and run the build manually (see below)
|
||||||
|
- name: Autobuild
|
||||||
|
uses: github/codeql-action/autobuild@v1
|
||||||
|
|
||||||
|
# ℹ️ Command-line programs to run using the OS shell.
|
||||||
|
# 📚 https://git.io/JvXDl
|
||||||
|
|
||||||
|
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
||||||
|
# and modify them (or add more) to build your code if your project
|
||||||
|
# uses a compiled language
|
||||||
|
|
||||||
|
#- run: |
|
||||||
|
# make bootstrap
|
||||||
|
# make release
|
||||||
|
|
||||||
|
- name: Perform CodeQL Analysis
|
||||||
|
uses: github/codeql-action/analyze@v1
|
|
@ -2,3 +2,8 @@
|
||||||
/.buildpath
|
/.buildpath
|
||||||
/.project
|
/.project
|
||||||
/.Readme.md.html
|
/.Readme.md.html
|
||||||
|
/vendor/
|
||||||
|
/composer.lock
|
||||||
|
/code-coverage/
|
||||||
|
/.phpunit.result.cache
|
||||||
|
/lam/lib/3rdParty/composer/bin/
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
language: php
|
||||||
|
addons:
|
||||||
|
sonarcloud:
|
||||||
|
organization: "ldap-account-manager"
|
||||||
|
php:
|
||||||
|
- '7.3'
|
||||||
|
|
||||||
|
cache:
|
||||||
|
directories:
|
||||||
|
- '$HOME/.sonar/cache'
|
||||||
|
|
||||||
|
script:
|
||||||
|
- phpunit
|
||||||
|
- ls -l code-coverage/*
|
||||||
|
- sonar-scanner
|
||||||
|
- pip install --user codespell
|
||||||
|
- cd lam
|
||||||
|
- ./codespell.sh
|
|
@ -25,4 +25,4 @@ There are two modules. Usually, you only need the files inside "lam".
|
||||||
LAM is published under the GNU General Public License.
|
LAM is published under the GNU General Public License.
|
||||||
The complete list of licenses can be found in the copyright file.
|
The complete list of licenses can be found in the copyright file.
|
||||||
|
|
||||||
Copyright (C) 2003 - 2018 Roland Gruber <post@rolandgruber.de>
|
Copyright (C) 2003 - 2020 Roland Gruber <post@rolandgruber.de>
|
|
@ -0,0 +1,9 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
Security updates are always created based on the latest release.
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Please report all security issues to post@rolandgruber.de. Reports will be answered within 48h.
|
|
@ -1,6 +1,10 @@
|
||||||
{
|
{
|
||||||
"require-dev" : {
|
"require-dev" : {
|
||||||
"phpunit/phpunit" : "5.4.6",
|
"phpunit/phpunit" : "8.5.2",
|
||||||
"squizlabs/php_codesniffer" : "2.7.1"
|
"squizlabs/php_codesniffer" : "3.4.0"
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"ext-ldap": "*",
|
||||||
|
"ext-json": "*"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -22,17 +22,6 @@ Vendor: Roland Gruber
|
||||||
Packager: Roland Gruber <post@rolandgruber.de>
|
Packager: Roland Gruber <post@rolandgruber.de>
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
AutoReqProv: no
|
AutoReqProv: no
|
||||||
%if %is_suse
|
|
||||||
Requires: php5
|
|
||||||
Requires: php5-ldap
|
|
||||||
Requires: php5-hash
|
|
||||||
Requires: php5-gd
|
|
||||||
Requires: php5-gettext
|
|
||||||
Requires: perl
|
|
||||||
%endif
|
|
||||||
%if %is_fedora
|
|
||||||
Requires: perl
|
|
||||||
%endif
|
|
||||||
|
|
||||||
Source1: lam.nginx.conf
|
Source1: lam.nginx.conf
|
||||||
Source2: lam.apache.conf
|
Source2: lam.apache.conf
|
||||||
|
|
|
@ -39,7 +39,7 @@ DOCS = COPYING HISTORY README copyright docs/schema/dhcp.schema
|
||||||
|
|
||||||
HTML_DOCS = devel manual
|
HTML_DOCS = devel manual
|
||||||
|
|
||||||
LIST1 = graphics help index.html lib locale style templates VERSION
|
LIST1 = graphics help index.html lib locale style templates VERSION pwa_worker.js
|
||||||
LIST2 = sess tmp tmp/internal
|
LIST2 = sess tmp tmp/internal
|
||||||
LIST3 = config
|
LIST3 = config
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ install-lam:
|
||||||
LIST4="`(cd $(srcdir)/$(LIST3) ; ls -d *)`" ; \
|
LIST4="`(cd $(srcdir)/$(LIST3) ; ls -d *)`" ; \
|
||||||
(cd $(srcdir)/$(LIST3) ; $(TAR) cf - .) | \
|
(cd $(srcdir)/$(LIST3) ; $(TAR) cf - .) | \
|
||||||
(cd $(DESTDIR)$(sysconfdir) ; $(TAR) xf -) ; \
|
(cd $(DESTDIR)$(sysconfdir) ; $(TAR) xf -) ; \
|
||||||
$(LN_S) $(sysconfdir) ${LIST3} ; \
|
[ -e ${LIST3} ] || $(LN_S) $(sysconfdir) ${LIST3} ; \
|
||||||
(cd $(srcdir) ; $(TAR) cf - $(LIST1)) | $(TAR) xf - ; \
|
(cd $(srcdir) ; $(TAR) cf - $(LIST1)) | $(TAR) xf - ; \
|
||||||
[ -d $(DESTDIR)$(prefix)/docs ] || \
|
[ -d $(DESTDIR)$(prefix)/docs ] || \
|
||||||
$(MKDIR) -p $(DESTDIR)$(prefix)/docs || exit 1 ; \
|
$(MKDIR) -p $(DESTDIR)$(prefix)/docs || exit 1 ; \
|
||||||
|
|
|
@ -30,9 +30,9 @@ function minify {
|
||||||
local files=`ls $dir/*.js`
|
local files=`ls $dir/*.js`
|
||||||
local jsFiles=""
|
local jsFiles=""
|
||||||
for file in $files; do
|
for file in $files; do
|
||||||
jsFiles="$jsFiles --js $file"
|
jsFiles="$jsFiles $file"
|
||||||
done
|
done
|
||||||
closure-compiler --charset UTF-8 $jsFiles --js_output_file $outFile
|
uglifyjs -o $outFile $jsFiles
|
||||||
rm $files
|
rm $files
|
||||||
# add final new line to supress Debian warnings
|
# add final new line to supress Debian warnings
|
||||||
echo "" >> $outFile
|
echo "" >> $outFile
|
||||||
|
@ -44,23 +44,24 @@ function minifyCSS {
|
||||||
echo "Minify CSS files in $dir"
|
echo "Minify CSS files in $dir"
|
||||||
local outFile=$dir/100_lam.${VERSION}.min.css
|
local outFile=$dir/100_lam.${VERSION}.min.css
|
||||||
local files=`ls $dir/*.css`
|
local files=`ls $dir/*.css`
|
||||||
cat $files | cleancss -o $outFile
|
cat $files | cleancss --skip-rebase -o $outFile
|
||||||
rm $files
|
rm $files
|
||||||
# add final new line to supress Debian warnings
|
# add final new line to supress Debian warnings
|
||||||
echo "" >> $outFile
|
echo "" >> $outFile
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "Getting files..."
|
echo "Getting files..."
|
||||||
git clone -b $REPO_BRANCH --single-branch git@github.com:LDAPAccountManager/lam.git github
|
git clone --depth 1 -b $REPO_BRANCH --single-branch git@github.com:LDAPAccountManager/lam.git github
|
||||||
cd github
|
cd github
|
||||||
mv lam ../
|
mv lam ../
|
||||||
mv lam-packaging ../
|
mv lam-packaging ../
|
||||||
cd ..
|
cd ..
|
||||||
rm -rf github
|
rm -rf github
|
||||||
|
|
||||||
git clone -b $REPO_BRANCH --single-branch git@gitlab.com:LDAPAccountManager/lamPro.git lamPro
|
git clone --depth 1 -b $REPO_BRANCH --single-branch git@gitlab.com:LDAPAccountManager/lamPro.git lamPro
|
||||||
cd lamPro
|
cd lamPro
|
||||||
rm -rf .git
|
rm -rf .git
|
||||||
|
rm -rf docker
|
||||||
cd ..
|
cd ..
|
||||||
|
|
||||||
cp lam-packaging/getVersion ./
|
cp lam-packaging/getVersion ./
|
||||||
|
@ -69,7 +70,8 @@ export VERSION=`./getVersion`
|
||||||
# remove files which are not in the final release
|
# remove files which are not in the final release
|
||||||
rm -r lam/po
|
rm -r lam/po
|
||||||
rm -r lam/tests
|
rm -r lam/tests
|
||||||
rm lam/lib/3rdParty/tcpdf/fonts/*.ttf
|
rm -f lam/lib/3rdParty/tcpdf/fonts/*.ttf
|
||||||
|
rm -r lam/templates/lib/extra/ckeditor/plugins/*/dev
|
||||||
find . -name .svnignore -exec rm {} \;
|
find . -name .svnignore -exec rm {} \;
|
||||||
find . -name .gitignore -exec rm {} \;
|
find . -name .gitignore -exec rm {} \;
|
||||||
mv lam ldap-account-manager-$VERSION
|
mv lam ldap-account-manager-$VERSION
|
||||||
|
@ -135,8 +137,14 @@ cd ..
|
||||||
|
|
||||||
# Debian
|
# Debian
|
||||||
cp -r lam-packaging/debian Debian/ldap-account-manager-$VERSION/
|
cp -r lam-packaging/debian Debian/ldap-account-manager-$VERSION/
|
||||||
|
cp -ar Debian Debian-Upload
|
||||||
cd Debian/ldap-account-manager-$VERSION
|
cd Debian/ldap-account-manager-$VERSION
|
||||||
debuild
|
debuild -k478730308FBD512ADF09D38E7F3D136B2BCD7990
|
||||||
|
cd ..
|
||||||
|
rm -r ldap-account-manager-$VERSION
|
||||||
|
cd ..
|
||||||
|
cd Debian-Upload/ldap-account-manager-$VERSION
|
||||||
|
debuild -S -k478730308FBD512ADF09D38E7F3D136B2BCD7990
|
||||||
cd ..
|
cd ..
|
||||||
rm -r ldap-account-manager-$VERSION
|
rm -r ldap-account-manager-$VERSION
|
||||||
cd ..
|
cd ..
|
||||||
|
@ -145,7 +153,7 @@ cd ..
|
||||||
cd LAMPro
|
cd LAMPro
|
||||||
cp -r ../lam-packaging/debian Debian/ldap-account-manager-$VERSION/
|
cp -r ../lam-packaging/debian Debian/ldap-account-manager-$VERSION/
|
||||||
cd Debian/ldap-account-manager-$VERSION
|
cd Debian/ldap-account-manager-$VERSION
|
||||||
debuild
|
debuild -k478730308FBD512ADF09D38E7F3D136B2BCD7990
|
||||||
cd ..
|
cd ..
|
||||||
rm -r ldap-account-manager-$VERSION
|
rm -r ldap-account-manager-$VERSION
|
||||||
cd ..
|
cd ..
|
||||||
|
|
|
@ -1,11 +1,61 @@
|
||||||
ldap-account-manager (6.5.RC1-1) unstable; urgency=medium
|
ldap-account-manager (7.3.RC1-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* new upstream release
|
||||||
|
|
||||||
|
-- Roland Gruber <post@rolandgruber.de> Mon, 10 Aug 2020 19:25:33 +0200
|
||||||
|
|
||||||
|
ldap-account-manager (7.2-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* new upstream release
|
||||||
|
|
||||||
|
-- Roland Gruber <post@rolandgruber.de> Fri, 01 May 2020 08:04:56 +0200
|
||||||
|
|
||||||
|
ldap-account-manager (7.1-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* new upstream release
|
||||||
|
|
||||||
|
-- Roland Gruber <post@rolandgruber.de> Mon, 16 Mar 2020 21:24:23 +0100
|
||||||
|
|
||||||
|
ldap-account-manager (7.0-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* new upstream release
|
||||||
|
|
||||||
|
-- Roland Gruber <post@rolandgruber.de> Sat, 21 Dec 2019 19:53:45 +0100
|
||||||
|
|
||||||
|
ldap-account-manager (6.9-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* new upstream release
|
||||||
|
|
||||||
|
-- Roland Gruber <post@rolandgruber.de> Sun, 29 Sep 2019 09:12:37 +0200
|
||||||
|
|
||||||
|
ldap-account-manager (6.8-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* new upstream release
|
||||||
|
|
||||||
|
-- Roland Gruber <post@rolandgruber.de> Tue, 02 Jul 2019 12:26:45 +0200
|
||||||
|
|
||||||
|
ldap-account-manager (6.7-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* new upstream release
|
||||||
|
* Fix "Depends on tcpdf which is considered unfit for buster" removed
|
||||||
|
dependency and embedded required parts (Closes: #923736)
|
||||||
|
|
||||||
|
-- Roland Gruber <post@rolandgruber.de> Mon, 25 Mar 2019 17:21:36 +0100
|
||||||
|
|
||||||
|
ldap-account-manager (6.6-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* new upstream release
|
||||||
|
|
||||||
|
-- Roland Gruber <post@rolandgruber.de> Fri, 28 Dec 2018 11:08:14 +0100
|
||||||
|
|
||||||
|
ldap-account-manager (6.5-1) unstable; urgency=medium
|
||||||
|
|
||||||
* new upstream release
|
* new upstream release
|
||||||
* Fix "Embedded code copies" by adding dependency to phpseclib
|
* Fix "Embedded code copies" by adding dependency to phpseclib
|
||||||
(phpLDAPadmin code is customized and cannot be reused)
|
(phpLDAPadmin code is customized and cannot be reused)
|
||||||
(Closes: #781419)
|
(Closes: #781419)
|
||||||
|
|
||||||
-- Roland Gruber <post@rolandgruber.de> Thu, 06 Sep 2018 17:45:31 +0200
|
-- Roland Gruber <post@rolandgruber.de> Tue, 25 Sep 2018 17:37:41 +0200
|
||||||
|
|
||||||
ldap-account-manager (6.4-1) unstable; urgency=medium
|
ldap-account-manager (6.4-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
|
|
@ -2,25 +2,26 @@ Source: ldap-account-manager
|
||||||
Maintainer: Roland Gruber <post@rolandgruber.de>
|
Maintainer: Roland Gruber <post@rolandgruber.de>
|
||||||
Section: web
|
Section: web
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Standards-Version: 4.1.4
|
Standards-Version: 4.5.0
|
||||||
Build-Depends: debhelper (>= 9), po-debconf, cleancss, closure-compiler
|
Build-Depends: debhelper (>= 9), po-debconf, cleancss, node-uglify
|
||||||
Homepage: https://www.ldap-account-manager.org/
|
Homepage: https://www.ldap-account-manager.org/
|
||||||
|
|
||||||
Package: ldap-account-manager
|
Package: ldap-account-manager
|
||||||
Architecture: all
|
Architecture: all
|
||||||
Depends: php5 (>= 5.4.26) | php (>= 7), php5-ldap | php-ldap,
|
Depends: php (>= 7), php-ldap,
|
||||||
php5-gd | php-gd | php5-imagick | php-imagick,
|
php-gd | php-imagick,
|
||||||
php5-json | php-json, php5-curl | php-curl,
|
php-json, php-curl,
|
||||||
php5 | php-zip, php5 | php-xml,
|
php-zip, php-xml, php-gmp,
|
||||||
libapache2-mod-php5 | libapache2-mod-php | php5-fpm | php-fpm,
|
libapache2-mod-php | libapache2-mod-fcgid | php-fpm,
|
||||||
php-tcpdf, php-phpseclib (>= 2.0),
|
php-phpseclib (>= 2.0), php-monolog,
|
||||||
apache2 (>= 2.4.0) | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
|
apache2 (>= 2.4.0) | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
|
||||||
Recommends: php-apc | php-opcache
|
Recommends: php-opcache
|
||||||
Suggests: ldap-server, php5-mcrypt | php-mcrypt, ldap-account-manager-lamdaemon, perl
|
Suggests: ldap-server, php-mcrypt, ldap-account-manager-lamdaemon, perl
|
||||||
|
Conflicts: libapache2-mod-php5, php5, php5-fpm
|
||||||
Description: webfrontend for managing accounts in an LDAP directory
|
Description: webfrontend for managing accounts in an LDAP directory
|
||||||
LDAP Account Manager (LAM) runs on an existing webserver.
|
LDAP Account Manager (LAM) runs on an existing webserver.
|
||||||
It manages user, group and host accounts. Currently LAM
|
It manages user, group and host accounts. Currently LAM
|
||||||
supports these account types: Samba 3/4, Unix, Kolab 2/3,
|
supports these account types: Samba 3/4, Unix, Kolab,
|
||||||
address book entries, NIS mail aliases and MAC addresses.
|
address book entries, NIS mail aliases and MAC addresses.
|
||||||
There is an integrated LDAP browser to allow access to the
|
There is an integrated LDAP browser to allow access to the
|
||||||
raw LDAP attributes. You can use templates
|
raw LDAP attributes. You can use templates
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
This software is copyright (c) 2003 - 2018 by Roland Gruber
|
This software is copyright (c) 2003 - 2020 by Roland Gruber
|
||||||
|
|
||||||
If you purchased a copy of LDAP Account Manager Pro then the following
|
If you purchased a copy of LDAP Account Manager Pro then the following
|
||||||
files are licensed under the conditions which you accepted at purchase
|
files are licensed under the conditions which you accepted at purchase
|
||||||
|
@ -87,7 +87,6 @@ The complete license can be found in the file COPYING or in
|
||||||
Some parts of this package have other, compatible licences. These are:
|
Some parts of this package have other, compatible licences. These are:
|
||||||
|
|
||||||
A:
|
A:
|
||||||
|
|
||||||
DejaVu Fonts — License
|
DejaVu Fonts — License
|
||||||
|
|
||||||
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
|
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
|
||||||
|
@ -178,7 +177,9 @@ A:
|
||||||
Software without prior written authorization from Tavmjong Bah. For further
|
Software without prior written authorization from Tavmjong Bah. For further
|
||||||
information, contact: tavmjong @ free . fr.
|
information, contact: tavmjong @ free . fr.
|
||||||
|
|
||||||
|
|
||||||
B:
|
B:
|
||||||
|
MIT License
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining
|
Permission is hereby granted, free of charge, to any person obtaining
|
||||||
a copy of this software and associated documentation files (the
|
a copy of this software and associated documentation files (the
|
||||||
|
@ -200,19 +201,792 @@ B:
|
||||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
|
|
||||||
|
C:
|
||||||
|
New BSD License
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification,
|
||||||
|
are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice, this list
|
||||||
|
of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice, this
|
||||||
|
list of conditions and the following disclaimer in the documentation and/or other
|
||||||
|
materials provided with the distribution.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||||
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
||||||
|
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||||
|
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||||
|
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||||
|
OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
|
||||||
|
D:
|
||||||
|
GNU LESSER GENERAL PUBLIC LICENSE
|
||||||
|
Version 3, 29 June 2007
|
||||||
|
|
||||||
|
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
|
||||||
|
This version of the GNU Lesser General Public License incorporates
|
||||||
|
the terms and conditions of version 3 of the GNU General Public
|
||||||
|
License, supplemented by the additional permissions listed below.
|
||||||
|
|
||||||
|
0. Additional Definitions.
|
||||||
|
|
||||||
|
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||||
|
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||||
|
General Public License.
|
||||||
|
|
||||||
|
"The Library" refers to a covered work governed by this License,
|
||||||
|
other than an Application or a Combined Work as defined below.
|
||||||
|
|
||||||
|
An "Application" is any work that makes use of an interface provided
|
||||||
|
by the Library, but which is not otherwise based on the Library.
|
||||||
|
Defining a subclass of a class defined by the Library is deemed a mode
|
||||||
|
of using an interface provided by the Library.
|
||||||
|
|
||||||
|
A "Combined Work" is a work produced by combining or linking an
|
||||||
|
Application with the Library. The particular version of the Library
|
||||||
|
with which the Combined Work was made is also called the "Linked
|
||||||
|
Version".
|
||||||
|
|
||||||
|
The "Minimal Corresponding Source" for a Combined Work means the
|
||||||
|
Corresponding Source for the Combined Work, excluding any source code
|
||||||
|
for portions of the Combined Work that, considered in isolation, are
|
||||||
|
based on the Application, and not on the Linked Version.
|
||||||
|
|
||||||
|
The "Corresponding Application Code" for a Combined Work means the
|
||||||
|
object code and/or source code for the Application, including any data
|
||||||
|
and utility programs needed for reproducing the Combined Work from the
|
||||||
|
Application, but excluding the System Libraries of the Combined Work.
|
||||||
|
|
||||||
|
1. Exception to Section 3 of the GNU GPL.
|
||||||
|
|
||||||
|
You may convey a covered work under sections 3 and 4 of this License
|
||||||
|
without being bound by section 3 of the GNU GPL.
|
||||||
|
|
||||||
|
2. Conveying Modified Versions.
|
||||||
|
|
||||||
|
If you modify a copy of the Library, and, in your modifications, a
|
||||||
|
facility refers to a function or data to be supplied by an Application
|
||||||
|
that uses the facility (other than as an argument passed when the
|
||||||
|
facility is invoked), then you may convey a copy of the modified
|
||||||
|
version:
|
||||||
|
|
||||||
|
a) under this License, provided that you make a good faith effort to
|
||||||
|
ensure that, in the event an Application does not supply the
|
||||||
|
function or data, the facility still operates, and performs
|
||||||
|
whatever part of its purpose remains meaningful, or
|
||||||
|
|
||||||
|
b) under the GNU GPL, with none of the additional permissions of
|
||||||
|
this License applicable to that copy.
|
||||||
|
|
||||||
|
3. Object Code Incorporating Material from Library Header Files.
|
||||||
|
|
||||||
|
The object code form of an Application may incorporate material from
|
||||||
|
a header file that is part of the Library. You may convey such object
|
||||||
|
code under terms of your choice, provided that, if the incorporated
|
||||||
|
material is not limited to numerical parameters, data structure
|
||||||
|
layouts and accessors, or small macros, inline functions and templates
|
||||||
|
(ten or fewer lines in length), you do both of the following:
|
||||||
|
|
||||||
|
a) Give prominent notice with each copy of the object code that the
|
||||||
|
Library is used in it and that the Library and its use are
|
||||||
|
covered by this License.
|
||||||
|
|
||||||
|
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||||
|
document.
|
||||||
|
|
||||||
|
4. Combined Works.
|
||||||
|
|
||||||
|
You may convey a Combined Work under terms of your choice that,
|
||||||
|
taken together, effectively do not restrict modification of the
|
||||||
|
portions of the Library contained in the Combined Work and reverse
|
||||||
|
engineering for debugging such modifications, if you also do each of
|
||||||
|
the following:
|
||||||
|
|
||||||
|
a) Give prominent notice with each copy of the Combined Work that
|
||||||
|
the Library is used in it and that the Library and its use are
|
||||||
|
covered by this License.
|
||||||
|
|
||||||
|
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||||
|
document.
|
||||||
|
|
||||||
|
c) For a Combined Work that displays copyright notices during
|
||||||
|
execution, include the copyright notice for the Library among
|
||||||
|
these notices, as well as a reference directing the user to the
|
||||||
|
copies of the GNU GPL and this license document.
|
||||||
|
|
||||||
|
d) Do one of the following:
|
||||||
|
|
||||||
|
0) Convey the Minimal Corresponding Source under the terms of this
|
||||||
|
License, and the Corresponding Application Code in a form
|
||||||
|
suitable for, and under terms that permit, the user to
|
||||||
|
recombine or relink the Application with a modified version of
|
||||||
|
the Linked Version to produce a modified Combined Work, in the
|
||||||
|
manner specified by section 6 of the GNU GPL for conveying
|
||||||
|
Corresponding Source.
|
||||||
|
|
||||||
|
1) Use a suitable shared library mechanism for linking with the
|
||||||
|
Library. A suitable mechanism is one that (a) uses at run time
|
||||||
|
a copy of the Library already present on the user's computer
|
||||||
|
system, and (b) will operate properly with a modified version
|
||||||
|
of the Library that is interface-compatible with the Linked
|
||||||
|
Version.
|
||||||
|
|
||||||
|
e) Provide Installation Information, but only if you would otherwise
|
||||||
|
be required to provide such information under section 6 of the
|
||||||
|
GNU GPL, and only to the extent that such information is
|
||||||
|
necessary to install and execute a modified version of the
|
||||||
|
Combined Work produced by recombining or relinking the
|
||||||
|
Application with a modified version of the Linked Version. (If
|
||||||
|
you use option 4d0, the Installation Information must accompany
|
||||||
|
the Minimal Corresponding Source and Corresponding Application
|
||||||
|
Code. If you use option 4d1, you must provide the Installation
|
||||||
|
Information in the manner specified by section 6 of the GNU GPL
|
||||||
|
for conveying Corresponding Source.)
|
||||||
|
|
||||||
|
5. Combined Libraries.
|
||||||
|
|
||||||
|
You may place library facilities that are a work based on the
|
||||||
|
Library side by side in a single library together with other library
|
||||||
|
facilities that are not Applications and are not covered by this
|
||||||
|
License, and convey such a combined library under terms of your
|
||||||
|
choice, if you do both of the following:
|
||||||
|
|
||||||
|
a) Accompany the combined library with a copy of the same work based
|
||||||
|
on the Library, uncombined with any other library facilities,
|
||||||
|
conveyed under the terms of this License.
|
||||||
|
|
||||||
|
b) Give prominent notice with the combined library that part of it
|
||||||
|
is a work based on the Library, and explaining where to find the
|
||||||
|
accompanying uncombined form of the same work.
|
||||||
|
|
||||||
|
6. Revised Versions of the GNU Lesser General Public License.
|
||||||
|
|
||||||
|
The Free Software Foundation may publish revised and/or new versions
|
||||||
|
of the GNU Lesser General Public License from time to time. Such new
|
||||||
|
versions will be similar in spirit to the present version, but may
|
||||||
|
differ in detail to address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the
|
||||||
|
Library as you received it specifies that a certain numbered version
|
||||||
|
of the GNU Lesser General Public License "or any later version"
|
||||||
|
applies to it, you have the option of following the terms and
|
||||||
|
conditions either of that published version or of any later version
|
||||||
|
published by the Free Software Foundation. If the Library as you
|
||||||
|
received it does not specify a version number of the GNU Lesser
|
||||||
|
General Public License, you may choose any version of the GNU Lesser
|
||||||
|
General Public License ever published by the Free Software Foundation.
|
||||||
|
|
||||||
|
If the Library as you received it specifies that a proxy can decide
|
||||||
|
whether future versions of the GNU Lesser General Public License shall
|
||||||
|
apply, that proxy's public statement of acceptance of any version is
|
||||||
|
permanent authorization for you to choose that version for the
|
||||||
|
Library.
|
||||||
|
|
||||||
|
|
||||||
|
E:
|
||||||
|
Duo
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions
|
||||||
|
are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer in the
|
||||||
|
documentation and/or other materials provided with the distribution.
|
||||||
|
3. The name of the author may not be used to endorse or promote products
|
||||||
|
derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||||
|
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
|
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
|
||||||
|
F:
|
||||||
|
3-Clause BSD License
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions
|
||||||
|
are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer in the
|
||||||
|
documentation and/or other materials provided with the distribution.
|
||||||
|
3. Neither the name of the copyright holder nor the names of its
|
||||||
|
contributors may be used to endorse or promote products derived from
|
||||||
|
this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
||||||
|
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
||||||
|
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||||
|
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
|
||||||
|
G:
|
||||||
|
2-Clause BSD License
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification,
|
||||||
|
are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice,
|
||||||
|
this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
this list of conditions and the following disclaimer in the documentation and/or
|
||||||
|
other materials provided with the distribution.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||||
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
||||||
|
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||||
|
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
||||||
|
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||||
|
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
|
POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
|
||||||
|
H:
|
||||||
|
GNU LESSER GENERAL PUBLIC LICENSE
|
||||||
|
Version 2.1, February 1999
|
||||||
|
|
||||||
|
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
[This is the first released version of the Lesser GPL. It also counts
|
||||||
|
as the successor of the GNU Library Public License, version 2, hence
|
||||||
|
the version number 2.1.]
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
|
||||||
|
The licenses for most software are designed to take away your
|
||||||
|
freedom to share and change it. By contrast, the GNU General Public
|
||||||
|
Licenses are intended to guarantee your freedom to share and change
|
||||||
|
free software--to make sure the software is free for all its users.
|
||||||
|
|
||||||
|
This license, the Lesser General Public License, applies to some
|
||||||
|
specially designated software packages--typically libraries--of the
|
||||||
|
Free Software Foundation and other authors who decide to use it. You
|
||||||
|
can use it too, but we suggest you first think carefully about whether
|
||||||
|
this license or the ordinary General Public License is the better
|
||||||
|
strategy to use in any particular case, based on the explanations below.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom of use,
|
||||||
|
not price. Our General Public Licenses are designed to make sure that
|
||||||
|
you have the freedom to distribute copies of free software (and charge
|
||||||
|
for this service if you wish); that you receive source code or can get
|
||||||
|
it if you want it; that you can change the software and use pieces of
|
||||||
|
it in new free programs; and that you are informed that you can do
|
||||||
|
these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to make restrictions that forbid
|
||||||
|
distributors to deny you these rights or to ask you to surrender these
|
||||||
|
rights. These restrictions translate to certain responsibilities for
|
||||||
|
you if you distribute copies of the library or if you modify it.
|
||||||
|
|
||||||
|
For example, if you distribute copies of the library, whether gratis
|
||||||
|
or for a fee, you must give the recipients all the rights that we gave
|
||||||
|
you. You must make sure that they, too, receive or can get the source
|
||||||
|
code. If you link other code with the library, you must provide
|
||||||
|
complete object files to the recipients, so that they can relink them
|
||||||
|
with the library after making changes to the library and recompiling
|
||||||
|
it. And you must show them these terms so they know their rights.
|
||||||
|
|
||||||
|
We protect your rights with a two-step method: (1) we copyright the
|
||||||
|
library, and (2) we offer you this license, which gives you legal
|
||||||
|
permission to copy, distribute and/or modify the library.
|
||||||
|
|
||||||
|
To protect each distributor, we want to make it very clear that
|
||||||
|
there is no warranty for the free library. Also, if the library is
|
||||||
|
modified by someone else and passed on, the recipients should know
|
||||||
|
that what they have is not the original version, so that the original
|
||||||
|
author's reputation will not be affected by problems that might be
|
||||||
|
introduced by others.
|
||||||
|
|
||||||
|
Finally, software patents pose a constant threat to the existence of
|
||||||
|
any free program. We wish to make sure that a company cannot
|
||||||
|
effectively restrict the users of a free program by obtaining a
|
||||||
|
restrictive license from a patent holder. Therefore, we insist that
|
||||||
|
any patent license obtained for a version of the library must be
|
||||||
|
consistent with the full freedom of use specified in this license.
|
||||||
|
|
||||||
|
Most GNU software, including some libraries, is covered by the
|
||||||
|
ordinary GNU General Public License. This license, the GNU Lesser
|
||||||
|
General Public License, applies to certain designated libraries, and
|
||||||
|
is quite different from the ordinary General Public License. We use
|
||||||
|
this license for certain libraries in order to permit linking those
|
||||||
|
libraries into non-free programs.
|
||||||
|
|
||||||
|
When a program is linked with a library, whether statically or using
|
||||||
|
a shared library, the combination of the two is legally speaking a
|
||||||
|
combined work, a derivative of the original library. The ordinary
|
||||||
|
General Public License therefore permits such linking only if the
|
||||||
|
entire combination fits its criteria of freedom. The Lesser General
|
||||||
|
Public License permits more lax criteria for linking other code with
|
||||||
|
the library.
|
||||||
|
|
||||||
|
We call this license the "Lesser" General Public License because it
|
||||||
|
does Less to protect the user's freedom than the ordinary General
|
||||||
|
Public License. It also provides other free software developers Less
|
||||||
|
of an advantage over competing non-free programs. These disadvantages
|
||||||
|
are the reason we use the ordinary General Public License for many
|
||||||
|
libraries. However, the Lesser license provides advantages in certain
|
||||||
|
special circumstances.
|
||||||
|
|
||||||
|
For example, on rare occasions, there may be a special need to
|
||||||
|
encourage the widest possible use of a certain library, so that it becomes
|
||||||
|
a de-facto standard. To achieve this, non-free programs must be
|
||||||
|
allowed to use the library. A more frequent case is that a free
|
||||||
|
library does the same job as widely used non-free libraries. In this
|
||||||
|
case, there is little to gain by limiting the free library to free
|
||||||
|
software only, so we use the Lesser General Public License.
|
||||||
|
|
||||||
|
In other cases, permission to use a particular library in non-free
|
||||||
|
programs enables a greater number of people to use a large body of
|
||||||
|
free software. For example, permission to use the GNU C Library in
|
||||||
|
non-free programs enables many more people to use the whole GNU
|
||||||
|
operating system, as well as its variant, the GNU/Linux operating
|
||||||
|
system.
|
||||||
|
|
||||||
|
Although the Lesser General Public License is Less protective of the
|
||||||
|
users' freedom, it does ensure that the user of a program that is
|
||||||
|
linked with the Library has the freedom and the wherewithal to run
|
||||||
|
that program using a modified version of the Library.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and
|
||||||
|
modification follow. Pay close attention to the difference between a
|
||||||
|
"work based on the library" and a "work that uses the library". The
|
||||||
|
former contains code derived from the library, whereas the latter must
|
||||||
|
be combined with the library in order to run.
|
||||||
|
|
||||||
|
GNU LESSER GENERAL PUBLIC LICENSE
|
||||||
|
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||||
|
|
||||||
|
0. This License Agreement applies to any software library or other
|
||||||
|
program which contains a notice placed by the copyright holder or
|
||||||
|
other authorized party saying it may be distributed under the terms of
|
||||||
|
this Lesser General Public License (also called "this License").
|
||||||
|
Each licensee is addressed as "you".
|
||||||
|
|
||||||
|
A "library" means a collection of software functions and/or data
|
||||||
|
prepared so as to be conveniently linked with application programs
|
||||||
|
(which use some of those functions and data) to form executables.
|
||||||
|
|
||||||
|
The "Library", below, refers to any such software library or work
|
||||||
|
which has been distributed under these terms. A "work based on the
|
||||||
|
Library" means either the Library or any derivative work under
|
||||||
|
copyright law: that is to say, a work containing the Library or a
|
||||||
|
portion of it, either verbatim or with modifications and/or translated
|
||||||
|
straightforwardly into another language. (Hereinafter, translation is
|
||||||
|
included without limitation in the term "modification".)
|
||||||
|
|
||||||
|
"Source code" for a work means the preferred form of the work for
|
||||||
|
making modifications to it. For a library, complete source code means
|
||||||
|
all the source code for all modules it contains, plus any associated
|
||||||
|
interface definition files, plus the scripts used to control compilation
|
||||||
|
and installation of the library.
|
||||||
|
|
||||||
|
Activities other than copying, distribution and modification are not
|
||||||
|
covered by this License; they are outside its scope. The act of
|
||||||
|
running a program using the Library is not restricted, and output from
|
||||||
|
such a program is covered only if its contents constitute a work based
|
||||||
|
on the Library (independent of the use of the Library in a tool for
|
||||||
|
writing it). Whether that is true depends on what the Library does
|
||||||
|
and what the program that uses the Library does.
|
||||||
|
|
||||||
|
1. You may copy and distribute verbatim copies of the Library's
|
||||||
|
complete source code as you receive it, in any medium, provided that
|
||||||
|
you conspicuously and appropriately publish on each copy an
|
||||||
|
appropriate copyright notice and disclaimer of warranty; keep intact
|
||||||
|
all the notices that refer to this License and to the absence of any
|
||||||
|
warranty; and distribute a copy of this License along with the
|
||||||
|
Library.
|
||||||
|
|
||||||
|
You may charge a fee for the physical act of transferring a copy,
|
||||||
|
and you may at your option offer warranty protection in exchange for a
|
||||||
|
fee.
|
||||||
|
|
||||||
|
2. You may modify your copy or copies of the Library or any portion
|
||||||
|
of it, thus forming a work based on the Library, and copy and
|
||||||
|
distribute such modifications or work under the terms of Section 1
|
||||||
|
above, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) The modified work must itself be a software library.
|
||||||
|
|
||||||
|
b) You must cause the files modified to carry prominent notices
|
||||||
|
stating that you changed the files and the date of any change.
|
||||||
|
|
||||||
|
c) You must cause the whole of the work to be licensed at no
|
||||||
|
charge to all third parties under the terms of this License.
|
||||||
|
|
||||||
|
d) If a facility in the modified Library refers to a function or a
|
||||||
|
table of data to be supplied by an application program that uses
|
||||||
|
the facility, other than as an argument passed when the facility
|
||||||
|
is invoked, then you must make a good faith effort to ensure that,
|
||||||
|
in the event an application does not supply such function or
|
||||||
|
table, the facility still operates, and performs whatever part of
|
||||||
|
its purpose remains meaningful.
|
||||||
|
|
||||||
|
(For example, a function in a library to compute square roots has
|
||||||
|
a purpose that is entirely well-defined independent of the
|
||||||
|
application. Therefore, Subsection 2d requires that any
|
||||||
|
application-supplied function or table used by this function must
|
||||||
|
be optional: if the application does not supply it, the square
|
||||||
|
root function must still compute square roots.)
|
||||||
|
|
||||||
|
These requirements apply to the modified work as a whole. If
|
||||||
|
identifiable sections of that work are not derived from the Library,
|
||||||
|
and can be reasonably considered independent and separate works in
|
||||||
|
themselves, then this License, and its terms, do not apply to those
|
||||||
|
sections when you distribute them as separate works. But when you
|
||||||
|
distribute the same sections as part of a whole which is a work based
|
||||||
|
on the Library, the distribution of the whole must be on the terms of
|
||||||
|
this License, whose permissions for other licensees extend to the
|
||||||
|
entire whole, and thus to each and every part regardless of who wrote
|
||||||
|
it.
|
||||||
|
|
||||||
|
Thus, it is not the intent of this section to claim rights or contest
|
||||||
|
your rights to work written entirely by you; rather, the intent is to
|
||||||
|
exercise the right to control the distribution of derivative or
|
||||||
|
collective works based on the Library.
|
||||||
|
|
||||||
|
In addition, mere aggregation of another work not based on the Library
|
||||||
|
with the Library (or with a work based on the Library) on a volume of
|
||||||
|
a storage or distribution medium does not bring the other work under
|
||||||
|
the scope of this License.
|
||||||
|
|
||||||
|
3. You may opt to apply the terms of the ordinary GNU General Public
|
||||||
|
License instead of this License to a given copy of the Library. To do
|
||||||
|
this, you must alter all the notices that refer to this License, so
|
||||||
|
that they refer to the ordinary GNU General Public License, version 2,
|
||||||
|
instead of to this License. (If a newer version than version 2 of the
|
||||||
|
ordinary GNU General Public License has appeared, then you can specify
|
||||||
|
that version instead if you wish.) Do not make any other change in
|
||||||
|
these notices.
|
||||||
|
|
||||||
|
Once this change is made in a given copy, it is irreversible for
|
||||||
|
that copy, so the ordinary GNU General Public License applies to all
|
||||||
|
subsequent copies and derivative works made from that copy.
|
||||||
|
|
||||||
|
This option is useful when you wish to copy part of the code of
|
||||||
|
the Library into a program that is not a library.
|
||||||
|
|
||||||
|
4. You may copy and distribute the Library (or a portion or
|
||||||
|
derivative of it, under Section 2) in object code or executable form
|
||||||
|
under the terms of Sections 1 and 2 above provided that you accompany
|
||||||
|
it with the complete corresponding machine-readable source code, which
|
||||||
|
must be distributed under the terms of Sections 1 and 2 above on a
|
||||||
|
medium customarily used for software interchange.
|
||||||
|
|
||||||
|
If distribution of object code is made by offering access to copy
|
||||||
|
from a designated place, then offering equivalent access to copy the
|
||||||
|
source code from the same place satisfies the requirement to
|
||||||
|
distribute the source code, even though third parties are not
|
||||||
|
compelled to copy the source along with the object code.
|
||||||
|
|
||||||
|
5. A program that contains no derivative of any portion of the
|
||||||
|
Library, but is designed to work with the Library by being compiled or
|
||||||
|
linked with it, is called a "work that uses the Library". Such a
|
||||||
|
work, in isolation, is not a derivative work of the Library, and
|
||||||
|
therefore falls outside the scope of this License.
|
||||||
|
|
||||||
|
However, linking a "work that uses the Library" with the Library
|
||||||
|
creates an executable that is a derivative of the Library (because it
|
||||||
|
contains portions of the Library), rather than a "work that uses the
|
||||||
|
library". The executable is therefore covered by this License.
|
||||||
|
Section 6 states terms for distribution of such executables.
|
||||||
|
|
||||||
|
When a "work that uses the Library" uses material from a header file
|
||||||
|
that is part of the Library, the object code for the work may be a
|
||||||
|
derivative work of the Library even though the source code is not.
|
||||||
|
Whether this is true is especially significant if the work can be
|
||||||
|
linked without the Library, or if the work is itself a library. The
|
||||||
|
threshold for this to be true is not precisely defined by law.
|
||||||
|
|
||||||
|
If such an object file uses only numerical parameters, data
|
||||||
|
structure layouts and accessors, and small macros and small inline
|
||||||
|
functions (ten lines or less in length), then the use of the object
|
||||||
|
file is unrestricted, regardless of whether it is legally a derivative
|
||||||
|
work. (Executables containing this object code plus portions of the
|
||||||
|
Library will still fall under Section 6.)
|
||||||
|
|
||||||
|
Otherwise, if the work is a derivative of the Library, you may
|
||||||
|
distribute the object code for the work under the terms of Section 6.
|
||||||
|
Any executables containing that work also fall under Section 6,
|
||||||
|
whether or not they are linked directly with the Library itself.
|
||||||
|
|
||||||
|
6. As an exception to the Sections above, you may also combine or
|
||||||
|
link a "work that uses the Library" with the Library to produce a
|
||||||
|
work containing portions of the Library, and distribute that work
|
||||||
|
under terms of your choice, provided that the terms permit
|
||||||
|
modification of the work for the customer's own use and reverse
|
||||||
|
engineering for debugging such modifications.
|
||||||
|
|
||||||
|
You must give prominent notice with each copy of the work that the
|
||||||
|
Library is used in it and that the Library and its use are covered by
|
||||||
|
this License. You must supply a copy of this License. If the work
|
||||||
|
during execution displays copyright notices, you must include the
|
||||||
|
copyright notice for the Library among them, as well as a reference
|
||||||
|
directing the user to the copy of this License. Also, you must do one
|
||||||
|
of these things:
|
||||||
|
|
||||||
|
a) Accompany the work with the complete corresponding
|
||||||
|
machine-readable source code for the Library including whatever
|
||||||
|
changes were used in the work (which must be distributed under
|
||||||
|
Sections 1 and 2 above); and, if the work is an executable linked
|
||||||
|
with the Library, with the complete machine-readable "work that
|
||||||
|
uses the Library", as object code and/or source code, so that the
|
||||||
|
user can modify the Library and then relink to produce a modified
|
||||||
|
executable containing the modified Library. (It is understood
|
||||||
|
that the user who changes the contents of definitions files in the
|
||||||
|
Library will not necessarily be able to recompile the application
|
||||||
|
to use the modified definitions.)
|
||||||
|
|
||||||
|
b) Use a suitable shared library mechanism for linking with the
|
||||||
|
Library. A suitable mechanism is one that (1) uses at run time a
|
||||||
|
copy of the library already present on the user's computer system,
|
||||||
|
rather than copying library functions into the executable, and (2)
|
||||||
|
will operate properly with a modified version of the library, if
|
||||||
|
the user installs one, as long as the modified version is
|
||||||
|
interface-compatible with the version that the work was made with.
|
||||||
|
|
||||||
|
c) Accompany the work with a written offer, valid for at
|
||||||
|
least three years, to give the same user the materials
|
||||||
|
specified in Subsection 6a, above, for a charge no more
|
||||||
|
than the cost of performing this distribution.
|
||||||
|
|
||||||
|
d) If distribution of the work is made by offering access to copy
|
||||||
|
from a designated place, offer equivalent access to copy the above
|
||||||
|
specified materials from the same place.
|
||||||
|
|
||||||
|
e) Verify that the user has already received a copy of these
|
||||||
|
materials or that you have already sent this user a copy.
|
||||||
|
|
||||||
|
For an executable, the required form of the "work that uses the
|
||||||
|
Library" must include any data and utility programs needed for
|
||||||
|
reproducing the executable from it. However, as a special exception,
|
||||||
|
the materials to be distributed need not include anything that is
|
||||||
|
normally distributed (in either source or binary form) with the major
|
||||||
|
components (compiler, kernel, and so on) of the operating system on
|
||||||
|
which the executable runs, unless that component itself accompanies
|
||||||
|
the executable.
|
||||||
|
|
||||||
|
It may happen that this requirement contradicts the license
|
||||||
|
restrictions of other proprietary libraries that do not normally
|
||||||
|
accompany the operating system. Such a contradiction means you cannot
|
||||||
|
use both them and the Library together in an executable that you
|
||||||
|
distribute.
|
||||||
|
|
||||||
|
7. You may place library facilities that are a work based on the
|
||||||
|
Library side-by-side in a single library together with other library
|
||||||
|
facilities not covered by this License, and distribute such a combined
|
||||||
|
library, provided that the separate distribution of the work based on
|
||||||
|
the Library and of the other library facilities is otherwise
|
||||||
|
permitted, and provided that you do these two things:
|
||||||
|
|
||||||
|
a) Accompany the combined library with a copy of the same work
|
||||||
|
based on the Library, uncombined with any other library
|
||||||
|
facilities. This must be distributed under the terms of the
|
||||||
|
Sections above.
|
||||||
|
|
||||||
|
b) Give prominent notice with the combined library of the fact
|
||||||
|
that part of it is a work based on the Library, and explaining
|
||||||
|
where to find the accompanying uncombined form of the same work.
|
||||||
|
|
||||||
|
8. You may not copy, modify, sublicense, link with, or distribute
|
||||||
|
the Library except as expressly provided under this License. Any
|
||||||
|
attempt otherwise to copy, modify, sublicense, link with, or
|
||||||
|
distribute the Library is void, and will automatically terminate your
|
||||||
|
rights under this License. However, parties who have received copies,
|
||||||
|
or rights, from you under this License will not have their licenses
|
||||||
|
terminated so long as such parties remain in full compliance.
|
||||||
|
|
||||||
|
9. You are not required to accept this License, since you have not
|
||||||
|
signed it. However, nothing else grants you permission to modify or
|
||||||
|
distribute the Library or its derivative works. These actions are
|
||||||
|
prohibited by law if you do not accept this License. Therefore, by
|
||||||
|
modifying or distributing the Library (or any work based on the
|
||||||
|
Library), you indicate your acceptance of this License to do so, and
|
||||||
|
all its terms and conditions for copying, distributing or modifying
|
||||||
|
the Library or works based on it.
|
||||||
|
|
||||||
|
10. Each time you redistribute the Library (or any work based on the
|
||||||
|
Library), the recipient automatically receives a license from the
|
||||||
|
original licensor to copy, distribute, link with or modify the Library
|
||||||
|
subject to these terms and conditions. You may not impose any further
|
||||||
|
restrictions on the recipients' exercise of the rights granted herein.
|
||||||
|
You are not responsible for enforcing compliance by third parties with
|
||||||
|
this License.
|
||||||
|
|
||||||
|
11. If, as a consequence of a court judgment or allegation of patent
|
||||||
|
infringement or for any other reason (not limited to patent issues),
|
||||||
|
conditions are imposed on you (whether by court order, agreement or
|
||||||
|
otherwise) that contradict the conditions of this License, they do not
|
||||||
|
excuse you from the conditions of this License. If you cannot
|
||||||
|
distribute so as to satisfy simultaneously your obligations under this
|
||||||
|
License and any other pertinent obligations, then as a consequence you
|
||||||
|
may not distribute the Library at all. For example, if a patent
|
||||||
|
license would not permit royalty-free redistribution of the Library by
|
||||||
|
all those who receive copies directly or indirectly through you, then
|
||||||
|
the only way you could satisfy both it and this License would be to
|
||||||
|
refrain entirely from distribution of the Library.
|
||||||
|
|
||||||
|
If any portion of this section is held invalid or unenforceable under any
|
||||||
|
particular circumstance, the balance of the section is intended to apply,
|
||||||
|
and the section as a whole is intended to apply in other circumstances.
|
||||||
|
|
||||||
|
It is not the purpose of this section to induce you to infringe any
|
||||||
|
patents or other property right claims or to contest validity of any
|
||||||
|
such claims; this section has the sole purpose of protecting the
|
||||||
|
integrity of the free software distribution system which is
|
||||||
|
implemented by public license practices. Many people have made
|
||||||
|
generous contributions to the wide range of software distributed
|
||||||
|
through that system in reliance on consistent application of that
|
||||||
|
system; it is up to the author/donor to decide if he or she is willing
|
||||||
|
to distribute software through any other system and a licensee cannot
|
||||||
|
impose that choice.
|
||||||
|
|
||||||
|
This section is intended to make thoroughly clear what is believed to
|
||||||
|
be a consequence of the rest of this License.
|
||||||
|
|
||||||
|
12. If the distribution and/or use of the Library is restricted in
|
||||||
|
certain countries either by patents or by copyrighted interfaces, the
|
||||||
|
original copyright holder who places the Library under this License may add
|
||||||
|
an explicit geographical distribution limitation excluding those countries,
|
||||||
|
so that distribution is permitted only in or among countries not thus
|
||||||
|
excluded. In such case, this License incorporates the limitation as if
|
||||||
|
written in the body of this License.
|
||||||
|
|
||||||
|
13. The Free Software Foundation may publish revised and/or new
|
||||||
|
versions of the Lesser General Public License from time to time.
|
||||||
|
Such new versions will be similar in spirit to the present version,
|
||||||
|
but may differ in detail to address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the Library
|
||||||
|
specifies a version number of this License which applies to it and
|
||||||
|
"any later version", you have the option of following the terms and
|
||||||
|
conditions either of that version or of any later version published by
|
||||||
|
the Free Software Foundation. If the Library does not specify a
|
||||||
|
license version number, you may choose any version ever published by
|
||||||
|
the Free Software Foundation.
|
||||||
|
|
||||||
|
14. If you wish to incorporate parts of the Library into other free
|
||||||
|
programs whose distribution conditions are incompatible with these,
|
||||||
|
write to the author to ask for permission. For software which is
|
||||||
|
copyrighted by the Free Software Foundation, write to the Free
|
||||||
|
Software Foundation; we sometimes make exceptions for this. Our
|
||||||
|
decision will be guided by the two goals of preserving the free status
|
||||||
|
of all derivatives of our free software and of promoting the sharing
|
||||||
|
and reuse of software generally.
|
||||||
|
|
||||||
|
NO WARRANTY
|
||||||
|
|
||||||
|
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
|
||||||
|
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
|
||||||
|
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
||||||
|
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
|
||||||
|
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
|
||||||
|
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
|
||||||
|
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||||
|
|
||||||
|
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
|
||||||
|
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
|
||||||
|
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
|
||||||
|
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
|
||||||
|
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
|
||||||
|
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
|
||||||
|
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
|
||||||
|
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
|
||||||
|
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
|
||||||
|
DAMAGES.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Programs and licenses with other licenses and/or authors than the
|
Programs and licenses with other licenses and/or authors than the
|
||||||
main license and authors:
|
main license and authors:
|
||||||
|
|
||||||
lib/3rdParty/tcpdf/fonts/DejaVu*.ttf A Public Domain, Bitstream, Inc., Tavmjong Bah
|
lib/3rdParty/composer/beberlei G 2013 Benjamin Eberlei
|
||||||
lib/3rdParty/tcpdf/fonts/DejaVu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
|
lib/3rdParty/composer/composer B Nils Adermann, Jordi Boggiano
|
||||||
lib/3rdParty/phpseclib B Jim Wigginton
|
lib/3rdParty/composer/fgrosse B 2015 Friedrich Große
|
||||||
templates/lib/*jquery*.js B 2010 John Resig, Paul Bakaus, Fred Heusschen
|
lib/3rdParty/composer/nyholm B 2016 Tobias Nyholm
|
||||||
|
lib/3rdParty/composer/paragonie B 2015 Paragon Initiative Enterprises
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Crypt_Blowfish H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Exception H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Idna G
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Imap_Client H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_ListHeaders H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mail G
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mime H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Secret H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Socket_Client H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Filter H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Wrapper G
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Support G
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Text_Flowed H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Translation H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Util H
|
||||||
|
lib/3rdParty/composer/php-http B 2015 PHP HTTP Team
|
||||||
|
lib/3rdParty/composer/phpmailer H
|
||||||
|
lib/3rdParty/composer/psr B 2018 PHP Framework Interoperability Group
|
||||||
|
lib/3rdParty/composer/ramsey B 2018 Ben Ramsey
|
||||||
|
lib/3rdParty/composer/spomky-labs B 2018 Spomky-Labs
|
||||||
|
lib/3rdParty/composer/symfony B 2019 Fabien Potencier
|
||||||
|
lib/3rdParty/composer/web-auth B 2018 Spomky-Labs
|
||||||
|
lib/3rdParty/tcpdf D 2020 Nicola Asuni - Tecnick.com LTD
|
||||||
|
lib/3rdParty/tcpdf/fonts/dejavu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
|
||||||
|
lib/3rdParty/phpseclib B 2019 TerraFrost and other contributors
|
||||||
|
lib/3rdParty/Monolog B 2011 Jordi Boggiano
|
||||||
|
lib/3rdParty/Psr B 2012 PHP Framework Interoperability Group
|
||||||
|
lib/3rdParty/yubico/Yubico.php C 2015 Yubico AB
|
||||||
|
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
|
||||||
|
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
|
||||||
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
|
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
|
||||||
templates/lib/*jquery-validationEngine-*.js B 2010 Cedric Dugas and Olivier Refalo
|
style/150_jquery-dropmenu*.css B 2010 Fred Heusschen
|
||||||
templates/lib/*jquery-fineuploader-*.js B 2010 Andrew Valums
|
templates/lib/*jquery-fineuploader-*.js B 2010 Andrew Valums
|
||||||
|
style/150_jquery-fineuploader*.css B 2010 Andrew Valums
|
||||||
|
templates/lib/*jquery-validationEngine-*.js B 2010 Cedric Dugas and Olivier Refalo
|
||||||
|
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
|
||||||
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
||||||
style/600_cropper.css B 2018 Chen Fengyuan
|
style/600_cropper*.css B 2018 Chen Fengyuan
|
||||||
|
templates/lib/extra/duo/*.js E 2019 Duo Security
|
||||||
|
lib/3rdParty/duo/*.php E 2019 Duo Security
|
||||||
|
graphics/webauthn.svg F 2017 Duo Security, Inc.
|
||||||
|
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
|
||||||
|
style/610_magnific-popup.css B 2016 Dmitry Semenov
|
||||||
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
||||||
style/responsive/110_grid.css B
|
style/responsive/110_grid.css B
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -6,9 +6,9 @@ if [ ! -e $outFile ]; then
|
||||||
files=`ls templates/lib/*.js`
|
files=`ls templates/lib/*.js`
|
||||||
jsFiles=""
|
jsFiles=""
|
||||||
for file in $files; do
|
for file in $files; do
|
||||||
jsFiles="$jsFiles --js $file"
|
jsFiles="$jsFiles $file"
|
||||||
done
|
done
|
||||||
closure-compiler --charset UTF-8 $jsFiles --js_output_file $outFile
|
uglifyjs -o $outFile $jsFiles
|
||||||
rm $files
|
rm $files
|
||||||
# add final new line to supress Debian warnings
|
# add final new line to supress Debian warnings
|
||||||
echo "" >> $outFile
|
echo "" >> $outFile
|
||||||
|
@ -17,7 +17,7 @@ fi
|
||||||
files=`ls style/*.css`
|
files=`ls style/*.css`
|
||||||
outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css
|
outFile=style/100_lam.${SOURCE_DATE_EPOCH}.min.css
|
||||||
if [ ! -e $outFile ]; then
|
if [ ! -e $outFile ]; then
|
||||||
cat $files | cleancss -o ${outFile}
|
cat $files | cleancss --skip-rebase -o ${outFile}
|
||||||
rm $files
|
rm $files
|
||||||
# add final new line to supress Debian warnings
|
# add final new line to supress Debian warnings
|
||||||
echo "" >> $outFile
|
echo "" >> $outFile
|
||||||
|
|
|
@ -10,9 +10,11 @@ fi
|
||||||
db_version 2.0 || [ $? -lt 30 ]
|
db_version 2.0 || [ $? -lt 30 ]
|
||||||
|
|
||||||
# 3rd party libs
|
# 3rd party libs
|
||||||
phpThirdPartyLibs='phpseclib tcpdf'
|
phpThirdPartyLibs='phpseclib Monolog Psr'
|
||||||
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
||||||
|
if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then
|
||||||
ln -s /usr/share/php/${phpThirdPartyLib} /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
ln -s /usr/share/php/${phpThirdPartyLib} /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
cd /usr/share/ldap-account-manager/config-samples/profiles
|
cd /usr/share/ldap-account-manager/config-samples/profiles
|
||||||
|
@ -34,12 +36,15 @@ files=`ls -a *.jpg`
|
||||||
for file in $files; do
|
for file in $files; do
|
||||||
cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
|
cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
|
||||||
done
|
done
|
||||||
if [ ! -h /usr/share/ldap-account-manager/config ]; then\
|
if [ ! -h /usr/share/ldap-account-manager/config ]; then
|
||||||
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi
|
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
|
||||||
if [ ! -h /usr/share/ldap-account-manager/sess ]; then\
|
fi
|
||||||
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi
|
if [ ! -h /usr/share/ldap-account-manager/sess ]; then
|
||||||
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\
|
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
|
||||||
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi
|
fi
|
||||||
|
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
|
||||||
|
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
|
||||||
|
fi
|
||||||
chown www-data /etc/ldap-account-manager/config.cfg
|
chown www-data /etc/ldap-account-manager/config.cfg
|
||||||
chmod 600 /etc/ldap-account-manager/config.cfg
|
chmod 600 /etc/ldap-account-manager/config.cfg
|
||||||
chown www-data /var/lib/ldap-account-manager/sess
|
chown www-data /var/lib/ldap-account-manager/sess
|
||||||
|
@ -49,9 +54,14 @@ chown www-data /var/lib/ldap-account-manager/tmp/internal
|
||||||
chmod 700 /var/lib/ldap-account-manager/tmp
|
chmod 700 /var/lib/ldap-account-manager/tmp
|
||||||
chown -R www-data /var/lib/ldap-account-manager/config
|
chown -R www-data /var/lib/ldap-account-manager/config
|
||||||
chmod 700 /var/lib/ldap-account-manager/config
|
chmod 700 /var/lib/ldap-account-manager/config
|
||||||
if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \
|
set +e
|
||||||
then cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf; \
|
ls -l /var/lib/ldap-account-manager/config/*.conf &> /dev/null
|
||||||
chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi
|
cfgFilesExist=$?
|
||||||
|
set -e
|
||||||
|
if [ $cfgFilesExist -ne 0 ]; then
|
||||||
|
cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf
|
||||||
|
chown www-data /var/lib/ldap-account-manager/config/lam.conf
|
||||||
|
fi
|
||||||
chmod 600 /var/lib/ldap-account-manager/config/*.conf
|
chmod 600 /var/lib/ldap-account-manager/config/*.conf
|
||||||
if [ "$1" = "configure" ]; then
|
if [ "$1" = "configure" ]; then
|
||||||
db_get "ldap-account-manager/alias"
|
db_get "ldap-account-manager/alias"
|
||||||
|
|
|
@ -49,6 +49,15 @@ if [ -f /usr/share/debconf/confmodule ]; then
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# 3rd party libs
|
||||||
|
phpThirdPartyLibs='phpseclib tcpdf Monolog Psr'
|
||||||
|
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
||||||
|
if [ -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then
|
||||||
|
rm /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
if [ "$1" = "purge" ]; then
|
if [ "$1" = "purge" ]; then
|
||||||
rm -r -f /usr/share/ldap-account-manager
|
rm -r -f /usr/share/ldap-account-manager
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ "$1" != "upgrade" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 3rd party libs
|
||||||
|
phpThirdPartyLibs='phpseclib tcpdf Monolog Psr'
|
||||||
|
for phpThirdPartyLib in $phpThirdPartyLibs; do
|
||||||
|
if [ -L /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib} ] ; then
|
||||||
|
rm /usr/share/ldap-account-manager/lib/3rdParty/${phpThirdPartyLib}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
#DEBHELPER#
|
|
@ -23,6 +23,7 @@ install:
|
||||||
|
|
||||||
install -D --mode=644 index.html debian/ldap-account-manager/usr/share/ldap-account-manager/index.html
|
install -D --mode=644 index.html debian/ldap-account-manager/usr/share/ldap-account-manager/index.html
|
||||||
install -D --mode=644 VERSION debian/ldap-account-manager/usr/share/ldap-account-manager/VERSION
|
install -D --mode=644 VERSION debian/ldap-account-manager/usr/share/ldap-account-manager/VERSION
|
||||||
|
install -D --mode=644 pwa_worker.js debian/ldap-account-manager/usr/share/ldap-account-manager/pwa_worker.js
|
||||||
install -D --mode=644 tmp/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/.htaccess
|
install -D --mode=644 tmp/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/.htaccess
|
||||||
install -D --mode=644 tmp/internal/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/internal/.htaccess
|
install -D --mode=644 tmp/internal/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/tmp/internal/.htaccess
|
||||||
install -D --mode=644 config/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/config/.htaccess
|
install -D --mode=644 config/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/config/.htaccess
|
||||||
|
@ -46,6 +47,10 @@ install:
|
||||||
|
|
||||||
# 3rd party libs are linked
|
# 3rd party libs are linked
|
||||||
install -d --mode=755 debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty
|
install -d --mode=755 debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty
|
||||||
|
cp -r lib/3rdParty/composer debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
|
||||||
|
cp -r lib/3rdParty/yubico debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
|
||||||
|
cp -r lib/3rdParty/tcpdf debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
|
||||||
|
cp -r lib/3rdParty/duo debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
|
||||||
|
|
||||||
cp -r locale debian/ldap-account-manager/usr/share/ldap-account-manager/
|
cp -r locale debian/ldap-account-manager/usr/share/ldap-account-manager/
|
||||||
install -D --mode=644 sess/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/sess/.htaccess
|
install -D --mode=644 sess/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/sess/.htaccess
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
#
|
||||||
|
# LAM setup
|
||||||
|
#
|
||||||
|
# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false)
|
||||||
|
# If set to false the other variables below have no effect.
|
||||||
|
LAM_SKIP_PRECONFIGURE=false
|
||||||
|
# domain of LDAP database root entry, will be converted to dc=...,dc=...
|
||||||
|
LDAP_DOMAIN=my-domain.com
|
||||||
|
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
|
||||||
|
LDAP_BASE_DN=dc=my-domain,dc=com
|
||||||
|
# LDAP users DN to overwrite value provided by LDAP_BASE_DN
|
||||||
|
LDAP_USERS_DN=ou=people,dc=my-domain,dc=com
|
||||||
|
# LDAP groups DN to overwrite value provided by LDAP_BASE_DN
|
||||||
|
LDAP_GROUPS_DN=ou=groups,dc=my-domain,dc=com
|
||||||
|
|
||||||
|
# LDAP server URL
|
||||||
|
LDAP_SERVER=ldap://ldap:389
|
||||||
|
# LDAP admin user (set as login user for LAM)
|
||||||
|
LDAP_USER=cn=admin,dc=my-domain,dc=com
|
||||||
|
# default language, e.g. en_US, de_DE, fr_FR, ...
|
||||||
|
LAM_LANG=en_US
|
||||||
|
# LAM configuration master password and password for server profile "lam"
|
||||||
|
LAM_PASSWORD=lam
|
||||||
|
|
||||||
|
# deactivate TLS certificate checks, activate for development only
|
||||||
|
LAM_DISABLE_TLS_CHECK=false
|
||||||
|
|
||||||
|
#
|
||||||
|
# docker-compose only, LDAP server setup
|
||||||
|
#
|
||||||
|
# LDAP organisation name for OpenLDAP
|
||||||
|
LDAP_ORGANISATION="LDAP Account Manager Demo"
|
||||||
|
# LDAP admin password
|
||||||
|
LDAP_ADMIN_PASSWORD=adminpw
|
||||||
|
# password for LDAP read-only user
|
||||||
|
LDAP_READONLY_USER_PASSWORD=readonlypw
|
|
@ -0,0 +1,112 @@
|
||||||
|
#
|
||||||
|
# Docker image for LDAP Account Manager
|
||||||
|
|
||||||
|
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
|
# Copyright (C) 2019 - 2020 Roland Gruber
|
||||||
|
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
|
#
|
||||||
|
# Usage: run this command: docker run -p 8080:80 -it -d ldapaccountmanager/lam:stable
|
||||||
|
#
|
||||||
|
# Then access LAM at http://localhost:8080/
|
||||||
|
# You can change the port 8080 if needed.
|
||||||
|
# See possible environment variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
|
||||||
|
#
|
||||||
|
|
||||||
|
FROM debian:buster-slim
|
||||||
|
LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
|
||||||
|
|
||||||
|
ARG LAM_RELEASE=7.3.RC1
|
||||||
|
EXPOSE 80
|
||||||
|
|
||||||
|
ENV \
|
||||||
|
DEBIAN_FRONTEND=noninteractive \
|
||||||
|
DEBUG=''
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get upgrade -y
|
||||||
|
|
||||||
|
# install locales
|
||||||
|
RUN apt-get install -y locales
|
||||||
|
RUN sed -i 's/^# *\(ca_ES.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(cz_CZ.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(de_DE.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(en_GB.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(es_ES.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(fr_FR.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(it_IT.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(hu_HU.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(nl_NL.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(pl_PL.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(pt_BR.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(ru_RU.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(sk_SK.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(tr_TR.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(uk_UA.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(ja_JP.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(zh_TW.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
sed -i 's/^# *\(zh_CN.UTF-8\)/\1/' /etc/locale.gen && \
|
||||||
|
locale-gen
|
||||||
|
|
||||||
|
RUN apt-get install --no-install-recommends -y \
|
||||||
|
apache2 \
|
||||||
|
ca-certificates \
|
||||||
|
dumb-init \
|
||||||
|
fonts-dejavu \
|
||||||
|
libapache2-mod-php \
|
||||||
|
php \
|
||||||
|
php-curl \
|
||||||
|
php-gd \
|
||||||
|
php-imagick \
|
||||||
|
php-ldap \
|
||||||
|
php-monolog \
|
||||||
|
php-phpseclib \
|
||||||
|
php-xml \
|
||||||
|
php-zip \
|
||||||
|
php-imap \
|
||||||
|
php-gmp \
|
||||||
|
wget \
|
||||||
|
&& \
|
||||||
|
rm /etc/apache2/sites-enabled/*default* && \
|
||||||
|
rm -rf /var/cache/apt /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# install LAM
|
||||||
|
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \
|
||||||
|
-O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
|
||||||
|
dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
|
||||||
|
rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
|
||||||
|
|
||||||
|
# redirect Apache logging
|
||||||
|
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
|
||||||
|
# because there is no logging set in the lam vhost logging goes to other_vhost_access.log
|
||||||
|
RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
|
||||||
|
|
||||||
|
# add redirect for /
|
||||||
|
RUN a2enmod rewrite
|
||||||
|
RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
|
||||||
|
&& echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
|
||||||
|
|
||||||
|
COPY start.sh /usr/local/bin/start.sh
|
||||||
|
|
||||||
|
WORKDIR /var/lib/ldap-account-manager/config
|
||||||
|
|
||||||
|
# start Apache when container starts
|
||||||
|
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||||
|
CMD [ "/usr/local/bin/start.sh" ]
|
||||||
|
|
||||||
|
HEALTHCHECK --interval=1m --timeout=10s \
|
||||||
|
CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>'
|
|
@ -0,0 +1,42 @@
|
||||||
|
version: '3.5'
|
||||||
|
services:
|
||||||
|
ldap-account-manager:
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
image: ldapaccountmanager/lam:7.3.RC1
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "8080:80"
|
||||||
|
volumes:
|
||||||
|
- lametc/:/etc/ldap-account-manager
|
||||||
|
- lamconfig/:/var/lib/ldap-account-manager/config
|
||||||
|
- lamsession/:/var/lib/ldap-account-manager/sess
|
||||||
|
environment:
|
||||||
|
- LAM_PASSWORD=${LAM_PASSWORD}
|
||||||
|
- LAM_LANG=en_US
|
||||||
|
- LDAP_SERVER=${LDAP_SERVER}
|
||||||
|
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||||
|
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||||
|
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
|
||||||
|
- DEBUG=true
|
||||||
|
ldap:
|
||||||
|
image: osixia/openldap:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
||||||
|
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||||
|
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||||
|
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
||||||
|
- LDAP_READONLY_USER=true
|
||||||
|
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
||||||
|
command: "--loglevel info --copy-service"
|
||||||
|
volumes:
|
||||||
|
- ldap:/var/lib/ldap
|
||||||
|
- slapd:/etc/ldap/slapd.d
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
lametc:
|
||||||
|
lamconfig:
|
||||||
|
lamsession:
|
||||||
|
ldap:
|
||||||
|
slapd:
|
|
@ -0,0 +1,66 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Docker start script for LDAP Account Manager
|
||||||
|
|
||||||
|
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
|
# Copyright (C) 2019 Felix Bartels
|
||||||
|
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
|
|
||||||
|
set -eu # unset variables are errors & non-zero return values exit the whole script
|
||||||
|
[ "$DEBUG" ] && set -x
|
||||||
|
|
||||||
|
if [ "${LAM_DISABLE_TLS_CHECK:-}" == "true" ]; then
|
||||||
|
ln -s /etc/ldap/ldap.conf /etc/ldap.conf
|
||||||
|
echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf
|
||||||
|
fi
|
||||||
|
|
||||||
|
LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}"
|
||||||
|
if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
|
||||||
|
|
||||||
|
LAM_LANG="${LAM_LANG:-en_US}"
|
||||||
|
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
|
||||||
|
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
|
||||||
|
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
|
||||||
|
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
|
||||||
|
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
|
||||||
|
LDAP_USERS_DN="${LDAP_USERS_DN:-${LDAP_BASE_DN}}"
|
||||||
|
LDAP_GROUPS_DN="${LDAP_GROUPS_DN:-${LDAP_BASE_DN}}"
|
||||||
|
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
|
||||||
|
|
||||||
|
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
|
||||||
|
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
|
||||||
|
EOF
|
||||||
|
unset LAM_PASSWORD
|
||||||
|
|
||||||
|
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
|
||||||
|
s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|;
|
||||||
|
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
|
||||||
|
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
|
||||||
|
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
|
||||||
|
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
|
||||||
|
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_USERS_DN}|;
|
||||||
|
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_GROUPS_DN}|;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Starting Apache"
|
||||||
|
rm -f /run/apache2/apache2.pid
|
||||||
|
set +u
|
||||||
|
# shellcheck disable=SC1091
|
||||||
|
source /etc/apache2/envvars
|
||||||
|
exec /usr/sbin/apache2 -DFOREGROUND
|
124
lam/HISTORY
|
@ -1,4 +1,109 @@
|
||||||
September 2018 6.5
|
September 2020
|
||||||
|
- PHP 7.4 compatibility
|
||||||
|
- Configuration export and import
|
||||||
|
- Server profiles support to specify a part of the DN to hide
|
||||||
|
- Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2)
|
||||||
|
- Better error messages on login when account is expired/deactivated/...
|
||||||
|
- Personal/Windows: photo can be uploaded via webcam
|
||||||
|
- Windows users: group display format can be configured (cn/dn)
|
||||||
|
- LAM Pro:
|
||||||
|
-> Windows: new cron job to send users a summary of their managed groups
|
||||||
|
- Fixed bugs:
|
||||||
|
-> Unix groups: memberUid was not deleted correctly when forced sync with group of names is active
|
||||||
|
|
||||||
|
01.05.2020 7.2
|
||||||
|
- Unix: allow to create group with same name during user creation
|
||||||
|
- LAM Pro:
|
||||||
|
-> EMail sending can be done via SMTP without local mail server
|
||||||
|
-> License expiration warning can be sent via email or disabled
|
||||||
|
- Fixed bugs:
|
||||||
|
-> Captcha don't show anymore in Self Service login page (213)
|
||||||
|
-> Unix memberships cannot be changed. This issue can also affect other membership relations.
|
||||||
|
-> Missing locales on Docker image
|
||||||
|
|
||||||
|
|
||||||
|
17.03.2020 7.1
|
||||||
|
- PHP 7 required
|
||||||
|
- WebAuthn/FIDO2 support for 2-factor-authentication (requires PHP 7.2)
|
||||||
|
- IMAP: changed library to support latest TLS versions
|
||||||
|
- Personal: support display name (hidden by default in server profile)
|
||||||
|
- Windows users: support allowed workstations, more profile options
|
||||||
|
- Reactivated Polish translation
|
||||||
|
- LAM Pro:
|
||||||
|
-> PPolicy: support for password check module
|
||||||
|
-> Windows AD LDS support (users and groups)
|
||||||
|
-> User self registration: support Active Directory/Samba4
|
||||||
|
|
||||||
|
|
||||||
|
21.12.2019 7.0
|
||||||
|
- Lamdaemon can be configured with directory prefix for homedirs
|
||||||
|
- Account list filters match on substrings instead of whole value
|
||||||
|
- YubiKey: support to configure multiple verification servers
|
||||||
|
- Windows hosts: added last password change and last login
|
||||||
|
- Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish
|
||||||
|
Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included).
|
||||||
|
- Docker updates
|
||||||
|
- Fixed bugs:
|
||||||
|
-> Missing CSS for Duo
|
||||||
|
-> Editing of DNs with comma on Windows (210)
|
||||||
|
|
||||||
|
|
||||||
|
29.09.2019 6.9
|
||||||
|
- Group account types can show member+owner count in list view
|
||||||
|
- 2-factor authentication:
|
||||||
|
-> Duo support
|
||||||
|
-> user name attribute for privacyIDEA can be specified
|
||||||
|
- LAM Pro:
|
||||||
|
-> New self service settings for login and main page footer
|
||||||
|
-> Custom fields: custom labels for LDAP search select list
|
||||||
|
- Fixed bugs:
|
||||||
|
-> Configuration issue with Unix user/host module (206)
|
||||||
|
|
||||||
|
|
||||||
|
02.07.2019 6.8
|
||||||
|
- Parallel editing of multiple entries in different browser tabs supported
|
||||||
|
- LAM supports the progressive web app standard which allows to install LAM as an icon on home screen
|
||||||
|
- Windows: added home drive and force password change to profile editor
|
||||||
|
- Unix: password management can be disabled in module settings
|
||||||
|
- LAM Pro:
|
||||||
|
-> Bind DLZ: entry table can show record data (use special attribute "#records" in server profile)
|
||||||
|
-> Self service: support legacy attribute "email" for password self reset and user self registration
|
||||||
|
- Fixed bugs:
|
||||||
|
-> Users: No drop-down filter box for account status (200)
|
||||||
|
-> Custom fields: Account type "Groups" not saving/deleting fields (66)
|
||||||
|
|
||||||
|
|
||||||
|
25.03.2019 6.7
|
||||||
|
- Added YubiKey as 2-factor authentication provider
|
||||||
|
- Support logging to remote syslog server
|
||||||
|
- PHP 7.3 support
|
||||||
|
- LAM Pro:
|
||||||
|
-> Allow to mark text and text area fields as required
|
||||||
|
-> New self service fields:
|
||||||
|
-> Mail routing
|
||||||
|
-> Windows proxy addresses + mail alias
|
||||||
|
-> Shadow account expiration date
|
||||||
|
-> Unix and group of names memberships
|
||||||
|
-> Base URL for emails in self service can be configured in self service profile
|
||||||
|
-> Bind DLZ: support DNAME+XFR records and descriptions in records (requires latest LDAP schema)
|
||||||
|
-> Cron jobs: added Shadow account expiration notification job
|
||||||
|
- Fixed bugs:
|
||||||
|
-> Allow tree-only configurations without any other tab
|
||||||
|
|
||||||
|
|
||||||
|
28.12.2018 6.6
|
||||||
|
- New import/export in tools menu
|
||||||
|
- YubiKey support
|
||||||
|
- Windows users:
|
||||||
|
-> Manage "departmentNumber" (needs to be activated via LAM server profile)
|
||||||
|
-> Sync group memberships from Unix and group of names
|
||||||
|
- LAM Pro:
|
||||||
|
-> Easy setting of background color in self service profile
|
||||||
|
-> Cron jobs: added Windows/Qmail/FreeRadius account expiration notification jobs
|
||||||
|
-> Bind DLZ: usability improvements and small fixes
|
||||||
|
|
||||||
|
|
||||||
|
25.09.2018 6.5
|
||||||
- Password change possible via LDAP EXOP operation (set LDAP_EXOP as password hash, requires PHP 7.2)
|
- Password change possible via LDAP EXOP operation (set LDAP_EXOP as password hash, requires PHP 7.2)
|
||||||
- Support Imagick and GD
|
- Support Imagick and GD
|
||||||
- Dropped support for Apache 2.2
|
- Dropped support for Apache 2.2
|
||||||
|
@ -6,7 +111,7 @@ September 2018 6.5
|
||||||
- Personal: photos can be printed in PDF export
|
- Personal: photos can be printed in PDF export
|
||||||
- Kolab updates
|
- Kolab updates
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
-> Auto deletion of entries with dynamic directory services support (requires PHP 7.2).
|
-> Auto deletion of entries with dynamic directory services support (requires PHP 7.2)
|
||||||
- Fixed bugs:
|
- Fixed bugs:
|
||||||
-> Issue when changing key case of uid (#197)
|
-> Issue when changing key case of uid (#197)
|
||||||
|
|
||||||
|
@ -25,6 +130,7 @@ September 2018 6.5
|
||||||
- Fixed bugs:
|
- Fixed bugs:
|
||||||
-> Error on password reset page when custom fields is used (194)
|
-> Error on password reset page when custom fields is used (194)
|
||||||
|
|
||||||
|
|
||||||
19.03.2018 6.3
|
19.03.2018 6.3
|
||||||
- Server profile: added option if referential integrity overlay is active to skip cleanup actions
|
- Server profile: added option if referential integrity overlay is active to skip cleanup actions
|
||||||
- Unix: several options are now specific to subaccount types (reconfiguration required!)
|
- Unix: several options are now specific to subaccount types (reconfiguration required!)
|
||||||
|
@ -232,7 +338,7 @@ September 2018 6.5
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
-> Password self reset and user self registration support to set a header text
|
-> Password self reset and user self registration support to set a header text
|
||||||
-> Sudo roles: support latest schema
|
-> Sudo roles: support latest schema
|
||||||
-> Bind DLZ: automatic PTR management (disabled by default) and better formating of e.g. TTL values
|
-> Bind DLZ: automatic PTR management (disabled by default) and better formatting of e.g. TTL values
|
||||||
|
|
||||||
|
|
||||||
18.03.2014 4.5
|
18.03.2014 4.5
|
||||||
|
@ -424,7 +530,7 @@ September 2018 6.5
|
||||||
-> support to read user name from uid attribute
|
-> support to read user name from uid attribute
|
||||||
-> added quota management
|
-> added quota management
|
||||||
- Personal: added additional options for account profiles
|
- Personal: added additional options for account profiles
|
||||||
- Mail aliases: sort receipients (RFE 3170336)
|
- Mail aliases: sort recipients (RFE 3170336)
|
||||||
- Asterisk: support all attributes (can be disabled in configuration)
|
- Asterisk: support all attributes (can be disabled in configuration)
|
||||||
- Samba 3/Shadow: allow to sync expiration date (RFE 3147751)
|
- Samba 3/Shadow: allow to sync expiration date (RFE 3147751)
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
|
@ -551,7 +657,7 @@ September 2018 6.5
|
||||||
21.01.2009 2.5.0
|
21.01.2009 2.5.0
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
-> supports rfc2307bis schema for Unix groups (RFE 2111694)
|
-> supports rfc2307bis schema for Unix groups (RFE 2111694)
|
||||||
-> added alias manangement (object classes alias + uidObject) (RFE 1912779)
|
-> added alias management (object classes alias + uidObject) (RFE 1912779)
|
||||||
- Shadow: module is now optional when creating new accounts
|
- Shadow: module is now optional when creating new accounts
|
||||||
- Kolab:
|
- Kolab:
|
||||||
-> account extension is now optional
|
-> account extension is now optional
|
||||||
|
@ -740,7 +846,7 @@ September 2018 6.5
|
||||||
- security: LAM checks the session id and client IP
|
- security: LAM checks the session id and client IP
|
||||||
- fixed bugs:
|
- fixed bugs:
|
||||||
-> Samba 3: hash values were wrong in some rare cases (1440021)
|
-> Samba 3: hash values were wrong in some rare cases (1440021)
|
||||||
-> Samba 3: readded time zone selection for logon hours (1407761)
|
-> Samba 3: re-added time zone selection for logon hours (1407761)
|
||||||
-> Unix: call of unknown function (1450464)
|
-> Unix: call of unknown function (1450464)
|
||||||
|
|
||||||
|
|
||||||
|
@ -877,7 +983,7 @@ September 2018 6.5
|
||||||
-> dynamic configuration options (based on modules)
|
-> dynamic configuration options (based on modules)
|
||||||
- all pages in UTF-8
|
- all pages in UTF-8
|
||||||
- added developer documentation
|
- added developer documentation
|
||||||
- PHPDoc formated comments
|
- PHPDoc formatted comments
|
||||||
- new plugin for managing MAC addresses (RFE 926017)
|
- new plugin for managing MAC addresses (RFE 926017)
|
||||||
- new plugin for managing NIS mail aliases (RFE 1050036)
|
- new plugin for managing NIS mail aliases (RFE 1050036)
|
||||||
- new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137)
|
- new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137)
|
||||||
|
@ -939,7 +1045,7 @@ September 2018 6.5
|
||||||
if magic_quotes_gpc in php.ini is was set to "Off", several pages did not work
|
if magic_quotes_gpc in php.ini is was set to "Off", several pages did not work
|
||||||
some smaller bugs in mass upload
|
some smaller bugs in mass upload
|
||||||
Samba hash values for hosts were not correct
|
Samba hash values for hosts were not correct
|
||||||
Unix passwords could be disabled but not reenabled
|
Unix passwords could be disabled but not re-enabled
|
||||||
fixed problem with eval() in status.inc (894433)
|
fixed problem with eval() in status.inc (894433)
|
||||||
|
|
||||||
|
|
||||||
|
@ -962,7 +1068,7 @@ September 2018 6.5
|
||||||
- better error handling at login
|
- better error handling at login
|
||||||
- support spaces in DNs
|
- support spaces in DNs
|
||||||
- PDF text for users
|
- PDF text for users
|
||||||
- create missing OUs recursivly
|
- create missing OUs recursively
|
||||||
- fixed bugs:
|
- fixed bugs:
|
||||||
SMD5 passwords were wrong
|
SMD5 passwords were wrong
|
||||||
primaryGroupSID wrong if SID has no relation to Algorithmic RID Base
|
primaryGroupSID wrong if SID has no relation to Algorithmic RID Base
|
||||||
|
|
|
@ -3,19 +3,16 @@ LAM - Readme
|
||||||
============
|
============
|
||||||
|
|
||||||
LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
|
LDAP Account Manager (LAM) manages user, group and host accounts in an LDAP
|
||||||
directory. LAM runs on any webserver with PHP5 support and connects to your
|
directory. LAM runs on any webserver with PHP7 support and connects to your
|
||||||
LDAP server unencrypted or via SSL/TLS.
|
LDAP server unencrypted or via SSL/TLS.
|
||||||
Currently LAM supports these account types: Samba 3/4, Unix, Kolab 2,
|
Currently LAM supports these account types: Samba 3/4, Unix, Kolab,
|
||||||
address book entries, NIS mail aliases and MAC addresses. There is a tree
|
address book entries, NIS mail aliases and MAC addresses. There is a tree
|
||||||
viewer included to allow access to the raw LDAP attributes. You can use
|
viewer included to allow access to the raw LDAP attributes. You can use
|
||||||
templates for account creation and use multiple configuration profiles.
|
templates for account creation and use multiple configuration profiles.
|
||||||
LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech,
|
|
||||||
Dutch, English, French, German, Hungarian, Italian, Japanese, Polish,
|
|
||||||
Portuguese, Russian, Slovak, Spanish, Turkish and Ukrainian.
|
|
||||||
|
|
||||||
https://www.ldap-account-manager.org/
|
https://www.ldap-account-manager.org/
|
||||||
|
|
||||||
Copyright (C) 2003 - 2018 Roland Gruber <post@rolandgruber.de>
|
Copyright (C) 2003 - 2020 Roland Gruber <post@rolandgruber.de>
|
||||||
|
|
||||||
Installation and documentation:
|
Installation and documentation:
|
||||||
Please see the LAM manual in docs/manual/index.html.
|
Please see the LAM manual in docs/manual/index.html.
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
6.5.RC1
|
7.3.RC1
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
~/.local/bin/codespell --skip '*3rdParty*,*/ckeditor/*,*/po/*,*/locale/*,tmp,sess,config,graphics,*/style/images/*,*/style/*.gif,*/style/*.png,*/docs/manual-onePage/*,*/docs/manual-sources/images/*,*/templates/lib/*jquery*,*~,*/docs/phpdoc/*,*/docs/manual/*,*/docs/devel/images/*,*/docs/manual-pdf/*,*.sh,*/cropper.js,*/lib/extra/duo/*' --ignore-words-list "tim,te,pres,files'"
|
|
@ -0,0 +1,18 @@
|
||||||
|
{
|
||||||
|
"config": {
|
||||||
|
"vendor-dir": "lib/3rdParty/composer"
|
||||||
|
},
|
||||||
|
"repositories": [
|
||||||
|
{
|
||||||
|
"type": "pear",
|
||||||
|
"url": "https://pear.horde.org"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"require" : {
|
||||||
|
"web-auth/webauthn-lib" : "2.1.7",
|
||||||
|
"symfony/http-foundation" : "5.0.7",
|
||||||
|
"symfony/psr-http-message-bridge" : "1.3.0",
|
||||||
|
"pear-pear.horde.org/Horde_Imap_Client" : "2.30.1",
|
||||||
|
"phpmailer/phpmailer": "~6.1"
|
||||||
|
}
|
||||||
|
}
|
|
@ -3,3 +3,4 @@ config.cfg
|
||||||
/serverCerts.pem
|
/serverCerts.pem
|
||||||
/pdf/
|
/pdf/
|
||||||
/profiles/
|
/profiles/
|
||||||
|
*.sqlite
|
|
@ -6,10 +6,10 @@
|
||||||
# the second is the character encoding and the third the language name.
|
# the second is the character encoding and the third the language name.
|
||||||
|
|
||||||
# Catalan
|
# Catalan
|
||||||
ca_ES.utf8:UTF-8:Català (Catalunya)
|
# ca_ES.utf8:UTF-8:Català (Catalunya)
|
||||||
|
|
||||||
# Czech
|
# Czech
|
||||||
cs_CZ.utf8:UTF-8:Čeština (Česko)
|
# cs_CZ.utf8:UTF-8:Čeština (Česko)
|
||||||
|
|
||||||
# German
|
# German
|
||||||
de_DE.utf8:UTF-8:Deutsch (Deutschland)
|
de_DE.utf8:UTF-8:Deutsch (Deutschland)
|
||||||
|
@ -30,7 +30,7 @@ fr_FR.utf8:UTF-8:Français (France)
|
||||||
it_IT.utf8:UTF-8:Italiano (Italia)
|
it_IT.utf8:UTF-8:Italiano (Italia)
|
||||||
|
|
||||||
# Hungarian
|
# Hungarian
|
||||||
hu_HU.utf8:UTF-8:Magyar (Magyarország)
|
# hu_HU.utf8:UTF-8:Magyar (Magyarország)
|
||||||
|
|
||||||
# Dutch
|
# Dutch
|
||||||
nl_NL.utf8:UTF-8:Nederlands (Nederland)
|
nl_NL.utf8:UTF-8:Nederlands (Nederland)
|
||||||
|
@ -48,7 +48,7 @@ ru_RU.utf8:UTF-8:Русский (Россия)
|
||||||
sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
|
sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
|
||||||
|
|
||||||
# Turkish
|
# Turkish
|
||||||
tr_TR.utf8:UTF-8:Türkçe (Türkiye)
|
# tr_TR.utf8:UTF-8:Türkçe (Türkiye)
|
||||||
|
|
||||||
# Ukrainian
|
# Ukrainian
|
||||||
uk_UA.utf8:UTF-8:Українська (Україна)
|
uk_UA.utf8:UTF-8:Українська (Україна)
|
||||||
|
|
791
lam/copyright
|
@ -1,4 +1,4 @@
|
||||||
This software is copyright (c) 2003 - 2018 by Roland Gruber
|
This software is copyright (c) 2003 - 2020 by Roland Gruber
|
||||||
|
|
||||||
If you purchased a copy of LDAP Account Manager Pro then the following
|
If you purchased a copy of LDAP Account Manager Pro then the following
|
||||||
files are licensed under the conditions which you accepted at purchase
|
files are licensed under the conditions which you accepted at purchase
|
||||||
|
@ -86,7 +86,6 @@ The complete license can be found in the file COPYING.
|
||||||
Some parts of this package have other, compatible licences. These are:
|
Some parts of this package have other, compatible licences. These are:
|
||||||
|
|
||||||
A:
|
A:
|
||||||
|
|
||||||
DejaVu Fonts — License
|
DejaVu Fonts — License
|
||||||
|
|
||||||
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
|
Fonts are © Bitstream (see below). DejaVu changes are in public domain. Explanation
|
||||||
|
@ -177,7 +176,9 @@ A:
|
||||||
Software without prior written authorization from Tavmjong Bah. For further
|
Software without prior written authorization from Tavmjong Bah. For further
|
||||||
information, contact: tavmjong @ free . fr.
|
information, contact: tavmjong @ free . fr.
|
||||||
|
|
||||||
|
|
||||||
B:
|
B:
|
||||||
|
MIT License
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining
|
Permission is hereby granted, free of charge, to any person obtaining
|
||||||
a copy of this software and associated documentation files (the
|
a copy of this software and associated documentation files (the
|
||||||
|
@ -199,18 +200,792 @@ B:
|
||||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
|
|
||||||
|
C:
|
||||||
|
New BSD License
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification,
|
||||||
|
are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice, this list
|
||||||
|
of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice, this
|
||||||
|
list of conditions and the following disclaimer in the documentation and/or other
|
||||||
|
materials provided with the distribution.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||||
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
||||||
|
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||||
|
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||||
|
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||||
|
OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
|
||||||
|
D:
|
||||||
|
GNU LESSER GENERAL PUBLIC LICENSE
|
||||||
|
Version 3, 29 June 2007
|
||||||
|
|
||||||
|
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
|
||||||
|
This version of the GNU Lesser General Public License incorporates
|
||||||
|
the terms and conditions of version 3 of the GNU General Public
|
||||||
|
License, supplemented by the additional permissions listed below.
|
||||||
|
|
||||||
|
0. Additional Definitions.
|
||||||
|
|
||||||
|
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||||
|
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||||
|
General Public License.
|
||||||
|
|
||||||
|
"The Library" refers to a covered work governed by this License,
|
||||||
|
other than an Application or a Combined Work as defined below.
|
||||||
|
|
||||||
|
An "Application" is any work that makes use of an interface provided
|
||||||
|
by the Library, but which is not otherwise based on the Library.
|
||||||
|
Defining a subclass of a class defined by the Library is deemed a mode
|
||||||
|
of using an interface provided by the Library.
|
||||||
|
|
||||||
|
A "Combined Work" is a work produced by combining or linking an
|
||||||
|
Application with the Library. The particular version of the Library
|
||||||
|
with which the Combined Work was made is also called the "Linked
|
||||||
|
Version".
|
||||||
|
|
||||||
|
The "Minimal Corresponding Source" for a Combined Work means the
|
||||||
|
Corresponding Source for the Combined Work, excluding any source code
|
||||||
|
for portions of the Combined Work that, considered in isolation, are
|
||||||
|
based on the Application, and not on the Linked Version.
|
||||||
|
|
||||||
|
The "Corresponding Application Code" for a Combined Work means the
|
||||||
|
object code and/or source code for the Application, including any data
|
||||||
|
and utility programs needed for reproducing the Combined Work from the
|
||||||
|
Application, but excluding the System Libraries of the Combined Work.
|
||||||
|
|
||||||
|
1. Exception to Section 3 of the GNU GPL.
|
||||||
|
|
||||||
|
You may convey a covered work under sections 3 and 4 of this License
|
||||||
|
without being bound by section 3 of the GNU GPL.
|
||||||
|
|
||||||
|
2. Conveying Modified Versions.
|
||||||
|
|
||||||
|
If you modify a copy of the Library, and, in your modifications, a
|
||||||
|
facility refers to a function or data to be supplied by an Application
|
||||||
|
that uses the facility (other than as an argument passed when the
|
||||||
|
facility is invoked), then you may convey a copy of the modified
|
||||||
|
version:
|
||||||
|
|
||||||
|
a) under this License, provided that you make a good faith effort to
|
||||||
|
ensure that, in the event an Application does not supply the
|
||||||
|
function or data, the facility still operates, and performs
|
||||||
|
whatever part of its purpose remains meaningful, or
|
||||||
|
|
||||||
|
b) under the GNU GPL, with none of the additional permissions of
|
||||||
|
this License applicable to that copy.
|
||||||
|
|
||||||
|
3. Object Code Incorporating Material from Library Header Files.
|
||||||
|
|
||||||
|
The object code form of an Application may incorporate material from
|
||||||
|
a header file that is part of the Library. You may convey such object
|
||||||
|
code under terms of your choice, provided that, if the incorporated
|
||||||
|
material is not limited to numerical parameters, data structure
|
||||||
|
layouts and accessors, or small macros, inline functions and templates
|
||||||
|
(ten or fewer lines in length), you do both of the following:
|
||||||
|
|
||||||
|
a) Give prominent notice with each copy of the object code that the
|
||||||
|
Library is used in it and that the Library and its use are
|
||||||
|
covered by this License.
|
||||||
|
|
||||||
|
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||||
|
document.
|
||||||
|
|
||||||
|
4. Combined Works.
|
||||||
|
|
||||||
|
You may convey a Combined Work under terms of your choice that,
|
||||||
|
taken together, effectively do not restrict modification of the
|
||||||
|
portions of the Library contained in the Combined Work and reverse
|
||||||
|
engineering for debugging such modifications, if you also do each of
|
||||||
|
the following:
|
||||||
|
|
||||||
|
a) Give prominent notice with each copy of the Combined Work that
|
||||||
|
the Library is used in it and that the Library and its use are
|
||||||
|
covered by this License.
|
||||||
|
|
||||||
|
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||||
|
document.
|
||||||
|
|
||||||
|
c) For a Combined Work that displays copyright notices during
|
||||||
|
execution, include the copyright notice for the Library among
|
||||||
|
these notices, as well as a reference directing the user to the
|
||||||
|
copies of the GNU GPL and this license document.
|
||||||
|
|
||||||
|
d) Do one of the following:
|
||||||
|
|
||||||
|
0) Convey the Minimal Corresponding Source under the terms of this
|
||||||
|
License, and the Corresponding Application Code in a form
|
||||||
|
suitable for, and under terms that permit, the user to
|
||||||
|
recombine or relink the Application with a modified version of
|
||||||
|
the Linked Version to produce a modified Combined Work, in the
|
||||||
|
manner specified by section 6 of the GNU GPL for conveying
|
||||||
|
Corresponding Source.
|
||||||
|
|
||||||
|
1) Use a suitable shared library mechanism for linking with the
|
||||||
|
Library. A suitable mechanism is one that (a) uses at run time
|
||||||
|
a copy of the Library already present on the user's computer
|
||||||
|
system, and (b) will operate properly with a modified version
|
||||||
|
of the Library that is interface-compatible with the Linked
|
||||||
|
Version.
|
||||||
|
|
||||||
|
e) Provide Installation Information, but only if you would otherwise
|
||||||
|
be required to provide such information under section 6 of the
|
||||||
|
GNU GPL, and only to the extent that such information is
|
||||||
|
necessary to install and execute a modified version of the
|
||||||
|
Combined Work produced by recombining or relinking the
|
||||||
|
Application with a modified version of the Linked Version. (If
|
||||||
|
you use option 4d0, the Installation Information must accompany
|
||||||
|
the Minimal Corresponding Source and Corresponding Application
|
||||||
|
Code. If you use option 4d1, you must provide the Installation
|
||||||
|
Information in the manner specified by section 6 of the GNU GPL
|
||||||
|
for conveying Corresponding Source.)
|
||||||
|
|
||||||
|
5. Combined Libraries.
|
||||||
|
|
||||||
|
You may place library facilities that are a work based on the
|
||||||
|
Library side by side in a single library together with other library
|
||||||
|
facilities that are not Applications and are not covered by this
|
||||||
|
License, and convey such a combined library under terms of your
|
||||||
|
choice, if you do both of the following:
|
||||||
|
|
||||||
|
a) Accompany the combined library with a copy of the same work based
|
||||||
|
on the Library, uncombined with any other library facilities,
|
||||||
|
conveyed under the terms of this License.
|
||||||
|
|
||||||
|
b) Give prominent notice with the combined library that part of it
|
||||||
|
is a work based on the Library, and explaining where to find the
|
||||||
|
accompanying uncombined form of the same work.
|
||||||
|
|
||||||
|
6. Revised Versions of the GNU Lesser General Public License.
|
||||||
|
|
||||||
|
The Free Software Foundation may publish revised and/or new versions
|
||||||
|
of the GNU Lesser General Public License from time to time. Such new
|
||||||
|
versions will be similar in spirit to the present version, but may
|
||||||
|
differ in detail to address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the
|
||||||
|
Library as you received it specifies that a certain numbered version
|
||||||
|
of the GNU Lesser General Public License "or any later version"
|
||||||
|
applies to it, you have the option of following the terms and
|
||||||
|
conditions either of that published version or of any later version
|
||||||
|
published by the Free Software Foundation. If the Library as you
|
||||||
|
received it does not specify a version number of the GNU Lesser
|
||||||
|
General Public License, you may choose any version of the GNU Lesser
|
||||||
|
General Public License ever published by the Free Software Foundation.
|
||||||
|
|
||||||
|
If the Library as you received it specifies that a proxy can decide
|
||||||
|
whether future versions of the GNU Lesser General Public License shall
|
||||||
|
apply, that proxy's public statement of acceptance of any version is
|
||||||
|
permanent authorization for you to choose that version for the
|
||||||
|
Library.
|
||||||
|
|
||||||
|
|
||||||
|
E:
|
||||||
|
Duo
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions
|
||||||
|
are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer in the
|
||||||
|
documentation and/or other materials provided with the distribution.
|
||||||
|
3. The name of the author may not be used to endorse or promote products
|
||||||
|
derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||||
|
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
|
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
|
||||||
|
F:
|
||||||
|
3-Clause BSD License
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions
|
||||||
|
are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer in the
|
||||||
|
documentation and/or other materials provided with the distribution.
|
||||||
|
3. Neither the name of the copyright holder nor the names of its
|
||||||
|
contributors may be used to endorse or promote products derived from
|
||||||
|
this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
||||||
|
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
||||||
|
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||||
|
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
|
||||||
|
G:
|
||||||
|
2-Clause BSD License
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification,
|
||||||
|
are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice,
|
||||||
|
this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
this list of conditions and the following disclaimer in the documentation and/or
|
||||||
|
other materials provided with the distribution.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||||
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
||||||
|
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||||
|
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
||||||
|
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||||
|
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
|
POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
|
||||||
|
H:
|
||||||
|
GNU LESSER GENERAL PUBLIC LICENSE
|
||||||
|
Version 2.1, February 1999
|
||||||
|
|
||||||
|
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
[This is the first released version of the Lesser GPL. It also counts
|
||||||
|
as the successor of the GNU Library Public License, version 2, hence
|
||||||
|
the version number 2.1.]
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
|
||||||
|
The licenses for most software are designed to take away your
|
||||||
|
freedom to share and change it. By contrast, the GNU General Public
|
||||||
|
Licenses are intended to guarantee your freedom to share and change
|
||||||
|
free software--to make sure the software is free for all its users.
|
||||||
|
|
||||||
|
This license, the Lesser General Public License, applies to some
|
||||||
|
specially designated software packages--typically libraries--of the
|
||||||
|
Free Software Foundation and other authors who decide to use it. You
|
||||||
|
can use it too, but we suggest you first think carefully about whether
|
||||||
|
this license or the ordinary General Public License is the better
|
||||||
|
strategy to use in any particular case, based on the explanations below.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom of use,
|
||||||
|
not price. Our General Public Licenses are designed to make sure that
|
||||||
|
you have the freedom to distribute copies of free software (and charge
|
||||||
|
for this service if you wish); that you receive source code or can get
|
||||||
|
it if you want it; that you can change the software and use pieces of
|
||||||
|
it in new free programs; and that you are informed that you can do
|
||||||
|
these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to make restrictions that forbid
|
||||||
|
distributors to deny you these rights or to ask you to surrender these
|
||||||
|
rights. These restrictions translate to certain responsibilities for
|
||||||
|
you if you distribute copies of the library or if you modify it.
|
||||||
|
|
||||||
|
For example, if you distribute copies of the library, whether gratis
|
||||||
|
or for a fee, you must give the recipients all the rights that we gave
|
||||||
|
you. You must make sure that they, too, receive or can get the source
|
||||||
|
code. If you link other code with the library, you must provide
|
||||||
|
complete object files to the recipients, so that they can relink them
|
||||||
|
with the library after making changes to the library and recompiling
|
||||||
|
it. And you must show them these terms so they know their rights.
|
||||||
|
|
||||||
|
We protect your rights with a two-step method: (1) we copyright the
|
||||||
|
library, and (2) we offer you this license, which gives you legal
|
||||||
|
permission to copy, distribute and/or modify the library.
|
||||||
|
|
||||||
|
To protect each distributor, we want to make it very clear that
|
||||||
|
there is no warranty for the free library. Also, if the library is
|
||||||
|
modified by someone else and passed on, the recipients should know
|
||||||
|
that what they have is not the original version, so that the original
|
||||||
|
author's reputation will not be affected by problems that might be
|
||||||
|
introduced by others.
|
||||||
|
|
||||||
|
Finally, software patents pose a constant threat to the existence of
|
||||||
|
any free program. We wish to make sure that a company cannot
|
||||||
|
effectively restrict the users of a free program by obtaining a
|
||||||
|
restrictive license from a patent holder. Therefore, we insist that
|
||||||
|
any patent license obtained for a version of the library must be
|
||||||
|
consistent with the full freedom of use specified in this license.
|
||||||
|
|
||||||
|
Most GNU software, including some libraries, is covered by the
|
||||||
|
ordinary GNU General Public License. This license, the GNU Lesser
|
||||||
|
General Public License, applies to certain designated libraries, and
|
||||||
|
is quite different from the ordinary General Public License. We use
|
||||||
|
this license for certain libraries in order to permit linking those
|
||||||
|
libraries into non-free programs.
|
||||||
|
|
||||||
|
When a program is linked with a library, whether statically or using
|
||||||
|
a shared library, the combination of the two is legally speaking a
|
||||||
|
combined work, a derivative of the original library. The ordinary
|
||||||
|
General Public License therefore permits such linking only if the
|
||||||
|
entire combination fits its criteria of freedom. The Lesser General
|
||||||
|
Public License permits more lax criteria for linking other code with
|
||||||
|
the library.
|
||||||
|
|
||||||
|
We call this license the "Lesser" General Public License because it
|
||||||
|
does Less to protect the user's freedom than the ordinary General
|
||||||
|
Public License. It also provides other free software developers Less
|
||||||
|
of an advantage over competing non-free programs. These disadvantages
|
||||||
|
are the reason we use the ordinary General Public License for many
|
||||||
|
libraries. However, the Lesser license provides advantages in certain
|
||||||
|
special circumstances.
|
||||||
|
|
||||||
|
For example, on rare occasions, there may be a special need to
|
||||||
|
encourage the widest possible use of a certain library, so that it becomes
|
||||||
|
a de-facto standard. To achieve this, non-free programs must be
|
||||||
|
allowed to use the library. A more frequent case is that a free
|
||||||
|
library does the same job as widely used non-free libraries. In this
|
||||||
|
case, there is little to gain by limiting the free library to free
|
||||||
|
software only, so we use the Lesser General Public License.
|
||||||
|
|
||||||
|
In other cases, permission to use a particular library in non-free
|
||||||
|
programs enables a greater number of people to use a large body of
|
||||||
|
free software. For example, permission to use the GNU C Library in
|
||||||
|
non-free programs enables many more people to use the whole GNU
|
||||||
|
operating system, as well as its variant, the GNU/Linux operating
|
||||||
|
system.
|
||||||
|
|
||||||
|
Although the Lesser General Public License is Less protective of the
|
||||||
|
users' freedom, it does ensure that the user of a program that is
|
||||||
|
linked with the Library has the freedom and the wherewithal to run
|
||||||
|
that program using a modified version of the Library.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and
|
||||||
|
modification follow. Pay close attention to the difference between a
|
||||||
|
"work based on the library" and a "work that uses the library". The
|
||||||
|
former contains code derived from the library, whereas the latter must
|
||||||
|
be combined with the library in order to run.
|
||||||
|
|
||||||
|
GNU LESSER GENERAL PUBLIC LICENSE
|
||||||
|
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||||
|
|
||||||
|
0. This License Agreement applies to any software library or other
|
||||||
|
program which contains a notice placed by the copyright holder or
|
||||||
|
other authorized party saying it may be distributed under the terms of
|
||||||
|
this Lesser General Public License (also called "this License").
|
||||||
|
Each licensee is addressed as "you".
|
||||||
|
|
||||||
|
A "library" means a collection of software functions and/or data
|
||||||
|
prepared so as to be conveniently linked with application programs
|
||||||
|
(which use some of those functions and data) to form executables.
|
||||||
|
|
||||||
|
The "Library", below, refers to any such software library or work
|
||||||
|
which has been distributed under these terms. A "work based on the
|
||||||
|
Library" means either the Library or any derivative work under
|
||||||
|
copyright law: that is to say, a work containing the Library or a
|
||||||
|
portion of it, either verbatim or with modifications and/or translated
|
||||||
|
straightforwardly into another language. (Hereinafter, translation is
|
||||||
|
included without limitation in the term "modification".)
|
||||||
|
|
||||||
|
"Source code" for a work means the preferred form of the work for
|
||||||
|
making modifications to it. For a library, complete source code means
|
||||||
|
all the source code for all modules it contains, plus any associated
|
||||||
|
interface definition files, plus the scripts used to control compilation
|
||||||
|
and installation of the library.
|
||||||
|
|
||||||
|
Activities other than copying, distribution and modification are not
|
||||||
|
covered by this License; they are outside its scope. The act of
|
||||||
|
running a program using the Library is not restricted, and output from
|
||||||
|
such a program is covered only if its contents constitute a work based
|
||||||
|
on the Library (independent of the use of the Library in a tool for
|
||||||
|
writing it). Whether that is true depends on what the Library does
|
||||||
|
and what the program that uses the Library does.
|
||||||
|
|
||||||
|
1. You may copy and distribute verbatim copies of the Library's
|
||||||
|
complete source code as you receive it, in any medium, provided that
|
||||||
|
you conspicuously and appropriately publish on each copy an
|
||||||
|
appropriate copyright notice and disclaimer of warranty; keep intact
|
||||||
|
all the notices that refer to this License and to the absence of any
|
||||||
|
warranty; and distribute a copy of this License along with the
|
||||||
|
Library.
|
||||||
|
|
||||||
|
You may charge a fee for the physical act of transferring a copy,
|
||||||
|
and you may at your option offer warranty protection in exchange for a
|
||||||
|
fee.
|
||||||
|
|
||||||
|
2. You may modify your copy or copies of the Library or any portion
|
||||||
|
of it, thus forming a work based on the Library, and copy and
|
||||||
|
distribute such modifications or work under the terms of Section 1
|
||||||
|
above, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) The modified work must itself be a software library.
|
||||||
|
|
||||||
|
b) You must cause the files modified to carry prominent notices
|
||||||
|
stating that you changed the files and the date of any change.
|
||||||
|
|
||||||
|
c) You must cause the whole of the work to be licensed at no
|
||||||
|
charge to all third parties under the terms of this License.
|
||||||
|
|
||||||
|
d) If a facility in the modified Library refers to a function or a
|
||||||
|
table of data to be supplied by an application program that uses
|
||||||
|
the facility, other than as an argument passed when the facility
|
||||||
|
is invoked, then you must make a good faith effort to ensure that,
|
||||||
|
in the event an application does not supply such function or
|
||||||
|
table, the facility still operates, and performs whatever part of
|
||||||
|
its purpose remains meaningful.
|
||||||
|
|
||||||
|
(For example, a function in a library to compute square roots has
|
||||||
|
a purpose that is entirely well-defined independent of the
|
||||||
|
application. Therefore, Subsection 2d requires that any
|
||||||
|
application-supplied function or table used by this function must
|
||||||
|
be optional: if the application does not supply it, the square
|
||||||
|
root function must still compute square roots.)
|
||||||
|
|
||||||
|
These requirements apply to the modified work as a whole. If
|
||||||
|
identifiable sections of that work are not derived from the Library,
|
||||||
|
and can be reasonably considered independent and separate works in
|
||||||
|
themselves, then this License, and its terms, do not apply to those
|
||||||
|
sections when you distribute them as separate works. But when you
|
||||||
|
distribute the same sections as part of a whole which is a work based
|
||||||
|
on the Library, the distribution of the whole must be on the terms of
|
||||||
|
this License, whose permissions for other licensees extend to the
|
||||||
|
entire whole, and thus to each and every part regardless of who wrote
|
||||||
|
it.
|
||||||
|
|
||||||
|
Thus, it is not the intent of this section to claim rights or contest
|
||||||
|
your rights to work written entirely by you; rather, the intent is to
|
||||||
|
exercise the right to control the distribution of derivative or
|
||||||
|
collective works based on the Library.
|
||||||
|
|
||||||
|
In addition, mere aggregation of another work not based on the Library
|
||||||
|
with the Library (or with a work based on the Library) on a volume of
|
||||||
|
a storage or distribution medium does not bring the other work under
|
||||||
|
the scope of this License.
|
||||||
|
|
||||||
|
3. You may opt to apply the terms of the ordinary GNU General Public
|
||||||
|
License instead of this License to a given copy of the Library. To do
|
||||||
|
this, you must alter all the notices that refer to this License, so
|
||||||
|
that they refer to the ordinary GNU General Public License, version 2,
|
||||||
|
instead of to this License. (If a newer version than version 2 of the
|
||||||
|
ordinary GNU General Public License has appeared, then you can specify
|
||||||
|
that version instead if you wish.) Do not make any other change in
|
||||||
|
these notices.
|
||||||
|
|
||||||
|
Once this change is made in a given copy, it is irreversible for
|
||||||
|
that copy, so the ordinary GNU General Public License applies to all
|
||||||
|
subsequent copies and derivative works made from that copy.
|
||||||
|
|
||||||
|
This option is useful when you wish to copy part of the code of
|
||||||
|
the Library into a program that is not a library.
|
||||||
|
|
||||||
|
4. You may copy and distribute the Library (or a portion or
|
||||||
|
derivative of it, under Section 2) in object code or executable form
|
||||||
|
under the terms of Sections 1 and 2 above provided that you accompany
|
||||||
|
it with the complete corresponding machine-readable source code, which
|
||||||
|
must be distributed under the terms of Sections 1 and 2 above on a
|
||||||
|
medium customarily used for software interchange.
|
||||||
|
|
||||||
|
If distribution of object code is made by offering access to copy
|
||||||
|
from a designated place, then offering equivalent access to copy the
|
||||||
|
source code from the same place satisfies the requirement to
|
||||||
|
distribute the source code, even though third parties are not
|
||||||
|
compelled to copy the source along with the object code.
|
||||||
|
|
||||||
|
5. A program that contains no derivative of any portion of the
|
||||||
|
Library, but is designed to work with the Library by being compiled or
|
||||||
|
linked with it, is called a "work that uses the Library". Such a
|
||||||
|
work, in isolation, is not a derivative work of the Library, and
|
||||||
|
therefore falls outside the scope of this License.
|
||||||
|
|
||||||
|
However, linking a "work that uses the Library" with the Library
|
||||||
|
creates an executable that is a derivative of the Library (because it
|
||||||
|
contains portions of the Library), rather than a "work that uses the
|
||||||
|
library". The executable is therefore covered by this License.
|
||||||
|
Section 6 states terms for distribution of such executables.
|
||||||
|
|
||||||
|
When a "work that uses the Library" uses material from a header file
|
||||||
|
that is part of the Library, the object code for the work may be a
|
||||||
|
derivative work of the Library even though the source code is not.
|
||||||
|
Whether this is true is especially significant if the work can be
|
||||||
|
linked without the Library, or if the work is itself a library. The
|
||||||
|
threshold for this to be true is not precisely defined by law.
|
||||||
|
|
||||||
|
If such an object file uses only numerical parameters, data
|
||||||
|
structure layouts and accessors, and small macros and small inline
|
||||||
|
functions (ten lines or less in length), then the use of the object
|
||||||
|
file is unrestricted, regardless of whether it is legally a derivative
|
||||||
|
work. (Executables containing this object code plus portions of the
|
||||||
|
Library will still fall under Section 6.)
|
||||||
|
|
||||||
|
Otherwise, if the work is a derivative of the Library, you may
|
||||||
|
distribute the object code for the work under the terms of Section 6.
|
||||||
|
Any executables containing that work also fall under Section 6,
|
||||||
|
whether or not they are linked directly with the Library itself.
|
||||||
|
|
||||||
|
6. As an exception to the Sections above, you may also combine or
|
||||||
|
link a "work that uses the Library" with the Library to produce a
|
||||||
|
work containing portions of the Library, and distribute that work
|
||||||
|
under terms of your choice, provided that the terms permit
|
||||||
|
modification of the work for the customer's own use and reverse
|
||||||
|
engineering for debugging such modifications.
|
||||||
|
|
||||||
|
You must give prominent notice with each copy of the work that the
|
||||||
|
Library is used in it and that the Library and its use are covered by
|
||||||
|
this License. You must supply a copy of this License. If the work
|
||||||
|
during execution displays copyright notices, you must include the
|
||||||
|
copyright notice for the Library among them, as well as a reference
|
||||||
|
directing the user to the copy of this License. Also, you must do one
|
||||||
|
of these things:
|
||||||
|
|
||||||
|
a) Accompany the work with the complete corresponding
|
||||||
|
machine-readable source code for the Library including whatever
|
||||||
|
changes were used in the work (which must be distributed under
|
||||||
|
Sections 1 and 2 above); and, if the work is an executable linked
|
||||||
|
with the Library, with the complete machine-readable "work that
|
||||||
|
uses the Library", as object code and/or source code, so that the
|
||||||
|
user can modify the Library and then relink to produce a modified
|
||||||
|
executable containing the modified Library. (It is understood
|
||||||
|
that the user who changes the contents of definitions files in the
|
||||||
|
Library will not necessarily be able to recompile the application
|
||||||
|
to use the modified definitions.)
|
||||||
|
|
||||||
|
b) Use a suitable shared library mechanism for linking with the
|
||||||
|
Library. A suitable mechanism is one that (1) uses at run time a
|
||||||
|
copy of the library already present on the user's computer system,
|
||||||
|
rather than copying library functions into the executable, and (2)
|
||||||
|
will operate properly with a modified version of the library, if
|
||||||
|
the user installs one, as long as the modified version is
|
||||||
|
interface-compatible with the version that the work was made with.
|
||||||
|
|
||||||
|
c) Accompany the work with a written offer, valid for at
|
||||||
|
least three years, to give the same user the materials
|
||||||
|
specified in Subsection 6a, above, for a charge no more
|
||||||
|
than the cost of performing this distribution.
|
||||||
|
|
||||||
|
d) If distribution of the work is made by offering access to copy
|
||||||
|
from a designated place, offer equivalent access to copy the above
|
||||||
|
specified materials from the same place.
|
||||||
|
|
||||||
|
e) Verify that the user has already received a copy of these
|
||||||
|
materials or that you have already sent this user a copy.
|
||||||
|
|
||||||
|
For an executable, the required form of the "work that uses the
|
||||||
|
Library" must include any data and utility programs needed for
|
||||||
|
reproducing the executable from it. However, as a special exception,
|
||||||
|
the materials to be distributed need not include anything that is
|
||||||
|
normally distributed (in either source or binary form) with the major
|
||||||
|
components (compiler, kernel, and so on) of the operating system on
|
||||||
|
which the executable runs, unless that component itself accompanies
|
||||||
|
the executable.
|
||||||
|
|
||||||
|
It may happen that this requirement contradicts the license
|
||||||
|
restrictions of other proprietary libraries that do not normally
|
||||||
|
accompany the operating system. Such a contradiction means you cannot
|
||||||
|
use both them and the Library together in an executable that you
|
||||||
|
distribute.
|
||||||
|
|
||||||
|
7. You may place library facilities that are a work based on the
|
||||||
|
Library side-by-side in a single library together with other library
|
||||||
|
facilities not covered by this License, and distribute such a combined
|
||||||
|
library, provided that the separate distribution of the work based on
|
||||||
|
the Library and of the other library facilities is otherwise
|
||||||
|
permitted, and provided that you do these two things:
|
||||||
|
|
||||||
|
a) Accompany the combined library with a copy of the same work
|
||||||
|
based on the Library, uncombined with any other library
|
||||||
|
facilities. This must be distributed under the terms of the
|
||||||
|
Sections above.
|
||||||
|
|
||||||
|
b) Give prominent notice with the combined library of the fact
|
||||||
|
that part of it is a work based on the Library, and explaining
|
||||||
|
where to find the accompanying uncombined form of the same work.
|
||||||
|
|
||||||
|
8. You may not copy, modify, sublicense, link with, or distribute
|
||||||
|
the Library except as expressly provided under this License. Any
|
||||||
|
attempt otherwise to copy, modify, sublicense, link with, or
|
||||||
|
distribute the Library is void, and will automatically terminate your
|
||||||
|
rights under this License. However, parties who have received copies,
|
||||||
|
or rights, from you under this License will not have their licenses
|
||||||
|
terminated so long as such parties remain in full compliance.
|
||||||
|
|
||||||
|
9. You are not required to accept this License, since you have not
|
||||||
|
signed it. However, nothing else grants you permission to modify or
|
||||||
|
distribute the Library or its derivative works. These actions are
|
||||||
|
prohibited by law if you do not accept this License. Therefore, by
|
||||||
|
modifying or distributing the Library (or any work based on the
|
||||||
|
Library), you indicate your acceptance of this License to do so, and
|
||||||
|
all its terms and conditions for copying, distributing or modifying
|
||||||
|
the Library or works based on it.
|
||||||
|
|
||||||
|
10. Each time you redistribute the Library (or any work based on the
|
||||||
|
Library), the recipient automatically receives a license from the
|
||||||
|
original licensor to copy, distribute, link with or modify the Library
|
||||||
|
subject to these terms and conditions. You may not impose any further
|
||||||
|
restrictions on the recipients' exercise of the rights granted herein.
|
||||||
|
You are not responsible for enforcing compliance by third parties with
|
||||||
|
this License.
|
||||||
|
|
||||||
|
11. If, as a consequence of a court judgment or allegation of patent
|
||||||
|
infringement or for any other reason (not limited to patent issues),
|
||||||
|
conditions are imposed on you (whether by court order, agreement or
|
||||||
|
otherwise) that contradict the conditions of this License, they do not
|
||||||
|
excuse you from the conditions of this License. If you cannot
|
||||||
|
distribute so as to satisfy simultaneously your obligations under this
|
||||||
|
License and any other pertinent obligations, then as a consequence you
|
||||||
|
may not distribute the Library at all. For example, if a patent
|
||||||
|
license would not permit royalty-free redistribution of the Library by
|
||||||
|
all those who receive copies directly or indirectly through you, then
|
||||||
|
the only way you could satisfy both it and this License would be to
|
||||||
|
refrain entirely from distribution of the Library.
|
||||||
|
|
||||||
|
If any portion of this section is held invalid or unenforceable under any
|
||||||
|
particular circumstance, the balance of the section is intended to apply,
|
||||||
|
and the section as a whole is intended to apply in other circumstances.
|
||||||
|
|
||||||
|
It is not the purpose of this section to induce you to infringe any
|
||||||
|
patents or other property right claims or to contest validity of any
|
||||||
|
such claims; this section has the sole purpose of protecting the
|
||||||
|
integrity of the free software distribution system which is
|
||||||
|
implemented by public license practices. Many people have made
|
||||||
|
generous contributions to the wide range of software distributed
|
||||||
|
through that system in reliance on consistent application of that
|
||||||
|
system; it is up to the author/donor to decide if he or she is willing
|
||||||
|
to distribute software through any other system and a licensee cannot
|
||||||
|
impose that choice.
|
||||||
|
|
||||||
|
This section is intended to make thoroughly clear what is believed to
|
||||||
|
be a consequence of the rest of this License.
|
||||||
|
|
||||||
|
12. If the distribution and/or use of the Library is restricted in
|
||||||
|
certain countries either by patents or by copyrighted interfaces, the
|
||||||
|
original copyright holder who places the Library under this License may add
|
||||||
|
an explicit geographical distribution limitation excluding those countries,
|
||||||
|
so that distribution is permitted only in or among countries not thus
|
||||||
|
excluded. In such case, this License incorporates the limitation as if
|
||||||
|
written in the body of this License.
|
||||||
|
|
||||||
|
13. The Free Software Foundation may publish revised and/or new
|
||||||
|
versions of the Lesser General Public License from time to time.
|
||||||
|
Such new versions will be similar in spirit to the present version,
|
||||||
|
but may differ in detail to address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the Library
|
||||||
|
specifies a version number of this License which applies to it and
|
||||||
|
"any later version", you have the option of following the terms and
|
||||||
|
conditions either of that version or of any later version published by
|
||||||
|
the Free Software Foundation. If the Library does not specify a
|
||||||
|
license version number, you may choose any version ever published by
|
||||||
|
the Free Software Foundation.
|
||||||
|
|
||||||
|
14. If you wish to incorporate parts of the Library into other free
|
||||||
|
programs whose distribution conditions are incompatible with these,
|
||||||
|
write to the author to ask for permission. For software which is
|
||||||
|
copyrighted by the Free Software Foundation, write to the Free
|
||||||
|
Software Foundation; we sometimes make exceptions for this. Our
|
||||||
|
decision will be guided by the two goals of preserving the free status
|
||||||
|
of all derivatives of our free software and of promoting the sharing
|
||||||
|
and reuse of software generally.
|
||||||
|
|
||||||
|
NO WARRANTY
|
||||||
|
|
||||||
|
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
|
||||||
|
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
|
||||||
|
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
||||||
|
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
|
||||||
|
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
|
||||||
|
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
|
||||||
|
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||||
|
|
||||||
|
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
|
||||||
|
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
|
||||||
|
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
|
||||||
|
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
|
||||||
|
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
|
||||||
|
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
|
||||||
|
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
|
||||||
|
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
|
||||||
|
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
|
||||||
|
DAMAGES.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Programs and licenses with other licenses and/or authors than the
|
Programs and licenses with other licenses and/or authors than the
|
||||||
main license and authors:
|
main license and authors:
|
||||||
|
|
||||||
lib/3rdParty/tcpdf/fonts/DejaVu*.ttf A Public Domain, Bitstream, Inc., Tavmjong Bah
|
lib/3rdParty/composer/beberlei G 2013 Benjamin Eberlei
|
||||||
lib/3rdParty/tcpdf/fonts/DejaVu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
|
lib/3rdParty/composer/composer B Nils Adermann, Jordi Boggiano
|
||||||
lib/3rdParty/phpseclib B Jim Wigginton
|
lib/3rdParty/composer/fgrosse B 2015 Friedrich Große
|
||||||
templates/lib/*jquery*.js B 2010 John Resig, Paul Bakaus, Fred Heusschen
|
lib/3rdParty/composer/nyholm B 2016 Tobias Nyholm
|
||||||
|
lib/3rdParty/composer/paragonie B 2015 Paragon Initiative Enterprises
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Crypt_Blowfish H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Exception H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Idna G
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Imap_Client H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_ListHeaders H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mail G
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Mime H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Secret H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Socket_Client H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Filter H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Stream_Wrapper G
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Support G
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Text_Flowed H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Translation H
|
||||||
|
lib/3rdParty/composer/pear-pear.horde.org/Horde_Util H
|
||||||
|
lib/3rdParty/composer/php-http B 2015 PHP HTTP Team
|
||||||
|
lib/3rdParty/composer/phpmailer H
|
||||||
|
lib/3rdParty/composer/psr B 2018 PHP Framework Interoperability Group
|
||||||
|
lib/3rdParty/composer/ramsey B 2018 Ben Ramsey
|
||||||
|
lib/3rdParty/composer/spomky-labs B 2018 Spomky-Labs
|
||||||
|
lib/3rdParty/composer/symfony B 2019 Fabien Potencier
|
||||||
|
lib/3rdParty/composer/web-auth B 2018 Spomky-Labs
|
||||||
|
lib/3rdParty/tcpdf D 2020 Nicola Asuni - Tecnick.com LTD
|
||||||
|
lib/3rdParty/tcpdf/fonts/dejavu*.z A Public Domain, Bitstream, Inc., Tavmjong Bah
|
||||||
|
lib/3rdParty/phpseclib B 2019 TerraFrost and other contributors
|
||||||
|
lib/3rdParty/Monolog B 2011 Jordi Boggiano
|
||||||
|
lib/3rdParty/Psr B 2012 PHP Framework Interoperability Group
|
||||||
|
lib/3rdParty/yubico/Yubico.php C 2015 Yubico AB
|
||||||
|
templates/lib/*jquery*.js B 2018 jQuery Foundation and other contributors
|
||||||
|
style/120_jquery-ui*.css B 2016 jQuery Foundation and other contributors
|
||||||
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
|
templates/lib/*jquery-dropmenu-*.js B 2010 Fred Heusschen
|
||||||
templates/lib/*jquery-validationEngine-*.js B 2010 Cedric Dugas and Olivier Refalo
|
style/150_jquery-dropmenu*.css B 2010 Fred Heusschen
|
||||||
templates/lib/*jquery-fineuploader-*.js B 2010 Andrew Valums
|
templates/lib/*jquery-fineuploader-*.js B 2010 Andrew Valums
|
||||||
|
style/150_jquery-fineuploader*.css B 2010 Andrew Valums
|
||||||
|
templates/lib/*jquery-validationEngine-*.js B 2010 Cedric Dugas and Olivier Refalo
|
||||||
|
style/150_jquery-validationEngine*.css B 2010 Cedric Dugas and Olivier Refalo
|
||||||
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
||||||
style/600_cropper.css B 2018 Chen Fengyuan
|
style/600_cropper*.css B 2018 Chen Fengyuan
|
||||||
|
templates/lib/extra/duo/*.js E 2019 Duo Security
|
||||||
|
lib/3rdParty/duo/*.php E 2019 Duo Security
|
||||||
|
graphics/webauthn.svg F 2017 Duo Security, Inc.
|
||||||
|
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
|
||||||
|
style/610_magnific-popup.css B 2016 Dmitry Semenov
|
||||||
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
||||||
style/responsive/110_grid.css B
|
style/responsive/110_grid.css B
|
||||||
|
|
||||||
|
|
|
@ -21,11 +21,11 @@ The main script for the account pages is located in <span
|
||||||
a very simple content. If the page is loaded for the first time it
|
a very simple content. If the page is loaded for the first time it
|
||||||
creates a new <span style="font-weight: bold;">accountContainer</span>
|
creates a new <span style="font-weight: bold;">accountContainer</span>
|
||||||
inside the session and tells it to load/create an LDAP account. Then it
|
inside the session and tells it to load/create an LDAP account. Then it
|
||||||
calles the <span style="font-weight: bold;">continue_main()</span>
|
calls the <span style="font-weight: bold;">continue_main()</span>
|
||||||
function of the <span style="font-weight: bold;">accountContainer</span>
|
function of the <span style="font-weight: bold;">accountContainer</span>
|
||||||
object which prints all HTML output.<br>
|
object which prints all HTML output.<br>
|
||||||
<br>
|
<br>
|
||||||
Managing of user input etc. is completly made by the <span
|
Managing of user input etc. is completely made by the <span
|
||||||
style="font-weight: bold;">accountContainer</span>.<br>
|
style="font-weight: bold;">accountContainer</span>.<br>
|
||||||
<br>
|
<br>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
@ -54,7 +54,7 @@ to make it easier for the user to modify the values. The dynamic
|
||||||
options provided by the modules do not include a comment.<br>
|
options provided by the modules do not include a comment.<br>
|
||||||
<br>
|
<br>
|
||||||
<h2>Master configuration file</h2>
|
<h2>Master configuration file</h2>
|
||||||
LAM stores the default configuartion profile and a master password in <span
|
LAM stores the default configuration profile and a master password in <span
|
||||||
style="font-style: italic;">config/config.cfg</span>.<br>
|
style="font-style: italic;">config/config.cfg</span>.<br>
|
||||||
The master password is verified when the user wants to create/delete
|
The master password is verified when the user wants to create/delete
|
||||||
configuration profiles.<br>
|
configuration profiles.<br>
|
||||||
|
|
|
@ -39,7 +39,7 @@ attribute. Therefore we will save these two values.<br>
|
||||||
* This function loads all needed attributes into the
|
* This function loads all needed attributes into the
|
||||||
object.<br>
|
object.<br>
|
||||||
*<br>
|
*<br>
|
||||||
* @param array $attr an array as it is retured from
|
* @param array $attr an array as it is returned from
|
||||||
ldap_get_attributes<br>
|
ldap_get_attributes<br>
|
||||||
*/<br>
|
*/<br>
|
||||||
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_attributes</span>($attr) {<br>
|
<span style="font-weight: bold;">function</span> <span style="color: rgb(255, 0, 0);">load_attributes</span>($attr) {<br>
|
||||||
|
|
|
@ -58,7 +58,7 @@ class</span> <span style="color: rgb(255, 0, 0);">ieee802Device</span>
|
||||||
</table>
|
</table>
|
||||||
<br>
|
<br>
|
||||||
<h2>4. Meta data</h2>
|
<h2>4. Meta data</h2>
|
||||||
The module interface inludes a lot of required and optional functions.
|
The module interface includes a lot of required and optional functions.
|
||||||
Many of these functions do not need to be implemented directly in the
|
Many of these functions do not need to be implemented directly in the
|
||||||
module, you can define <span style="font-weight: bold;">meta data</span>
|
module, you can define <span style="font-weight: bold;">meta data</span>
|
||||||
for them and the <span style="font-weight: bold;">baseModule</span>
|
for them and the <span style="font-weight: bold;">baseModule</span>
|
||||||
|
|
|
@ -137,7 +137,7 @@ the <span style="font-style: italic;">baseModule</span> will use the <span style
|
||||||
check. This function already contains regular expressions for the most
|
check. This function already contains regular expressions for the most
|
||||||
common cases.<br>
|
common cases.<br>
|
||||||
To check if the minimum GID is smaller than the maximum GID we define a
|
To check if the minimum GID is smaller than the maximum GID we define a
|
||||||
check for the nonexistant option "cmpGID" and define it as optional.
|
check for the nonexistent option "cmpGID" and define it as optional.
|
||||||
This will do the comparison check.<br>
|
This will do the comparison check.<br>
|
||||||
<br>
|
<br>
|
||||||
<br>
|
<br>
|
||||||
|
|
|
@ -198,7 +198,7 @@ is set dynamically<br>
|
||||||
You can tell LAM what object classes are managed by your module.<br>
|
You can tell LAM what object classes are managed by your module.<br>
|
||||||
LAM will then check the spelling of the objectClass attributes and
|
LAM will then check the spelling of the objectClass attributes and
|
||||||
correct it automatically. This is useful if other applications (e.g.
|
correct it automatically. This is useful if other applications (e.g.
|
||||||
smbldap-tools) also create accounts and the spelling is differnt.<br>
|
smbldap-tools) also create accounts and the spelling is different.<br>
|
||||||
<br>
|
<br>
|
||||||
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
|
<span style="font-weight: bold; text-decoration: underline;">Example:</span><br>
|
||||||
<br>
|
<br>
|
||||||
|
|
|
@ -21,7 +21,7 @@ They are configured on tab "Jobs" in LAM server profile.<br>
|
||||||
<div style="text-align: left;">See ppolicyUser module for an example.<br>
|
<div style="text-align: left;">See ppolicyUser module for an example.<br>
|
||||||
<br>
|
<br>
|
||||||
<h2>Adding the job class</h2>
|
<h2>Adding the job class</h2>
|
||||||
The module defines the list of suuported jobs with function
|
The module defines the list of supported jobs with function
|
||||||
getSupportedJobs().<br>
|
getSupportedJobs().<br>
|
||||||
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
<table style="width: 100%; text-align: left;" class="mod-code" border="0" cellpadding="2" cellspacing="2">
|
||||||
<tbody>
|
<tbody>
|
||||||
|
@ -77,7 +77,7 @@ If your job requires any configuration options then use get/checkConfigOptions()
|
||||||
<br>
|
<br>
|
||||||
<h2>Database</h2>
|
<h2>Database</h2>
|
||||||
Jobs can access a database to read and store data about job runs. Use
|
Jobs can access a database to read and store data about job runs. Use
|
||||||
this e.g. if you need to save any status information accross job runs.<br>
|
this e.g. if you need to save any status information across job runs.<br>
|
||||||
Database access is specified with needsDatabaseAccess().<br>
|
Database access is specified with needsDatabaseAccess().<br>
|
||||||
<br>
|
<br>
|
||||||
There is a built-in database upgrade mechanism. Your job must return
|
There is a built-in database upgrade mechanism. Your job must return
|
||||||
|
|
|
@ -18,7 +18,7 @@ designed to be editable by hand. They do not allow to add comments and
|
||||||
have a simpler format.<br>
|
have a simpler format.<br>
|
||||||
<br>
|
<br>
|
||||||
<h2>Format</h2>
|
<h2>Format</h2>
|
||||||
There is one option per line which is formated: <identifier>:
|
There is one option per line which is formatted: <identifier>:
|
||||||
<value><br>
|
<value><br>
|
||||||
<br>
|
<br>
|
||||||
Identifier is the option's name, value is the rest of the line after
|
Identifier is the option's name, value is the rest of the line after
|
||||||
|
|
|
@ -88,10 +88,10 @@ class <span style="font-weight: bold;">toolProfileEditor</span> implements <span
|
||||||
}<br>
|
}<br>
|
||||||
<br>
|
<br>
|
||||||
/**<br>
|
/**<br>
|
||||||
* Returns the prefered position of this tool on the tools page.<br>
|
* Returns the preferred position of this tool on the tools page.<br>
|
||||||
* The position may be between 0 and 1000. 0 is the top position.<br>
|
* The position may be between 0 and 1000. 0 is the top position.<br>
|
||||||
*<br>
|
*<br>
|
||||||
* @return int prefered position<br>
|
* @return int preferred position<br>
|
||||||
*/<br>
|
*/<br>
|
||||||
function <span style="font-weight: bold;">getPosition</span>() {<br>
|
function <span style="font-weight: bold;">getPosition</span>() {<br>
|
||||||
return 100;<br>
|
return 100;<br>
|
||||||
|
|
|
@ -91,10 +91,10 @@ Example:<br>
|
||||||
<pre> }</pre>
|
<pre> }</pre>
|
||||||
<pre> </pre>
|
<pre> </pre>
|
||||||
<pre> /**</pre>
|
<pre> /**</pre>
|
||||||
<pre> * Returns the prefered position of this tool on the tools page.</pre>
|
<pre> * Returns the preferred position of this tool on the tools page.</pre>
|
||||||
<pre> * The position may be between 0 and 1000. 0 is the top position.</pre>
|
<pre> * The position may be between 0 and 1000. 0 is the top position.</pre>
|
||||||
<pre> *</pre>
|
<pre> *</pre>
|
||||||
<pre> * @return int prefered position</pre>
|
<pre> * @return int preferred position</pre>
|
||||||
<pre> */</pre>
|
<pre> */</pre>
|
||||||
<pre> function getPosition() {</pre>
|
<pre> function getPosition() {</pre>
|
||||||
<pre> return 600;</pre>
|
<pre> return 600;</pre>
|
||||||
|
|
|
@ -115,7 +115,7 @@ If you want to change more than just the labels, take a look at <span
|
||||||
style="font-weight: bold;">lib/types/user.inc</span>. When a list is
|
style="font-weight: bold;">lib/types/user.inc</span>. When a list is
|
||||||
displayed then the <span style="font-weight: bold;">showPage()</span>
|
displayed then the <span style="font-weight: bold;">showPage()</span>
|
||||||
function is called. You can overwrite this function to display a
|
function is called. You can overwrite this function to display a
|
||||||
completly new list or just one of the other functions.<br>
|
completely new list or just one of the other functions.<br>
|
||||||
<br>
|
<br>
|
||||||
<table style="width: 100%; text-align: left;" class="mod-code"
|
<table style="width: 100%; text-align: left;" class="mod-code"
|
||||||
border="0" cellpadding="2" cellspacing="2">
|
border="0" cellpadding="2" cellspacing="2">
|
||||||
|
|
|
@ -60,6 +60,14 @@ This is a list of API changes for all LAM releases.
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
|
<h2>6.7 -> 6.8</h2>
|
||||||
|
<ul>
|
||||||
|
<li>Module API
|
||||||
|
<ul>
|
||||||
|
<li>display_html_attributes(): use responsive HTML elements instead of tables</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
<h2>6.3 -> 6.4</h2>
|
<h2>6.3 -> 6.4</h2>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Module API
|
<li>Module API
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
||||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
|
||||||
<appendix id="mailSetup">
|
|
||||||
<title>Setup of email (SMTP) server</title>
|
|
||||||
|
|
||||||
<para>LAM always uses a local SMTP email server on the machine where LAM
|
|
||||||
is installed. Therefore, there is no need to configure any SMTP settings
|
|
||||||
inside LAM itself.</para>
|
|
||||||
|
|
||||||
<para>The local email server should be configured to forward all emails to
|
|
||||||
your company mail server (so-called smarthost). You can use any SMTP
|
|
||||||
software that ships with a Sendmail wrapper (e.g. Exim, Postfix, QMail or
|
|
||||||
Sendmail itself).</para>
|
|
||||||
|
|
||||||
<literallayout>
|
|
||||||
|
|
||||||
</literallayout>
|
|
||||||
|
|
||||||
<screenshot>
|
|
||||||
<mediaobject>
|
|
||||||
<imageobject>
|
|
||||||
<imagedata fileref="images/lam_mail.png" />
|
|
||||||
</imageobject>
|
|
||||||
</mediaobject>
|
|
||||||
</screenshot>
|
|
||||||
</appendix>
|
|
||||||
|
|
|
@ -104,6 +104,24 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry><inlinemediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/schema_samba.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</inlinemediaobject></entry>
|
||||||
|
|
||||||
|
<entry>AD LDS</entry>
|
||||||
|
|
||||||
|
<entry>user, group</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
|
||||||
|
<entry>AD LDS built-in</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry><inlinemediaobject>
|
<entry><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
|
|
@ -34,7 +34,7 @@
|
||||||
<section>
|
<section>
|
||||||
<title>Use of SSL</title>
|
<title>Use of SSL</title>
|
||||||
|
|
||||||
<para>The data which is transfered between you and LAM is very sensitive.
|
<para>The data which is transferred between you and LAM is very sensitive.
|
||||||
Please always use SSL encrypted connections between LAM and your browser
|
Please always use SSL encrypted connections between LAM and your browser
|
||||||
to protect yourself against network sniffers.</para>
|
to protect yourself against network sniffers.</para>
|
||||||
</section>
|
</section>
|
||||||
|
@ -257,7 +257,7 @@ semodule -i httpdlocal.pp</programlisting>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>directory contents must be accessible by browser but directory
|
<para>directory contents must be accessible by browser but directory
|
||||||
itself needs not to be browseable</para>
|
itself needs not to be browsable</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
@ -445,4 +445,51 @@ semodule -i httpdlocal.pp</programlisting>
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="a_webauthn">
|
||||||
|
<title>Webauthn/FIDO2</title>
|
||||||
|
|
||||||
|
<para>LAM allows to secure logins via <ulink
|
||||||
|
url="https://en.wikipedia.org/wiki/WebAuthn">Webauthn/FIDO2</ulink>. This
|
||||||
|
means your users login with their LDAP password and an additional hardware
|
||||||
|
token (e.g. Yubico Security Key, Windows Hello and many more).</para>
|
||||||
|
|
||||||
|
<para>Webauthn/FIDO2 is a very strong 2-factor-authentication method as it
|
||||||
|
also checks the website domain. This prevents attacks via web
|
||||||
|
proxies.</para>
|
||||||
|
|
||||||
|
<para>To use this feature you need to activate the 2-factor authentication
|
||||||
|
in LAM.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">LAM admin interface</emphasis></para>
|
||||||
|
|
||||||
|
<para>Please activate Webauthn/FIDO2 in your <link
|
||||||
|
linkend="conf_serverprofile_2fa">LAM server profile</link>. Then users
|
||||||
|
will be asked to authenticate via Webauthn/FIDO2 on each login.</para>
|
||||||
|
|
||||||
|
<para>If no device is registered for a user then LAM will ask for this
|
||||||
|
during login. Afterwards, users can manage their devices with the <link
|
||||||
|
linkend="tool_webauthn">Webauthn tool</link>.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">LAM Self Service</emphasis></para>
|
||||||
|
|
||||||
|
<para>Please activate Webauthn/FIDO2 in your <link
|
||||||
|
linkend="selfservice_2fa">LAM self service profile</link>. Then users will
|
||||||
|
be asked to authenticate via Webauthn/FIDO2 on each login.</para>
|
||||||
|
|
||||||
|
<para>If no device is registered for a user then LAM will ask for this
|
||||||
|
during login. Afterwards, users can manage their devices with the <link
|
||||||
|
linkend="selfservice_fields">Webauthn field</link>.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Global device management</emphasis></para>
|
||||||
|
|
||||||
|
<para>This is for cases where one of your users has no more access to his
|
||||||
|
device and cannot login anymore. In this case you can delete his device(s)
|
||||||
|
in the <link linkend="confmain_webauthn">LAM main
|
||||||
|
configuration</link>.</para>
|
||||||
|
|
||||||
|
<para>Note that devices can only be deleted. Registration of devices can
|
||||||
|
only be done by the user during login or on the management pages listed
|
||||||
|
above.</para>
|
||||||
|
</section>
|
||||||
</appendix>
|
</appendix>
|
||||||
|
|
|
@ -85,7 +85,7 @@
|
||||||
|
|
||||||
<para>If there are any object classes or attributes missing you will get
|
<para>If there are any object classes or attributes missing you will get
|
||||||
a notice. See <link linkend="a_schema">LDAP schema files</link> for a
|
a notice. See <link linkend="a_schema">LDAP schema files</link> for a
|
||||||
list of used schemas. You may also want to deactive unused modules in
|
list of used schemas. You may also want to deactivate unused modules in
|
||||||
your LAM server profile (tab "Modules").</para>
|
your LAM server profile (tab "Modules").</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
|
|
|
@ -93,9 +93,7 @@
|
||||||
<para>If the user account has set the mail attribute then LAM can
|
<para>If the user account has set the mail attribute then LAM can
|
||||||
send your user a mail with the new password. You can change the mail
|
send your user a mail with the new password. You can change the mail
|
||||||
template to fit your needs. Please configure your LAM server profile
|
template to fit your needs. Please configure your LAM server profile
|
||||||
to setup the sender address, subject and mail body. Please see <link
|
to setup the sender address, subject and mail body. See <link linkend="mailSetup">here</link> for setting up your
|
||||||
linkend="mailEOL">email format option</link> in case of broken
|
|
||||||
mails. See <link linkend="mailSetup">here</link> for setting up your
|
|
||||||
SMTP server.</para>
|
SMTP server.</para>
|
||||||
|
|
||||||
<para>Using this method will prevent that your support staff knows
|
<para>Using this method will prevent that your support staff knows
|
||||||
|
|
|
@ -292,7 +292,7 @@
|
||||||
|
|
||||||
<para><emphasis role="bold">LAM runtime environment:</emphasis></para>
|
<para><emphasis role="bold">LAM runtime environment:</emphasis></para>
|
||||||
|
|
||||||
<para>LAM runs on PHP. Therefore, it is independant of CPU architecture
|
<para>LAM runs on PHP. Therefore, it is independent of CPU architecture
|
||||||
and operating system (OS). You can run LAM on any OS which supports
|
and operating system (OS). You can run LAM on any OS which supports
|
||||||
Apache, Nginx or other PHP compatible web servers.</para>
|
Apache, Nginx or other PHP compatible web servers.</para>
|
||||||
|
|
||||||
|
|
|
@ -60,6 +60,10 @@
|
||||||
<para>When you entered the license key then the license details can be
|
<para>When you entered the license key then the license details can be
|
||||||
seen on LAM configuration overview page.</para>
|
seen on LAM configuration overview page.</para>
|
||||||
|
|
||||||
|
<para>By default, LAM Pro will show a warning message on the login page
|
||||||
|
3 weeks before expiration. You can disable this here and/or send out an
|
||||||
|
email instead.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -193,16 +197,41 @@
|
||||||
<section id="conf_logging">
|
<section id="conf_logging">
|
||||||
<title>Logging</title>
|
<title>Logging</title>
|
||||||
|
|
||||||
<para>LAM can log events (e.g. user logins). You can use system logging
|
<para>LAM can log events (e.g. user logins). You can use e.g. system
|
||||||
(syslog for Unix, event viewer for Windows) or log to a separate file.
|
logging (syslog for Unix, event viewer for Windows) or log to a separate
|
||||||
Please note that LAM may log sensitive data (e.g. passwords) at log
|
file. Please note that LAM may log sensitive data (e.g. passwords) at
|
||||||
level "Debug". Production systems should be set to "Warning" or
|
log level "Debug". Production systems should be set to "Warning" or
|
||||||
"Error".</para>
|
"Error".</para>
|
||||||
|
|
||||||
<para>The PHP error reporting is only for developers. By default LAM
|
<para>The PHP error reporting is only for developers. By default LAM
|
||||||
does not show PHP notice messages in the web pages. You can select to
|
does not show PHP notice messages in the web pages. You can select to
|
||||||
use the php.ini setting here or printing all errors and notices.</para>
|
use the php.ini setting here or printing all errors and notices.</para>
|
||||||
|
|
||||||
|
<para>Log destinations:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>File: all messages will be written to the given file. LAM will
|
||||||
|
create it if not yet existing.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Syslog: uses local system logging (syslog for Unix, event
|
||||||
|
viewer for Windows)</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Remote: sends log messages to a remote server that supports
|
||||||
|
the Unix <ulink url="https://www.rsyslog.com/">remote
|
||||||
|
Syslogd</ulink> protocol. Please enter destination as "server:port",
|
||||||
|
e.g. "myserver:123".</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>No logging: disabled logging</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -212,18 +241,23 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="mailSetup">
|
||||||
<title>Additional options</title>
|
<title>Mail options (LAM Pro)</title>
|
||||||
|
|
||||||
<para id="mailEOL"><emphasis role="bold">Email format</emphasis></para>
|
<para>Here you can configure the mail server settings. If you do not set
|
||||||
|
a mail server then LAM will try to use a locally installed one (e.g.
|
||||||
|
postfix, exim, sendmail).</para>
|
||||||
|
|
||||||
<para>Some email servers are not standards compatible. If you receive
|
<para>SMTP setup:</para>
|
||||||
mails that look broken you can change the line endings for sent mails
|
|
||||||
here. Default is to use "\r\n".</para>
|
|
||||||
|
|
||||||
<para>At the moment, this option is only available in LAM Pro as there
|
<para>Mail server: enter name + port separated by ":". E.g. "server:25"
|
||||||
is no mail sending in the free version. See <link
|
will use "server" on port 25. Please note that your mail server
|
||||||
linkend="mailSetup">here</link> for setting up your SMTP server.</para>
|
<emphasis role="bold">must</emphasis> support TLS encryption.</para>
|
||||||
|
|
||||||
|
<para>User name: enter the user name if your SMTP server requires
|
||||||
|
authentication</para>
|
||||||
|
|
||||||
|
<para>Password: enter the password for the user above</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -234,6 +268,33 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="confmain_webauthn">
|
||||||
|
<title>Webauthn/FIDO2 devices</title>
|
||||||
|
|
||||||
|
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2 appendix</link>
|
||||||
|
for an overview about Webauthn/FIDO2 in LAM.</para>
|
||||||
|
|
||||||
|
<para>Here you can delete any webauthn device registrations. This
|
||||||
|
section is only shown if at least one device is registered.</para>
|
||||||
|
|
||||||
|
<para>Enter a part of the user's DN in the input box and perform a
|
||||||
|
search. LAM will show users and devices that match the search. You can
|
||||||
|
then delete a device registration. If the user has no more registered
|
||||||
|
devices then LAM will ask for registration on next login.</para>
|
||||||
|
|
||||||
|
<para>Note: You cannot add any device here. This can only be done by the
|
||||||
|
user during login, <link linkend="tool_webauthn">webauthn tool</link> or
|
||||||
|
self service.</para>
|
||||||
|
|
||||||
|
<para><screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/configGeneral8.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot></para>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Change master password</title>
|
<title>Change master password</title>
|
||||||
|
|
||||||
|
@ -442,6 +503,9 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>Hide password prompt for expired password: Hides the password
|
||||||
|
prompt when a user with expired password logs into LAM.</para>
|
||||||
|
|
||||||
<literallayout>
|
<literallayout>
|
||||||
</literallayout>
|
</literallayout>
|
||||||
|
|
||||||
|
@ -464,6 +528,30 @@
|
||||||
is located. The default rights for new home directories can be set,
|
is located. The default rights for new home directories can be set,
|
||||||
too.</para>
|
too.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Note:</emphasis> This requires lamdaemon
|
||||||
|
to be installed on the remote server. This comes as separate package
|
||||||
|
for DEB/RPM. See <link linkend="a_lamdaemon">here</link>.</para>
|
||||||
|
|
||||||
|
<para>Script server format:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>"server": "server" is the DNS name of your script
|
||||||
|
server</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>"server:NAME": NAME is the display name of this
|
||||||
|
server</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>"server:NAME:/prefix": /prefix is the directory prefix for
|
||||||
|
all operations. E.g. creating a home directory "/home/user" would
|
||||||
|
create "/prefix/home/user" then.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>You can provide a fixed user name. If you leave the field empty
|
<para>You can provide a fixed user name. If you leave the field empty
|
||||||
then LAM will use your current account (the account you used to login
|
then LAM will use your current account (the account you used to login
|
||||||
to LAM).</para>
|
to LAM).</para>
|
||||||
|
@ -476,7 +564,9 @@
|
||||||
<para>SSH key (recommended): Please generate a SSH key pair and
|
<para>SSH key (recommended): Please generate a SSH key pair and
|
||||||
provide the location to the <emphasis
|
provide the location to the <emphasis
|
||||||
role="bold">private</emphasis> key file. If the key is protected
|
role="bold">private</emphasis> key file. If the key is protected
|
||||||
by a password you can also specify it here.</para>
|
by a password you can also specify it here. Please note that only
|
||||||
|
RSA keys (with "-----BEGIN RSA PRIVATE KEY-----" at the beginning
|
||||||
|
of the file) are supported.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -580,7 +670,8 @@
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para><emphasis role="bold">2-factor authentication</emphasis></para>
|
<para id="conf_serverprofile_2fa"><emphasis role="bold">2-factor
|
||||||
|
authentication</emphasis></para>
|
||||||
|
|
||||||
<para>LAM supports 2-factor authentication for your users. This means
|
<para>LAM supports 2-factor authentication for your users. This means
|
||||||
the user will not only authenticate by user+password but also with
|
the user will not only authenticate by user+password but also with
|
||||||
|
@ -596,11 +687,139 @@
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><ulink url="https://www.yubico.com/">YubiKey</ulink></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><ulink url="https://duo.com/">Duo</ulink></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><ulink
|
||||||
|
url="https://webauthn.io/">Webauthn/FIDO2</ulink></para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para>By default LAM will enforce to use a token and reject users that
|
<para>Configuration options:</para>
|
||||||
did not setup one. You can set this check to optional. But if a user
|
|
||||||
has setup a token then this will always be required.</para>
|
<para><emphasis role="bold">privacyIDEA</emphasis></para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Base URL: please enter the URL of your privacyIDEA
|
||||||
|
instance</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>User name attribute: please enter the LDAP attribute name
|
||||||
|
that contains the user ID (e.g. "uid").</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional: By default LAM will enforce to use a token and
|
||||||
|
reject users that did not setup one. You can set this check to
|
||||||
|
optional. But if a user has setup a token then this will always be
|
||||||
|
required.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Disable certificate check: This should be used on
|
||||||
|
development instances only. It skips the certificate check when
|
||||||
|
connecting to verification server.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">YubiKey</emphasis></para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Base URLs: please enter the URL(s) of your YubiKey
|
||||||
|
verification server(s). If you run a custom verification API such
|
||||||
|
as yubiserver then enter its URL (e.g.
|
||||||
|
http://www.example.com:8000/wsapi/2.0/verify). The URL needs to
|
||||||
|
end with "/wsapi/2.0/verify". For YubiKey cloud these are
|
||||||
|
"https://api.yubico.com/wsapi/2.0/verify",
|
||||||
|
"https://api2.yubico.com/wsapi/2.0/verify",
|
||||||
|
"https://api3.yubico.com/wsapi/2.0/verify",
|
||||||
|
"https://api4.yubico.com/wsapi/2.0/verify" and
|
||||||
|
"https://api5.yubico.com/wsapi/2.0/verify". Enter one URL per
|
||||||
|
line.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Client id: this is only required for YubiKey cloud. You can
|
||||||
|
register here: https://upgrade.yubico.com/getapikey/</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Secret key: this is only required for YubiKey cloud. You can
|
||||||
|
register here: https://upgrade.yubico.com/getapikey/</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional: By default LAM will enforce to use a token and
|
||||||
|
reject users that did not setup one. You can set this check to
|
||||||
|
optional. But if a user has setup a token then this will always be
|
||||||
|
required.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Disable certificate check: This should be used on
|
||||||
|
development instances only. It skips the certificate check when
|
||||||
|
connecting to verification server.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Duo</emphasis></para>
|
||||||
|
|
||||||
|
<para>This requires to register a new "Web SDK" application in your
|
||||||
|
Duo admin panel.</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>User name attribute: please enter the LDAP attribute name
|
||||||
|
that contains the user ID (e.g. "uid").</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Base URL: please enter the API-URL of your Duo instance
|
||||||
|
(e.g. api-12345.duosecurity.com).</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Client id: please enter your integration key.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Secret key: please enter your secret key.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Webauthn/FIDO2</emphasis></para>
|
||||||
|
|
||||||
|
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2
|
||||||
|
appendix</link> for an overview about Webauthn/FIDO2 in LAM.</para>
|
||||||
|
|
||||||
|
<para>Users will be asked to register a device during login if no
|
||||||
|
device is setup.</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Domain: Please enter the WebAuthn domain. This is the public
|
||||||
|
domain of the web server (e.g. "example.com"). Do not include
|
||||||
|
protocol or port. Browsers will reject authentication if the
|
||||||
|
domain does not match the web server domain.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional: By default LAM will enforce to use a 2FA device
|
||||||
|
and reject users that do not setup one. You can set this check to
|
||||||
|
optional. But if a user has setup a device then this will always
|
||||||
|
be required.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -879,7 +1098,77 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<section>
|
<para>Available jobs:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_ppolicy_password_expire">PPolicy: Notify
|
||||||
|
users about password expiration</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_389_password_expire">389ds: Notify users
|
||||||
|
about password expiration</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_shadow_password_expire">Shadow: Notify
|
||||||
|
users about password expiration</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_shadow_move_expired">Shadow: Delete or
|
||||||
|
move expired accounts</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_shadow_account_expiration_note">Shadow:
|
||||||
|
Notify users about account expiration</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_windows_password_expire">Windows: Notify
|
||||||
|
users about password expiration</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_windows_account_expiration_note">Windows:
|
||||||
|
Notify users about account expiration</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_windows_move_expired">Windows: Delete or
|
||||||
|
move expired accounts</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_windows_notify_groups">Windows: Notify
|
||||||
|
users about their managed groups</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_freeradius_move_expired">FreeRadius:
|
||||||
|
Delete or move expired accounts</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link
|
||||||
|
linkend="job_freeradius_account_expiration_notification">FreeRadius:
|
||||||
|
Notify users about account expiration</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_qmail_move_expired">Qmail: Delete or move
|
||||||
|
expired accounts</link></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><link linkend="job_qmail_account_expire_notify">Qmail:
|
||||||
|
Notify users about account expiration</link></para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<section id="job_ppolicy_password_expire">
|
||||||
<title>PPolicy: Notify users about password expiration</title>
|
<title>PPolicy: Notify users about password expiration</title>
|
||||||
|
|
||||||
<para>This will send your users an email reminder before their
|
<para>This will send your users an email reminder before their
|
||||||
|
@ -993,7 +1282,7 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
"2016-12-31".</para>
|
"2016-12-31".</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="job_389_password_expire">
|
||||||
<title>389ds: Notify users about password expiration</title>
|
<title>389ds: Notify users about password expiration</title>
|
||||||
|
|
||||||
<para>This will send your users an email reminder before their
|
<para>This will send your users an email reminder before their
|
||||||
|
@ -1086,7 +1375,7 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
"2016-12-31".</para>
|
"2016-12-31".</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="job_shadow_password_expire">
|
||||||
<title>Shadow: Notify users about password expiration</title>
|
<title>Shadow: Notify users about password expiration</title>
|
||||||
|
|
||||||
<para>This will send your users an email reminder before their
|
<para>This will send your users an email reminder before their
|
||||||
|
@ -1187,7 +1476,7 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
"2016-12-31".</para>
|
"2016-12-31".</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="job_shadow_move_expired">
|
||||||
<title>Shadow: Delete or move expired accounts</title>
|
<title>Shadow: Delete or move expired accounts</title>
|
||||||
|
|
||||||
<para>You can automatically delete or move expired accounts. The job
|
<para>You can automatically delete or move expired accounts. The job
|
||||||
|
@ -1237,7 +1526,91 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</table>
|
</table>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="job_shadow_account_expiration_note">
|
||||||
|
<title>Shadow: Notify users about account expiration</title>
|
||||||
|
|
||||||
|
<para>This will send your users an email reminder before their whole
|
||||||
|
account expires.</para>
|
||||||
|
|
||||||
|
<para>You need to activate the Shadow module for users to be able to
|
||||||
|
add this job. The job can be added multiple times (e.g. to send a
|
||||||
|
second warning at a later time).</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/jobs_shadow3.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><table>
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
|
<tgroup cols="2">
|
||||||
|
<tbody>
|
||||||
|
<row>
|
||||||
|
<entry><emphasis role="bold">Option</emphasis></entry>
|
||||||
|
|
||||||
|
<entry><emphasis
|
||||||
|
role="bold">Description</emphasis></entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>From address</entry>
|
||||||
|
|
||||||
|
<entry>The email address to set as FROM.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Reply-to address</entry>
|
||||||
|
|
||||||
|
<entry>Optional Reply-to address for email.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>CC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional CC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>BCC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional BCC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Subject</entry>
|
||||||
|
|
||||||
|
<entry>The email subject line. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Text</entry>
|
||||||
|
|
||||||
|
<entry>The email body text. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Notification period</entry>
|
||||||
|
|
||||||
|
<entry>Number of days to notify before account
|
||||||
|
expires.</entry>
|
||||||
|
</row>
|
||||||
|
</tbody>
|
||||||
|
</tgroup>
|
||||||
|
</table>Wildcards:</para>
|
||||||
|
|
||||||
|
<para>You can enter LDAP attributes as wildcards in the form
|
||||||
|
@@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
|
||||||
|
For the common name it would be "@@cn@@".</para>
|
||||||
|
|
||||||
|
<para>There are also two special wildcards for the expiration date.
|
||||||
|
@@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016".
|
||||||
|
@@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
|
||||||
|
"2016-12-31".</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="job_windows_password_expire">
|
||||||
<title>Windows: Notify users about password expiration</title>
|
<title>Windows: Notify users about password expiration</title>
|
||||||
|
|
||||||
<para>This will send your users an email reminder before their
|
<para>This will send your users an email reminder before their
|
||||||
|
@ -1329,7 +1702,91 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
"2016-12-31".</para>
|
"2016-12-31".</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="job_windows_account_expiration_note">
|
||||||
|
<title>Windows: Notify users about account expiration</title>
|
||||||
|
|
||||||
|
<para>This will send your users an email reminder before their whole
|
||||||
|
account expires.</para>
|
||||||
|
|
||||||
|
<para>You need to activate the Windows module for users to be able
|
||||||
|
to add this job. The job can be added multiple times (e.g. to send a
|
||||||
|
second warning at a later time).</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/jobs_windowsAccountExpiration.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><table>
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
|
<tgroup cols="2">
|
||||||
|
<tbody>
|
||||||
|
<row>
|
||||||
|
<entry><emphasis role="bold">Option</emphasis></entry>
|
||||||
|
|
||||||
|
<entry><emphasis
|
||||||
|
role="bold">Description</emphasis></entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>From address</entry>
|
||||||
|
|
||||||
|
<entry>The email address to set as FROM.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Reply-to address</entry>
|
||||||
|
|
||||||
|
<entry>Optional Reply-to address for email.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>CC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional CC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>BCC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional BCC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Subject</entry>
|
||||||
|
|
||||||
|
<entry>The email subject line. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Text</entry>
|
||||||
|
|
||||||
|
<entry>The email body text. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Notification period</entry>
|
||||||
|
|
||||||
|
<entry>Number of days to notify before account
|
||||||
|
expires.</entry>
|
||||||
|
</row>
|
||||||
|
</tbody>
|
||||||
|
</tgroup>
|
||||||
|
</table>Wildcards:</para>
|
||||||
|
|
||||||
|
<para>You can enter LDAP attributes as wildcards in the form
|
||||||
|
@@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
|
||||||
|
For the common name it would be "@@cn@@".</para>
|
||||||
|
|
||||||
|
<para>There are also two special wildcards for the expiration date.
|
||||||
|
@@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016".
|
||||||
|
@@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
|
||||||
|
"2016-12-31".</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="job_windows_move_expired">
|
||||||
<title>Windows: Delete or move expired accounts</title>
|
<title>Windows: Delete or move expired accounts</title>
|
||||||
|
|
||||||
<para>You can automatically delete or move expired accounts.</para>
|
<para>You can automatically delete or move expired accounts.</para>
|
||||||
|
@ -1377,7 +1834,96 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</table>
|
</table>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="job_windows_notify_groups">
|
||||||
|
<title>Windows: Notify users about their managed groups</title>
|
||||||
|
|
||||||
|
<para>This will send your users an email with the groups they
|
||||||
|
manage. This also includes a list of users in these groups. The
|
||||||
|
users and groups are searched using the user+group account types
|
||||||
|
that are specified in server profile.</para>
|
||||||
|
|
||||||
|
<para>You need to activate the Windows module for users to be able
|
||||||
|
to add this job. The job can be added multiple times.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/jobs_windowsNotifyGroups.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><table>
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
|
<tgroup cols="2">
|
||||||
|
<tbody>
|
||||||
|
<row>
|
||||||
|
<entry><emphasis role="bold">Option</emphasis></entry>
|
||||||
|
|
||||||
|
<entry><emphasis
|
||||||
|
role="bold">Description</emphasis></entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>From address</entry>
|
||||||
|
|
||||||
|
<entry>The email address to set as FROM.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Reply-to address</entry>
|
||||||
|
|
||||||
|
<entry>Optional Reply-to address for email.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>CC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional CC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>BCC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional BCC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Subject</entry>
|
||||||
|
|
||||||
|
<entry>The email subject line. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>HTML format</entry>
|
||||||
|
|
||||||
|
<entry>Send email as HTML instead of plain text.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Text</entry>
|
||||||
|
|
||||||
|
<entry>The email body text. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Period</entry>
|
||||||
|
|
||||||
|
<entry>Defines how often the mail is sent (e.g.
|
||||||
|
quarterly).</entry>
|
||||||
|
</row>
|
||||||
|
</tbody>
|
||||||
|
</tgroup>
|
||||||
|
</table>Wildcards:</para>
|
||||||
|
|
||||||
|
<para>You can enter LDAP attributes as wildcards in the form
|
||||||
|
@@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
|
||||||
|
For the common name it would be "@@cn@@".</para>
|
||||||
|
|
||||||
|
<para>Use the wildcard "@@LAM_MANAGED_GROUPS@@" to insert the group
|
||||||
|
listing. This wildcard is mandatory.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="job_freeradius_move_expired">
|
||||||
<title>FreeRadius: Delete or move expired accounts</title>
|
<title>FreeRadius: Delete or move expired accounts</title>
|
||||||
|
|
||||||
<para>You can automatically delete or move expired accounts.</para>
|
<para>You can automatically delete or move expired accounts.</para>
|
||||||
|
@ -1425,7 +1971,91 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</table>
|
</table>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="job_freeradius_account_expiration_notification">
|
||||||
|
<title>FreeRadius: Notify users about account expiration</title>
|
||||||
|
|
||||||
|
<para>This will send your users an email reminder before their
|
||||||
|
FreeRadius account expires.</para>
|
||||||
|
|
||||||
|
<para>You need to activate the FreeRadius module for users to be
|
||||||
|
able to add this job. The job can be added multiple times (e.g. to
|
||||||
|
send a second warning at a later time).</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/jobs_freeradiusAccountExpiration.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><table>
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
|
<tgroup cols="2">
|
||||||
|
<tbody>
|
||||||
|
<row>
|
||||||
|
<entry><emphasis role="bold">Option</emphasis></entry>
|
||||||
|
|
||||||
|
<entry><emphasis
|
||||||
|
role="bold">Description</emphasis></entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>From address</entry>
|
||||||
|
|
||||||
|
<entry>The email address to set as FROM.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Reply-to address</entry>
|
||||||
|
|
||||||
|
<entry>Optional Reply-to address for email.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>CC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional CC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>BCC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional BCC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Subject</entry>
|
||||||
|
|
||||||
|
<entry>The email subject line. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Text</entry>
|
||||||
|
|
||||||
|
<entry>The email body text. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Notification period</entry>
|
||||||
|
|
||||||
|
<entry>Number of days to notify before account
|
||||||
|
expires.</entry>
|
||||||
|
</row>
|
||||||
|
</tbody>
|
||||||
|
</tgroup>
|
||||||
|
</table>Wildcards:</para>
|
||||||
|
|
||||||
|
<para>You can enter LDAP attributes as wildcards in the form
|
||||||
|
@@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
|
||||||
|
For the common name it would be "@@cn@@".</para>
|
||||||
|
|
||||||
|
<para>There are also two special wildcards for the expiration date.
|
||||||
|
@@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016".
|
||||||
|
@@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
|
||||||
|
"2016-12-31".</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="job_qmail_move_expired">
|
||||||
<title>Qmail: Delete or move expired accounts</title>
|
<title>Qmail: Delete or move expired accounts</title>
|
||||||
|
|
||||||
<para>You can automatically delete or move expired accounts. The job
|
<para>You can automatically delete or move expired accounts. The job
|
||||||
|
@ -1473,6 +2103,90 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</tgroup>
|
</tgroup>
|
||||||
</table>
|
</table>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="job_qmail_account_expire_notify">
|
||||||
|
<title>Qmail: Notify users about account expiration</title>
|
||||||
|
|
||||||
|
<para>This will send your users an email reminder before their Qmail
|
||||||
|
account expires.</para>
|
||||||
|
|
||||||
|
<para>You need to activate the Qmail module for users to be able to
|
||||||
|
add this job. The job can be added multiple times (e.g. to send a
|
||||||
|
second warning at a later time).</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/jobs_qmailAccountExpiration.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><table>
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
|
<tgroup cols="2">
|
||||||
|
<tbody>
|
||||||
|
<row>
|
||||||
|
<entry><emphasis role="bold">Option</emphasis></entry>
|
||||||
|
|
||||||
|
<entry><emphasis
|
||||||
|
role="bold">Description</emphasis></entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>From address</entry>
|
||||||
|
|
||||||
|
<entry>The email address to set as FROM.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Reply-to address</entry>
|
||||||
|
|
||||||
|
<entry>Optional Reply-to address for email.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>CC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional CC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>BCC address</entry>
|
||||||
|
|
||||||
|
<entry>Optional BCC mail address.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Subject</entry>
|
||||||
|
|
||||||
|
<entry>The email subject line. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Text</entry>
|
||||||
|
|
||||||
|
<entry>The email body text. Supports wildcards, see
|
||||||
|
below.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Notification period</entry>
|
||||||
|
|
||||||
|
<entry>Number of days to notify before account
|
||||||
|
expires.</entry>
|
||||||
|
</row>
|
||||||
|
</tbody>
|
||||||
|
</tgroup>
|
||||||
|
</table>Wildcards:</para>
|
||||||
|
|
||||||
|
<para>You can enter LDAP attributes as wildcards in the form
|
||||||
|
@@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
|
||||||
|
For the common name it would be "@@cn@@".</para>
|
||||||
|
|
||||||
|
<para>There are also two special wildcards for the expiration date.
|
||||||
|
@@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016".
|
||||||
|
@@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
|
||||||
|
"2016-12-31".</para>
|
||||||
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
|
@ -1591,4 +2305,50 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Self Service (LAM Pro)</title>
|
||||||
|
|
||||||
|
<para>See <link linkend="a_selfService">Self Service
|
||||||
|
chapter</link>.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Import and export configuration</title>
|
||||||
|
|
||||||
|
<para>Here you can export and import LAM's whole configuration. You can
|
||||||
|
use this to backup the configuration or migrate from one server to
|
||||||
|
another.</para>
|
||||||
|
|
||||||
|
<para>You will need to login with the configuration master password to use
|
||||||
|
this feature.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/confImportExport1.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Export</emphasis></para>
|
||||||
|
|
||||||
|
<para>This will dump the whole configuration to one big single file. It is
|
||||||
|
not possible to dump only parts of the configuration. During import you
|
||||||
|
can select what exactly to import.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Import</emphasis></para>
|
||||||
|
|
||||||
|
<para>Please select the import file first and submit. LAM will then
|
||||||
|
present you possible import data. You can select what to import using the
|
||||||
|
checkboxes.</para>
|
||||||
|
|
||||||
|
<para>Please note that LAM will not delete e.g. server profiles that are
|
||||||
|
not in the import file.</para>
|
||||||
|
|
||||||
|
<para>Example: You have profile1+profile2 in your LAM installation and
|
||||||
|
profile2+profile3 in your import file. When you select to import all
|
||||||
|
server profiles then profile1 stays untouched, profile2 will be
|
||||||
|
overwritten and profile3 will be added.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/confImportExport2.png"/>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Apache/Nginx webserver (SSL recommended) with PHP module (PHP
|
<para>Apache/Nginx webserver (SSL recommended) with PHP module (PHP
|
||||||
(>= 5.6.0) with ldap, gettext, xml, openssl and optional
|
(>= 7.0.0) with ldap, gettext, xml, openssl and optional
|
||||||
OpenSSL)</para>
|
OpenSSL)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
@ -150,9 +150,9 @@
|
||||||
role="bold">rpm -i <path to LAM
|
role="bold">rpm -i <path to LAM
|
||||||
package></emphasis></para><literallayout>
|
package></emphasis></para><literallayout>
|
||||||
</literallayout><para><emphasis role="bold">Note:</emphasis> The RPM packages
|
</literallayout><para><emphasis role="bold">Note:</emphasis> The RPM packages
|
||||||
for Fedora/CentOS do not contain a dependency to PHP due to
|
do not contain a dependency to PHP due to the various package
|
||||||
the various package names for it. Please make sure that you
|
names for it. Please make sure that you install Apache/Nginx
|
||||||
install Apache/Nginx with PHP.</para></entry>
|
with PHP.</para></entry>
|
||||||
</row>
|
</row>
|
||||||
</tbody>
|
</tbody>
|
||||||
</tgroup>
|
</tgroup>
|
||||||
|
@ -313,6 +313,45 @@
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Docker</title>
|
||||||
|
|
||||||
|
<para>You can run LAM inside Docker.</para>
|
||||||
|
|
||||||
|
<para>Possible environment variables are documented in the <ulink
|
||||||
|
url="https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env">sample
|
||||||
|
.env</ulink> file.</para>
|
||||||
|
|
||||||
|
<para>See here:</para>
|
||||||
|
|
||||||
|
<para><ulink
|
||||||
|
url="https://hub.docker.com/r/ldapaccountmanager/lam">https://hub.docker.com/r/ldapaccountmanager/lam</ulink></para>
|
||||||
|
|
||||||
|
<para/>
|
||||||
|
|
||||||
|
<para>LAM Pro:</para>
|
||||||
|
|
||||||
|
<para>Please request access at support providing your Docker Hub user
|
||||||
|
ID.</para>
|
||||||
|
|
||||||
|
<para><ulink
|
||||||
|
url="https://hub.docker.com/r/ldapaccountmanager/lampro">https://hub.docker.com/r/ldapaccountmanager/lampro</ulink></para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Configuration files</emphasis></para>
|
||||||
|
|
||||||
|
<para>All configuration files are stored in:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>/etc/ldap-account-manager</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>/var/lib/ldap-account-manager</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>System configuration</title>
|
<title>System configuration</title>
|
||||||
|
|
||||||
|
@ -574,6 +613,46 @@
|
||||||
version. Unless explicitly noticed there is no need to install an
|
version. Unless explicitly noticed there is no need to install an
|
||||||
intermediate release.</para>
|
intermediate release.</para>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>7.2 -> 7.3</title>
|
||||||
|
|
||||||
|
<para>No actions required.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>7.1 -> 7.2</title>
|
||||||
|
|
||||||
|
<para>LAM Pro: All emails need a specified FROM address. This affects
|
||||||
|
password email, self registration, password self reset and cron
|
||||||
|
emails.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>6.7 -> 7.1</title>
|
||||||
|
|
||||||
|
<para>No actions required.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>6.6 -> 6.7</title>
|
||||||
|
|
||||||
|
<para>Self service: please verify the self service base URL in your
|
||||||
|
self service profiles in case you have password self reset / user self
|
||||||
|
registration enabled.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>6.5 -> 6.6</title>
|
||||||
|
|
||||||
|
<para>No actions required.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>6.4 -> 6.5</title>
|
||||||
|
|
||||||
|
<para>No actions required.</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>6.3 -> 6.4</title>
|
<title>6.3 -> 6.4</title>
|
||||||
|
|
||||||
|
|
|
@ -1186,7 +1186,7 @@
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Windows (Samba 4)</title>
|
<title>Windows (Samba 4/Active Directory)</title>
|
||||||
|
|
||||||
<para>Please activate the account type "Users" in your LAM server
|
<para>Please activate the account type "Users" in your LAM server
|
||||||
profile and then add the user module "Windows (windowsUser)(*)".</para>
|
profile and then add the user module "Windows (windowsUser)(*)".</para>
|
||||||
|
@ -1218,10 +1218,14 @@
|
||||||
|
|
||||||
<para>NIS support is deactivated by default. Enable it if needed.</para>
|
<para>NIS support is deactivated by default. Enable it if needed.</para>
|
||||||
|
|
||||||
|
<para>You can also set maximum values for user photos in advanced
|
||||||
|
options.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
<imagedata fileref="images/mod_windowsUser5.png"/>
|
<imagedata contentwidth="1172"
|
||||||
|
fileref="images/mod_windowsUser5.png"/>
|
||||||
</imageobject>
|
</imageobject>
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
@ -1345,6 +1349,146 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
|
||||||
|
|
||||||
|
<para>Please activate the account type "Users" in your LAM server
|
||||||
|
profile and then add the user module "AD LDS
|
||||||
|
(windowsLDSUser)(*)".</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_windowsUser4.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>The default list attributes are for Unix and not suitable for AD
|
||||||
|
LDS (blank lines in account table). Please use
|
||||||
|
"#cn;#givenName;#sn;#mail" or select your own attributes to display in
|
||||||
|
the account list.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_adLds1.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>On tab "Module settings" you can specify the possible Windows
|
||||||
|
domain names.</para>
|
||||||
|
|
||||||
|
<para>You can also set maximum values for user photos in advanced
|
||||||
|
options.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata contentwidth="1172" fileref="images/mod_adLds3.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Now you can manage your AD LDS users and e.g. assign groups. You
|
||||||
|
might want to set the default domain name in the <link
|
||||||
|
linkend="a_accountProfile">profile editor</link>.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Attention:</emphasis></para>
|
||||||
|
|
||||||
|
<para>Password changes require a secure connection via ldaps://. Check
|
||||||
|
your LAM server profile if password changes are refused by the
|
||||||
|
server.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_adLds4a.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_adLds4b.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Wildcards</emphasis></para>
|
||||||
|
|
||||||
|
<para>This module provides the following wildcards (others may be
|
||||||
|
provided by other modules):</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>$firstname: First name</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>$lastname: Last name</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>$user: User name</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>$commonname: Common name</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>$email: Email address</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>You can use them in the following input fields on user edit
|
||||||
|
screen:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Common name</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Display name</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Email</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Email alias</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>Use this when some of your data always follows the same schema.
|
||||||
|
E.g. using "$firstname $lastname" in common name field can be used like
|
||||||
|
this to get "Demo User". You can set the wildcards in profile editor so
|
||||||
|
they are automatically applied for new users.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_adLds5a.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para/>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_adLds5b.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Filesystem quota (lamdaemon)</title>
|
<title>Filesystem quota (lamdaemon)</title>
|
||||||
|
|
||||||
|
@ -1663,7 +1807,7 @@
|
||||||
<para><emphasis role="bold">Setup password changing</emphasis></para>
|
<para><emphasis role="bold">Setup password changing</emphasis></para>
|
||||||
|
|
||||||
<para>LAM Pro cannot generate the password hashes itself because Heimdal
|
<para>LAM Pro cannot generate the password hashes itself because Heimdal
|
||||||
uses a propietary format for them. Therefore, LAM Pro needs to call e.g.
|
uses a proprietary format for them. Therefore, LAM Pro needs to call e.g.
|
||||||
kadmin to set the password.</para>
|
kadmin to set the password.</para>
|
||||||
|
|
||||||
<para>The wildcards @@password@@ and @@principal@@ are replaced with
|
<para>The wildcards @@password@@ and @@principal@@ are replaced with
|
||||||
|
@ -1712,7 +1856,7 @@
|
||||||
<para><emphasis role="bold">Setup password changing</emphasis></para>
|
<para><emphasis role="bold">Setup password changing</emphasis></para>
|
||||||
|
|
||||||
<para>LAM Pro cannot generate the password hashes itself because MIT
|
<para>LAM Pro cannot generate the password hashes itself because MIT
|
||||||
uses a propietary format for them. Therefore, LAM Pro needs to call
|
uses a proprietary format for them. Therefore, LAM Pro needs to call
|
||||||
kadmin/kadmin.local to set the password.</para>
|
kadmin/kadmin.local to set the password.</para>
|
||||||
|
|
||||||
<para>LAM will add "-q 'cpw -pw PASSWORD PRINCIPAL'" to the command to
|
<para>LAM will add "-q 'cpw -pw PASSWORD PRINCIPAL'" to the command to
|
||||||
|
@ -1726,9 +1870,9 @@
|
||||||
password change.</para>
|
password change.</para>
|
||||||
|
|
||||||
<para>Please note that kadmin/kadmin.local often returns a successful
|
<para>Please note that kadmin/kadmin.local often returns a successful
|
||||||
command even if errors occured (e.g. password policy violations). You
|
command even if errors occurred (e.g. password policy violations). You
|
||||||
need to test this before and if affected then write a wrapper script
|
need to test this before and if affected then write a wrapper script
|
||||||
arround kadmin that returns non-zero return codes for errors.</para>
|
around kadmin that returns non-zero return codes for errors.</para>
|
||||||
|
|
||||||
<para>Example commands:</para>
|
<para>Example commands:</para>
|
||||||
|
|
||||||
|
@ -1812,7 +1956,7 @@
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para>You can add the user to existing alias entries or create completly
|
<para>You can add the user to existing alias entries or create completely
|
||||||
new ones.</para>
|
new ones.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
|
@ -1992,6 +2136,74 @@ ldapsearch -x -h $server -p $port -b $baseDN -s sub "(&(objectclass=posixAcc
|
||||||
AuthorizedKeysCommandUser root</literallayout>
|
AuthorizedKeysCommandUser root</literallayout>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>YubiKey</title>
|
||||||
|
|
||||||
|
<para>You can manage your YubiKey ids with LAM. It supports the <ulink
|
||||||
|
url="https://github.com/mludvig/yubikey-ldap">yubiKeyUser schema</ulink>
|
||||||
|
or any other attribute mapping.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Configuration</emphasis></para>
|
||||||
|
|
||||||
|
<para>First, you need to activate the YubiKey module for users in your
|
||||||
|
LAM server profile.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey1.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Second, you need to specify which object class and attribute name
|
||||||
|
should be used.</para>
|
||||||
|
|
||||||
|
<para>Object class: If you have an object class just for the YubiKey ids
|
||||||
|
then enter it here. LAM will then provide options to add and remove it.
|
||||||
|
In case you reuse some existing attribute from e.g. inetOrgPerson please
|
||||||
|
leave object class name blank.</para>
|
||||||
|
|
||||||
|
<para>Attribute name: please enter the attribute name that is used for
|
||||||
|
the key ids.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey2.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>You will then be able to manage the key ids for your users.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey3.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Self Service (LAM Pro)</emphasis></para>
|
||||||
|
|
||||||
|
<para>This will allow your users to update their own keys.</para>
|
||||||
|
|
||||||
|
<para>You need to configure the object class and attribute name first.
|
||||||
|
This is done on tab "Module settings" in self service profile.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Attention: </emphasis>Please note that both
|
||||||
|
fields are mandatory here. Even if you reused an attribute from some
|
||||||
|
existing object class you need to set it here. LAM needs this to detect
|
||||||
|
if the user can add keys.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey5.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Then add the YubiKey ids field to your self service profile on tab
|
||||||
|
"Page layout".</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey4.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>When a user with the specified object class logs in then the key
|
||||||
|
input fields are shown.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey6.png"/>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Authorized services</title>
|
<title>Authorized services</title>
|
||||||
|
|
||||||
|
@ -2071,7 +2283,7 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
security reasons.</para>
|
security reasons.</para>
|
||||||
|
|
||||||
<para>The user name can either be a fixed name (e.g. "admin") or it can
|
<para>The user name can either be a fixed name (e.g. "admin") or it can
|
||||||
be generated with LDAP attributes of the LAM admn user. E.g. $uid$ will
|
be generated with LDAP attributes of the LAM admin user. E.g. $uid$ will
|
||||||
be transformed to "myUser" if you login with
|
be transformed to "myUser" if you login with
|
||||||
"uid=myUser,ou=people,dc=example,dc=com".</para>
|
"uid=myUser,ou=people,dc=example,dc=com".</para>
|
||||||
|
|
||||||
|
@ -2187,8 +2399,8 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
|
|
||||||
<para><emphasis role="bold">Configuration</emphasis></para>
|
<para><emphasis role="bold">Configuration</emphasis></para>
|
||||||
|
|
||||||
<para>Please add the account type "Groups" and then select account
|
<para>Special Please add the account type "Groups" and then select
|
||||||
module "Unix (posixGroup)".</para>
|
account module "Unix (posixGroup)".</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -2198,6 +2410,43 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Virtual list attributes:</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_unixGroupConfig2.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>The following virtual attributes can be shown in the group list.
|
||||||
|
These are no real LDAP attributes but extra data that can be shown by
|
||||||
|
LAM.</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>memberuid_count: number of entries in attribute
|
||||||
|
"memberuid"</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>member_count: number of entries in attribute "member"</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>uniqueMember_count: number of entries in attribute
|
||||||
|
"uniquemember"</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>owner_count: number of entries in attribute "owner"</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>roleOccupant_count: number of entries in attribute
|
||||||
|
"roleOccupant"</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>Module settings:</para>
|
||||||
|
|
||||||
<para>GID generator: LAM will suggest GID numbers for your accounts.
|
<para>GID generator: LAM will suggest GID numbers for your accounts.
|
||||||
Please note that it may happen that there are duplicate IDs assigned if
|
Please note that it may happen that there are duplicate IDs assigned if
|
||||||
users create groups at the same time. Use an <ulink
|
users create groups at the same time. Use an <ulink
|
||||||
|
@ -2471,6 +2720,52 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>AD LDS (formerly ADAM) (LAM Pro)</title>
|
||||||
|
|
||||||
|
<para>LAM can manage your AD LDS groups. Please enable the account type
|
||||||
|
"Groups" in your LAM server profile and then add the group module "AD
|
||||||
|
LDS (windowsLDSGroup)(*)".</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_windowsGroup3.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>The default list attributes are for Unix and not suitable for AD
|
||||||
|
LDS (blank lines in account table). Please use
|
||||||
|
"#cn;#member;#description" or select your own attributes to display in
|
||||||
|
the account list.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_adLds2.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para/>
|
||||||
|
|
||||||
|
<para>Now you can edit your groups inside LAM. You can manage the group
|
||||||
|
name, description and its type. Of course, you can also set the group
|
||||||
|
members.</para>
|
||||||
|
|
||||||
|
<para>With "Show effective members" you can show a list of all members
|
||||||
|
of this group including members of subgroups and their subgroups.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/mod_adLds6.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Kolab</title>
|
<title>Kolab</title>
|
||||||
|
|
||||||
|
@ -2964,6 +3259,38 @@ AuthorizedKeysCommandUser root</literallayout>
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Virtual list attributes:</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_gon.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>The following virtual attributes can be shown in the group list.
|
||||||
|
These are no real LDAP attributes but extra data that can be shown by
|
||||||
|
LAM.</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>member_count: number of entries in attribute "member"</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>uniqueMember_count: number of entries in attribute
|
||||||
|
"uniquemember"</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>owner_count: number of entries in attribute "owner"</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>roleOccupant_count: number of entries in attribute
|
||||||
|
"roleOccupant"</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>Module settings:</para>
|
||||||
|
|
||||||
<para>On the module settings tab you set some options like the display
|
<para>On the module settings tab you set some options like the display
|
||||||
format for members/owners and if fields like description should not be
|
format for members/owners and if fields like description should not be
|
||||||
displayed.</para>
|
displayed.</para>
|
||||||
|
@ -4026,9 +4353,13 @@ Run slapindex to rebuild the index.
|
||||||
extension to the DNS server <ulink
|
extension to the DNS server <ulink
|
||||||
url="http://www.isc.org/software/bind">Bind</ulink> that allows to store
|
url="http://www.isc.org/software/bind">Bind</ulink> that allows to store
|
||||||
DNS entries inside LDAP. Please install the Bind DLZ schema file on your
|
DNS entries inside LDAP. Please install the Bind DLZ schema file on your
|
||||||
LDAP server. It is part of the DLZ patch.</para>
|
LDAP server. It is part of the Bind download. You can also get it from
|
||||||
|
Bind's <ulink
|
||||||
|
url="https://gitlab.isc.org/isc-projects/bind9/blob/master/contrib/dlz/modules/ldap/testing/dlz.schema">git
|
||||||
|
repository</ulink>.</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Configuration</emphasis></para>
|
<section>
|
||||||
|
<title>Configuration</title>
|
||||||
|
|
||||||
<para>First, you need to add the Bind DNS account type and the Bind DLZ
|
<para>First, you need to add the Bind DNS account type and the Bind DLZ
|
||||||
module:</para>
|
module:</para>
|
||||||
|
@ -4041,8 +4372,9 @@ Run slapindex to rebuild the index.
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para>Please set the LDAP suffix either to an existing DNS zone (dlzZone)
|
<para>Please set the LDAP suffix either to an existing DNS zone
|
||||||
or an organizational unit that should include your DNS zones.</para>
|
(dlzZone) or an organizational unit that should include your DNS
|
||||||
|
zones.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4055,6 +4387,9 @@ Run slapindex to rebuild the index.
|
||||||
<literallayout>
|
<literallayout>
|
||||||
</literallayout>
|
</literallayout>
|
||||||
|
|
||||||
|
<para>For regular entry management use "DNS entry (bindDLZ)(*)"
|
||||||
|
module.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -4063,6 +4398,23 @@ Run slapindex to rebuild the index.
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">XFR</emphasis></para>
|
||||||
|
|
||||||
|
<para>If you want to edit XFR entries please add a second account type
|
||||||
|
for XFR. Recommended list attributes are
|
||||||
|
"#dlzipaddr;#dlzrecordid".</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_bind13.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Now use the "XFR (bindDLZXfr)(*)" module for this account
|
||||||
|
type.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_bind14.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
<para><emphasis role="bold">Automatic PTR management</emphasis></para>
|
<para><emphasis role="bold">Automatic PTR management</emphasis></para>
|
||||||
|
|
||||||
<para>LAM can automatically create/delete PTR entries for the entered
|
<para>LAM can automatically create/delete PTR entries for the entered
|
||||||
|
@ -4084,12 +4436,12 @@ Run slapindex to rebuild the index.
|
||||||
<para><emphasis role="bold">Zone management</emphasis></para>
|
<para><emphasis role="bold">Zone management</emphasis></para>
|
||||||
|
|
||||||
<para>If you do not yet have a DNS zone then LAM can create one for you.
|
<para>If you do not yet have a DNS zone then LAM can create one for you.
|
||||||
In list view switch the suffix to an organizational unit DN. Now you will
|
In list view switch the suffix to an organizational unit DN. Now you
|
||||||
see a button "New zone".</para>
|
will see a button "New zone".</para>
|
||||||
|
|
||||||
<para>This will create the zone container entry and a default DNS entry
|
<para>This will create the zone container entry and a default DNS entry
|
||||||
"@" for authoritative information. Now switch the suffix to your new zone
|
"@" for authoritative information. Now switch the suffix to your new
|
||||||
and start adding DNS entries.</para>
|
zone and start adding DNS entries.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4098,8 +4450,10 @@ Run slapindex to rebuild the index.
|
||||||
</imageobject>
|
</imageobject>
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
</section>
|
||||||
|
|
||||||
<para><emphasis role="bold">DNS entries</emphasis></para>
|
<section>
|
||||||
|
<title>DNS entries</title>
|
||||||
|
|
||||||
<para>LAM supports the following DNS record types:</para>
|
<para>LAM supports the following DNS record types:</para>
|
||||||
|
|
||||||
|
@ -4143,9 +4497,9 @@ Run slapindex to rebuild the index.
|
||||||
<para><emphasis role="bold">Authoritative (SOA) and name server (NS)
|
<para><emphasis role="bold">Authoritative (SOA) and name server (NS)
|
||||||
records</emphasis></para>
|
records</emphasis></para>
|
||||||
|
|
||||||
<para>Here you can manage general information about the zone like timeouts
|
<para>Here you can manage general information about the zone like
|
||||||
and name servers. Please note that name servers must be inserted in a
|
timeouts and name servers. Please note that name servers must be
|
||||||
special format (dot at the end).</para>
|
inserted in a special format (dot at the end).</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4176,9 +4530,9 @@ Run slapindex to rebuild the index.
|
||||||
|
|
||||||
<para><emphasis role="bold">Reverse DNS entries</emphasis></para>
|
<para><emphasis role="bold">Reverse DNS entries</emphasis></para>
|
||||||
|
|
||||||
<para>Reverse DNS entries are important when you need to find the DNS name
|
<para>Reverse DNS entries are important when you need to find the DNS
|
||||||
that is associated with a given IP address. Reverse DNS entries are stored
|
name that is associated with a given IP address. Reverse DNS entries are
|
||||||
in a separate DNS zone.</para>
|
stored in a separate DNS zone.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4226,8 +4580,8 @@ Run slapindex to rebuild the index.
|
||||||
|
|
||||||
<para><emphasis role="bold">Text records (TXT)</emphasis></para>
|
<para><emphasis role="bold">Text records (TXT)</emphasis></para>
|
||||||
|
|
||||||
<para>Text records can be added to store a description or other data (e.g.
|
<para>Text records can be added to store a description or other data
|
||||||
SPF information).</para>
|
(e.g. SPF information).</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -4242,8 +4596,8 @@ Run slapindex to rebuild the index.
|
||||||
|
|
||||||
<para><emphasis role="bold">Services (SRV)</emphasis></para>
|
<para><emphasis role="bold">Services (SRV)</emphasis></para>
|
||||||
|
|
||||||
<para>Service records can be used to specify which servers provide common
|
<para>Service records can be used to specify which servers provide
|
||||||
services such as LDAP. Please note that the host name must be
|
common services such as LDAP. Please note that the host name must be
|
||||||
_SERVICE._PROTOCOL (e.g. _ldap._tcp).</para>
|
_SERVICE._PROTOCOL (e.g. _ldap._tcp).</para>
|
||||||
|
|
||||||
<literallayout>
|
<literallayout>
|
||||||
|
@ -4274,8 +4628,8 @@ Run slapindex to rebuild the index.
|
||||||
|
|
||||||
<para><emphasis role="bold">File upload</emphasis></para>
|
<para><emphasis role="bold">File upload</emphasis></para>
|
||||||
|
|
||||||
<para>You can upload complete DNS zones via LAM's file upload. Here is an
|
<para>You can upload complete DNS zones via LAM's file upload. Here is
|
||||||
example for a zone file and the corresponding CSV file.</para>
|
an example for a zone file and the corresponding CSV file.</para>
|
||||||
|
|
||||||
<table>
|
<table>
|
||||||
<title>Zone file</title>
|
<title>Zone file</title>
|
||||||
|
@ -4379,11 +4733,11 @@ Run slapindex to rebuild the index.
|
||||||
<para>Please check that you have an existing zone entry that can be used
|
<para>Please check that you have an existing zone entry that can be used
|
||||||
for the file upload. See above to create a new zone.</para>
|
for the file upload. See above to create a new zone.</para>
|
||||||
|
|
||||||
<para>Hint: If you use the function above to create a new zone then please
|
<para>Hint: If you use the function above to create a new zone then
|
||||||
skip the "@" entry in the CSV file below. LAM creates this entry with
|
please skip the "@" entry in the CSV file below. LAM creates this entry
|
||||||
sample data.</para>
|
with sample data.</para>
|
||||||
|
|
||||||
<para>In this example we assume that the following zone extry
|
<para>In this example we assume that the following zone entry
|
||||||
exists:</para>
|
exists:</para>
|
||||||
|
|
||||||
<literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com
|
<literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com
|
||||||
|
@ -4397,6 +4751,25 @@ objectclass: top
|
||||||
url="resources/bindUpload.csv">bindUpload.csv</ulink></para>
|
url="resources/bindUpload.csv">bindUpload.csv</ulink></para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>XFR entries</title>
|
||||||
|
|
||||||
|
<para>You can manage the XFR entries in the second tab that you
|
||||||
|
configured before.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_bind16.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>For each XFR entry you can set a record ID and the IP
|
||||||
|
address.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_bind15.png"/>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Aliases (LAM Pro)</title>
|
<title>Aliases (LAM Pro)</title>
|
||||||
|
|
||||||
|
@ -4987,7 +5360,7 @@ OK (10 msec)</programlisting>
|
||||||
<para>LAM will display a default icon and "Custom fields" as label if you
|
<para>LAM will display a default icon and "Custom fields" as label if you
|
||||||
do not enter any values.</para>
|
do not enter any values.</para>
|
||||||
|
|
||||||
<para>You may also specify how LAM displays cutom fields when there are
|
<para>You may also specify how LAM displays custom fields when there are
|
||||||
multiple field groups. The default is accordion view where you can switch
|
multiple field groups. The default is accordion view where you can switch
|
||||||
field groups by clicking on the title. You may also deactivate this mode.
|
field groups by clicking on the title. You may also deactivate this mode.
|
||||||
Then all field groups are displayed one below the other.</para>
|
Then all field groups are displayed one below the other.</para>
|
||||||
|
@ -5002,7 +5375,7 @@ OK (10 msec)</programlisting>
|
||||||
|
|
||||||
<para><emphasis role="bold">Defining groups:</emphasis></para>
|
<para><emphasis role="bold">Defining groups:</emphasis></para>
|
||||||
|
|
||||||
<para>All input fields are devided into groups. A group may contain one or
|
<para>All input fields are divided into groups. A group may contain one or
|
||||||
more object classes and allows you to add/remove a certain set of input
|
more object classes and allows you to add/remove a certain set of input
|
||||||
fields.</para>
|
fields.</para>
|
||||||
|
|
||||||
|
@ -5292,6 +5665,10 @@ OK (10 msec)</programlisting>
|
||||||
<para>Attribute name: The values of this attribute will be used to build
|
<para>Attribute name: The values of this attribute will be used to build
|
||||||
the selection list.</para>
|
the selection list.</para>
|
||||||
|
|
||||||
|
<para>Display attributes: List of attributes to show as label for the
|
||||||
|
options in select box. Attribute wildcards are surrounded by "$", e.g.
|
||||||
|
"$cn$" will be replaced by "cn" attribute. Default is "$dn$".</para>
|
||||||
|
|
||||||
<para>Presentation:</para>
|
<para>Presentation:</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
|
@ -5347,7 +5724,7 @@ OK (10 msec)</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>§attribute|;§; attribute values separted by ";" (you can set
|
<para>§attribute|;§; attribute values separated by ";" (you can set
|
||||||
other separators if you want)</para>
|
other separators if you want)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
@ -5463,7 +5840,7 @@ OK (10 msec)</programlisting>
|
||||||
<para>LAM Pro allows you to execute scripts whenever an account is
|
<para>LAM Pro allows you to execute scripts whenever an account is
|
||||||
created, modified or deleted. This can be useful to automate processes
|
created, modified or deleted. This can be useful to automate processes
|
||||||
which needed manual work afterwards (e.g. sending your user a welcome mail
|
which needed manual work afterwards (e.g. sending your user a welcome mail
|
||||||
or register a mailbox). Additionally, you can specify manual scipts that
|
or register a mailbox). Additionally, you can specify manual scripts that
|
||||||
can be executed from within LAM Pro.</para>
|
can be executed from within LAM Pro.</para>
|
||||||
|
|
||||||
<para>To activate this feature please add the "Custom scripts" module to
|
<para>To activate this feature please add the "Custom scripts" module to
|
||||||
|
@ -5597,7 +5974,7 @@ OK (10 msec)</programlisting>
|
||||||
<para>You can switch LAM's logging to debug mode if you are unsure which
|
<para>You can switch LAM's logging to debug mode if you are unsure which
|
||||||
attributes with which values are available.</para>
|
attributes with which values are available.</para>
|
||||||
|
|
||||||
<para>The following special wildcards are available for automatical
|
<para>The following special wildcards are available for automatic
|
||||||
scripts:</para>
|
scripts:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
@ -5880,9 +6257,6 @@ OK (10 msec)</programlisting>
|
||||||
|
|
||||||
<para>There are also some special functions available:</para>
|
<para>There are also some special functions available:</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Export:</emphasis> This allows you to export
|
|
||||||
entries to a file (e.g. LDIF or CSV format).</para>
|
|
||||||
|
|
||||||
<para><emphasis role="bold">Show internal attributes:</emphasis> Shows
|
<para><emphasis role="bold">Show internal attributes:</emphasis> Shows
|
||||||
internal attributes of the current entry. This includes information about
|
internal attributes of the current entry. This includes information about
|
||||||
the creator and creation time of the entry.</para>
|
the creator and creation time of the entry.</para>
|
||||||
|
|
|
@ -204,6 +204,34 @@
|
||||||
url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink>.</entry>
|
url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink>.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Default language</entry>
|
||||||
|
|
||||||
|
<entry>This language is preselected on login.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Enforce language</entry>
|
||||||
|
|
||||||
|
<entry>Disables language selection and uses default
|
||||||
|
language.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Time zone</entry>
|
||||||
|
|
||||||
|
<entry>Please provide your time zone.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Base URL</entry>
|
||||||
|
|
||||||
|
<entry>Please enter the base URL of your webserver (e.g.
|
||||||
|
https://www.example.com). This is used to generate links in
|
||||||
|
emails for password self reset and user self
|
||||||
|
registration.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Login attribute label</entry>
|
<entry>Login attribute label</entry>
|
||||||
|
|
||||||
|
@ -222,15 +250,29 @@
|
||||||
<row>
|
<row>
|
||||||
<entry>Login caption</entry>
|
<entry>Login caption</entry>
|
||||||
|
|
||||||
<entry>This text is displayed at the login page. You can input
|
<entry>This text is displayed on the login page inside the login
|
||||||
HTML, too.</entry>
|
mask.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Login footer</entry>
|
||||||
|
|
||||||
|
<entry>This text is displayed on the login page below the login
|
||||||
|
mask.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Main page caption</entry>
|
<entry>Main page caption</entry>
|
||||||
|
|
||||||
<entry>This text is displayed at self service main page where
|
<entry>This text is displayed on the self service main page
|
||||||
your users change their data. You can input HTML, too.</entry>
|
where your users change their data.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Main page footer</entry>
|
||||||
|
|
||||||
|
<entry>This text is displayed as footer on the self service main
|
||||||
|
page where your users change their data.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
|
@ -241,6 +283,13 @@
|
||||||
code is permitted.</entry>
|
code is permitted.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Base color</entry>
|
||||||
|
|
||||||
|
<entry>Here you can change the background color for the user
|
||||||
|
pages.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Additional CSS links</entry>
|
<entry>Additional CSS links</entry>
|
||||||
|
|
||||||
|
@ -255,7 +304,7 @@
|
||||||
|
|
||||||
<para/>
|
<para/>
|
||||||
|
|
||||||
<section>
|
<section id="selfservice_2fa">
|
||||||
<title>2-factor authentication</title>
|
<title>2-factor authentication</title>
|
||||||
|
|
||||||
<para>LAM supports 2-factor authentication for your users. This means
|
<para>LAM supports 2-factor authentication for your users. This means
|
||||||
|
@ -272,11 +321,137 @@
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><ulink url="https://www.yubico.com/">YubiKey</ulink></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><ulink url="https://duo.com/">Duo</ulink></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><ulink
|
||||||
|
url="https://en.wikipedia.org/wiki/WebAuthn">Webauthn/FIDO2</ulink></para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para>By default LAM will enforce to use a token and reject users that
|
<para><emphasis role="bold">privacyIDEA</emphasis></para>
|
||||||
did not setup one. You can set this check to optional. But if a user
|
|
||||||
has setup a token then this will always be required.</para>
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Base URL: please enter the URL of your privacyIDEA
|
||||||
|
instance</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>User name attribute: please enter the LDAP attribute name
|
||||||
|
that contains the user ID (e.g. "uid")</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional: By default LAM will enforce to use a token and
|
||||||
|
reject users that did not setup one. You can set this check to
|
||||||
|
optional. But if a user has setup a token then this will always be
|
||||||
|
required.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Disable certificate check: This should be used on
|
||||||
|
development instances only. It skips the certificate check when
|
||||||
|
connecting to verification server.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">YubiKey</emphasis></para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Base URLs: please enter the URL(s) of your YubiKey
|
||||||
|
verification server(s). If you run a custom verification API such
|
||||||
|
as yubiserver then enter its URL (e.g.
|
||||||
|
http://www.example.com:8000/wsapi/2.0/verify). The URL needs to
|
||||||
|
end with "/wsapi/2.0/verify". For YubiKey cloud these are
|
||||||
|
"https://api.yubico.com/wsapi/2.0/verify",
|
||||||
|
"https://api2.yubico.com/wsapi/2.0/verify",
|
||||||
|
"https://api3.yubico.com/wsapi/2.0/verify",
|
||||||
|
"https://api4.yubico.com/wsapi/2.0/verify" and
|
||||||
|
"https://api5.yubico.com/wsapi/2.0/verify". Enter one URL per
|
||||||
|
line.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Client id: this is only required for YubiKey cloud. You can
|
||||||
|
register here: https://upgrade.yubico.com/getapikey/</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Secret key: this is only required for YubiKey cloud. You can
|
||||||
|
register here: https://upgrade.yubico.com/getapikey/</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional: By default LAM will enforce to use a token and
|
||||||
|
reject users that did not setup one. You can set this check to
|
||||||
|
optional. But if a user has setup a token then this will always be
|
||||||
|
required.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Disable certificate check: This should be used on
|
||||||
|
development instances only. It skips the certificate check when
|
||||||
|
connecting to verification server.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Duo</emphasis></para>
|
||||||
|
|
||||||
|
<para>This requires to register a new "Web SDK" application in your
|
||||||
|
Duo admin panel.</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>User name attribute: please enter the LDAP attribute name
|
||||||
|
that contains the user ID (e.g. "uid").</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Base URL: please enter the API-URL of your Duo instance
|
||||||
|
(e.g. api-12345.duosecurity.com).</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Client id: please enter your integration key.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Secret key: please enter your secret key.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Webauthn/FIDO2</emphasis></para>
|
||||||
|
|
||||||
|
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2
|
||||||
|
appendix</link> for an overview about Webauthn/FIDO2 in LAM.</para>
|
||||||
|
|
||||||
|
<para>Users will be asked to register a device during login if no
|
||||||
|
device is setup.</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Domain: Please enter the WebAuthn domain. This is the public
|
||||||
|
domain of the web server (e.g. "example.com"). Do not include
|
||||||
|
protocol or port. Browsers will reject authentication if the
|
||||||
|
domain does not match the web server domain.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional: By default LAM will enforce to use a 2FA device
|
||||||
|
and reject users that do not setup one. You can set this check to
|
||||||
|
optional. But if a user has setup a device then this will always
|
||||||
|
be required.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -349,7 +524,8 @@
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<para><emphasis role="bold">Possible input fields</emphasis></para>
|
<para id="selfservice_fields"><emphasis role="bold">Possible input
|
||||||
|
fields</emphasis></para>
|
||||||
|
|
||||||
<para>This is a list of input fields you may add to the self service
|
<para>This is a list of input fields you may add to the self service
|
||||||
page.</para>
|
page.</para>
|
||||||
|
@ -395,6 +571,18 @@
|
||||||
password each time the Unix password is changed.</entry>
|
password each time the Unix password is changed.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry><inlinemediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/schema_groupOfNames.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</inlinemediaobject>Group of names</entry>
|
||||||
|
|
||||||
|
<entry>Group memberships (read-only)</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry><inlinemediaobject>
|
<entry><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -638,6 +826,24 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry morerows="1"><inlinemediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/schema_mailAlias.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</inlinemediaobject> Mail routing</entry>
|
||||||
|
|
||||||
|
<entry>Local address (read-only)</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Mail routing address (read-only)</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="4"><inlinemediaobject>
|
<entry morerows="4"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -681,12 +887,18 @@
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry><inlinemediaobject>
|
<entry morerows="1"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
<imagedata fileref="images/schema_ssh.png"/>
|
<imagedata fileref="images/schema_ssh.png"/>
|
||||||
</imageobject>
|
</imageobject>
|
||||||
</inlinemediaobject> Shadow</entry>
|
</inlinemediaobject> Shadow</entry>
|
||||||
|
|
||||||
|
<entry>Account expiration date (read-only)</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
<entry>Last password change (read-only)</entry>
|
<entry>Last password change (read-only)</entry>
|
||||||
|
|
||||||
<entry>Displays the date and time of the user's last password
|
<entry>Displays the date and time of the user's last password
|
||||||
|
@ -694,11 +906,11 @@
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="8"><inlinemediaobject>
|
<entry morerows="10"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
<imagedata fileref="images/schema_samba.png"/>
|
<imagedata fileref="images/schema_samba.png"/>
|
||||||
</imageobject>
|
</imageobject>
|
||||||
</inlinemediaobject> Windows</entry>
|
</inlinemediaobject> Windows (AD, AD LDS, Samba 4)</entry>
|
||||||
|
|
||||||
<entry>Password</entry>
|
<entry>Password</entry>
|
||||||
|
|
||||||
|
@ -711,6 +923,12 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Mail alias (read-only)</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Office name</entry>
|
<entry>Office name</entry>
|
||||||
|
|
||||||
|
@ -729,6 +947,12 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Proxy-Addresses (read-only)</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>State</entry>
|
<entry>State</entry>
|
||||||
|
|
||||||
|
@ -754,7 +978,7 @@
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="3"><inlinemediaobject>
|
<entry morerows="4"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
<imagedata fileref="images/schema_unix.png"/>
|
<imagedata fileref="images/schema_unix.png"/>
|
||||||
</imageobject>
|
</imageobject>
|
||||||
|
@ -765,6 +989,12 @@
|
||||||
<entry/>
|
<entry/>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Group memberships (read-only)</entry>
|
||||||
|
|
||||||
|
<entry/>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Login shell</entry>
|
<entry>Login shell</entry>
|
||||||
|
|
||||||
|
@ -785,6 +1015,19 @@
|
||||||
each time the Windows password is changed.</entry>
|
each time the Windows password is changed.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry><inlinemediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/webauthn.png"/>
|
||||||
|
</imageobject>
|
||||||
|
</inlinemediaobject>Webauthn</entry>
|
||||||
|
|
||||||
|
<entry>Webauthn devices</entry>
|
||||||
|
|
||||||
|
<entry>Allows the user to manage his webauthn/FIDO2 security
|
||||||
|
keys.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry morerows="1"><inlinemediaobject>
|
<entry morerows="1"><inlinemediaobject>
|
||||||
<imageobject>
|
<imageobject>
|
||||||
|
@ -910,7 +1153,7 @@
|
||||||
<para>To enable this feature please activate the checkbox "Enable
|
<para>To enable this feature please activate the checkbox "Enable
|
||||||
password self reset link".</para>
|
password self reset link".</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Hint:</emphasis> Plese note that LAM Pro
|
<para><emphasis role="bold">Hint:</emphasis> Please note that LAM Pro
|
||||||
uses security questions by default. Activate confirmation mails and then
|
uses security questions by default. Activate confirmation mails and then
|
||||||
deactivate security questions if you want to use only email
|
deactivate security questions if you want to use only email
|
||||||
validation.</para>
|
validation.</para>
|
||||||
|
@ -923,6 +1166,35 @@
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Identification method, used LDAP attributes:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Email: mail</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Employee number: employeeNumber</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Self service login attribute: same as configured on first tab
|
||||||
|
of self service profile</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>User name: uid</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>User name and email address: uid and mail</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>User name or email address: uid and mail</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>You can now configure the minimum answer length for password reset
|
<para>You can now configure the minimum answer length for password reset
|
||||||
answers. This is checked when you allow you users to specify their
|
answers. This is checked when you allow you users to specify their
|
||||||
answers via the self service. Additionally, you can specify the text of
|
answers via the self service. Additionally, you can specify the text of
|
||||||
|
@ -952,10 +1224,8 @@
|
||||||
The mail can include the new password by using the special wildcard
|
The mail can include the new password by using the special wildcard
|
||||||
"@@newPassword@@". Additionally, you may want to insert other wildcards
|
"@@newPassword@@". Additionally, you may want to insert other wildcards
|
||||||
that are replaced by the corresponding LDAP attributes. E.g. "@@uid@@"
|
that are replaced by the corresponding LDAP attributes. E.g. "@@uid@@"
|
||||||
will be replaced by the user name. Please see <link
|
will be replaced by the user name. See <link
|
||||||
linkend="mailEOL">email format option</link> in case of broken mails.
|
linkend="mailSetup">here</link> for setting up your SMTP server.</para>
|
||||||
See <link linkend="mailSetup">here</link> for setting up your SMTP
|
|
||||||
server.</para>
|
|
||||||
|
|
||||||
<literallayout> </literallayout>
|
<literallayout> </literallayout>
|
||||||
|
|
||||||
|
@ -1130,9 +1400,14 @@
|
||||||
object class in each line. If you use LAM Pro password self reset
|
object class in each line. If you use LAM Pro password self reset
|
||||||
feature then do not forget to add "passwordSelfReset" here.</para>
|
feature then do not forget to add "passwordSelfReset" here.</para>
|
||||||
|
|
||||||
|
<para/>
|
||||||
|
|
||||||
<para><emphasis>Attributes:</emphasis> This is a list of additional
|
<para><emphasis>Attributes:</emphasis> This is a list of additional
|
||||||
attributes that the user can enter. Please note that user name, password
|
attributes that the user can enter. Please note that user name, password
|
||||||
and email address are mandatory anyway and need not be specified.</para>
|
and email address (attribute "mail") are mandatory anyway and need not
|
||||||
|
be specified. Just in case you use the legacy attribute "email" for
|
||||||
|
account it needs to be specified (attribute "mail" will then not be
|
||||||
|
shown).</para>
|
||||||
|
|
||||||
<para>Each line represents one LDAP attribute. The settings are
|
<para>Each line represents one LDAP attribute. The settings are
|
||||||
separated by "::". The first setting specifies the field type. The
|
separated by "::". The first setting specifies the field type. The
|
||||||
|
@ -1234,7 +1509,9 @@
|
||||||
url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is
|
url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is
|
||||||
optional, you can leave these options blank.</para>
|
optional, you can leave these options blank.</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Example:</emphasis></para>
|
<para><emphasis role="bold">Examples:</emphasis></para>
|
||||||
|
|
||||||
|
<para>Unix account:</para>
|
||||||
|
|
||||||
<para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please enter
|
<para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please enter
|
||||||
a valid first name.</para>
|
a valid first name.</para>
|
||||||
|
@ -1249,6 +1526,20 @@
|
||||||
<para>If you use the object class "inetOrgPerson" and do not provide the
|
<para>If you use the object class "inetOrgPerson" and do not provide the
|
||||||
"cn" attribute then LAM will set it to the user name value.</para>
|
"cn" attribute then LAM will set it to the user name value.</para>
|
||||||
|
|
||||||
|
<literallayout>
|
||||||
|
</literallayout>
|
||||||
|
|
||||||
|
<para>Active Directory/Samba4:</para>
|
||||||
|
|
||||||
|
<para>required::cn::Common Name::/^[[:alnum:] ]+$/u::Enter common
|
||||||
|
name.</para>
|
||||||
|
|
||||||
|
<para>constant::userPrincipalName::@@uid@@@samba4.test</para>
|
||||||
|
|
||||||
|
<para>constant::sAMAccountName::@@uid@@</para>
|
||||||
|
|
||||||
|
<para>constant::userAccountControl::512</para>
|
||||||
|
|
||||||
<literallayout>
|
<literallayout>
|
||||||
</literallayout>
|
</literallayout>
|
||||||
|
|
||||||
|
@ -1312,9 +1603,6 @@
|
||||||
valid for 24 hours. When he clicks on this link then the account will be
|
valid for 24 hours. When he clicks on this link then the account will be
|
||||||
created in the self service user suffix. The DN will look like this:
|
created in the self service user suffix. The DN will look like this:
|
||||||
<emphasis>uid=<user name>,...</emphasis></para>
|
<emphasis>uid=<user name>,...</emphasis></para>
|
||||||
|
|
||||||
<para>Please see <link linkend="mailEOL">email format option</link> in
|
|
||||||
case of broken mails.</para>
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
|
@ -1595,6 +1883,10 @@
|
||||||
<para>Attribute name: The values of this attribute will be used to build
|
<para>Attribute name: The values of this attribute will be used to build
|
||||||
the selection list.</para>
|
the selection list.</para>
|
||||||
|
|
||||||
|
<para>Display attributes: List of attributes to show as label for the
|
||||||
|
options in select box. Attribute wildcards are surrounded by "$", e.g.
|
||||||
|
"$cn$" will be replaced by "cn" attribute. Default is "$dn$".</para>
|
||||||
|
|
||||||
<para>Presentation:</para>
|
<para>Presentation:</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
|
@ -1653,7 +1945,7 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>§attribute|;§; attribute values separted by ";" (you can set
|
<para>§attribute|;§; attribute values separated by ";" (you can set
|
||||||
other separators if you want)</para>
|
other separators if you want)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
|
@ -74,14 +74,16 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section id="tool_upload">
|
||||||
<title>File upload</title>
|
<title>File upload</title>
|
||||||
|
|
||||||
<para>When you need to create lots of accounts then you can use LAM's file
|
<para>When you need to create lots of accounts then you can use LAM's file
|
||||||
upload to create them. LAM will read a CSV formatted file and create the
|
upload to create them. In contrast to <link linkend="tool_upload">LDAP
|
||||||
related LDAP entries. Please check the data in you CSV file carefully. LAM
|
import/export</link> this operates on account type level.</para>
|
||||||
will do less checks for the file upload than for single account
|
|
||||||
creation.</para>
|
<para>LAM will read a CSV formatted file and create the related LDAP
|
||||||
|
entries. Please check the data in you CSV file carefully. LAM will do less
|
||||||
|
checks for the file upload than for single account creation.</para>
|
||||||
|
|
||||||
<para>At the first page please select the account type and what extensions
|
<para>At the first page please select the account type and what extensions
|
||||||
should be activated.</para>
|
should be activated.</para>
|
||||||
|
@ -190,7 +192,7 @@
|
||||||
|
|
||||||
<para>This will run the actions against your LDAP directory. You will see
|
<para>This will run the actions against your LDAP directory. You will see
|
||||||
which accounts are edited in the progress area and also if any errors
|
which accounts are edited in the progress area and also if any errors
|
||||||
occured.</para>
|
occurred.</para>
|
||||||
|
|
||||||
<screenshot>
|
<screenshot>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
|
@ -201,6 +203,66 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="tool_importexport">
|
||||||
|
<title>LDAP import/export</title>
|
||||||
|
|
||||||
|
<para>Here you can import and export plain LDAP data. In contrast to <link
|
||||||
|
linkend="tool_upload">file upload</link> this operates on plain LDAP
|
||||||
|
attribute level.</para>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Import</title>
|
||||||
|
|
||||||
|
<para>The LDAP import supports input data in <ulink
|
||||||
|
url="https://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format">LDIF</ulink>
|
||||||
|
format. You can provide plain text or upload an LDIF file.</para>
|
||||||
|
|
||||||
|
<para>The "Don't stop on errors" option will cause the import to
|
||||||
|
continue even if entries could not be created.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/tool_import.png"/>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Export</title>
|
||||||
|
|
||||||
|
<para>Here you can export your plain LDAP data as LDIF or CSV
|
||||||
|
file.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/tool_export.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Base DN: this is the starting point of the export. Enter a DN or
|
||||||
|
press the magnifying glass icon to open the DN selection dialog.</para>
|
||||||
|
|
||||||
|
<para>Search scope: You can export just the base DN, base DN + its
|
||||||
|
direct children or the whole subtree.</para>
|
||||||
|
|
||||||
|
<para>Search filter: this can be used to filter the entries by
|
||||||
|
specifying a standard LDAP filter. The preselected filter
|
||||||
|
"(objectclass=*)" matches all entries.</para>
|
||||||
|
|
||||||
|
<para>Attributes: the list of attributes that should be part of export.
|
||||||
|
"*" matches all standard attributes (excluding system
|
||||||
|
attributes).</para>
|
||||||
|
|
||||||
|
<para>Include system attributes: this will also include system
|
||||||
|
attributes like the entry creation time and creator's DN.</para>
|
||||||
|
|
||||||
|
<para>Save as file: will save to file instead of printing the data on
|
||||||
|
the web page.</para>
|
||||||
|
|
||||||
|
<para>Export format: you can select LDIF or CSV (e.g. for usage in
|
||||||
|
spreadsheet applications).</para>
|
||||||
|
|
||||||
|
<para>End of line: use the one appropriate for your operating
|
||||||
|
system.</para>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>OU editor</title>
|
<title>OU editor</title>
|
||||||
|
|
||||||
|
@ -358,6 +420,23 @@
|
||||||
</screenshot>
|
</screenshot>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title id="tool_webauthn">Webauthn devices</title>
|
||||||
|
|
||||||
|
<para>See the <link linkend="a_webauthn">Webauthn/FIDO2 appendix</link>
|
||||||
|
for an overview about Webauthn/FIDO2 in LAM.</para>
|
||||||
|
|
||||||
|
<para>Here you can manage your webauthn/FIDO2 devices.</para>
|
||||||
|
|
||||||
|
<para>You can register additional security devices and remove old ones. If
|
||||||
|
no more device is registered then LAM will ask you for registration on
|
||||||
|
next login.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/tool_webauthn1.png"/>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Tests</title>
|
<title>Tests</title>
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,6 @@
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-schema.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-schema.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-security.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-security.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-ldapConfig.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-ldapConfig.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-email.xml"/>
|
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-lamdaemon.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-lamdaemon.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-selfResetSchema.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-selfResetSchema.xml"/>
|
||||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-design.xml"/>
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="appendix-design.xml"/>
|
||||||
|
|
Before Width: | Height: | Size: 33 KiB After Width: | Height: | Size: 72 KiB |
After Width: | Height: | Size: 16 KiB |
After Width: | Height: | Size: 32 KiB |
Before Width: | Height: | Size: 4.5 KiB After Width: | Height: | Size: 16 KiB |
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 70 KiB |
After Width: | Height: | Size: 35 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 43 KiB |
Before Width: | Height: | Size: 39 KiB After Width: | Height: | Size: 78 KiB |
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 59 KiB |
After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 56 KiB |
After Width: | Height: | Size: 33 KiB |
After Width: | Height: | Size: 70 KiB |
After Width: | Height: | Size: 47 KiB |
After Width: | Height: | Size: 39 KiB |
After Width: | Height: | Size: 80 KiB |
After Width: | Height: | Size: 156 KiB |
After Width: | Height: | Size: 60 KiB |
After Width: | Height: | Size: 52 KiB |
After Width: | Height: | Size: 51 KiB |
After Width: | Height: | Size: 53 KiB |
After Width: | Height: | Size: 43 KiB |
After Width: | Height: | Size: 37 KiB |
After Width: | Height: | Size: 25 KiB |
After Width: | Height: | Size: 45 KiB |
After Width: | Height: | Size: 44 KiB |
After Width: | Height: | Size: 46 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 95 KiB |
After Width: | Height: | Size: 45 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 27 KiB |
After Width: | Height: | Size: 7.2 KiB |
After Width: | Height: | Size: 8.6 KiB |
After Width: | Height: | Size: 7.6 KiB |
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 32 KiB |
After Width: | Height: | Size: 27 KiB |
After Width: | Height: | Size: 15 KiB |
After Width: | Height: | Size: 62 KiB |
After Width: | Height: | Size: 810 B |
|
@ -5,7 +5,7 @@
|
||||||
<title>Overview</title>
|
<title>Overview</title>
|
||||||
|
|
||||||
<para>LDAP Account Manager (LAM) manages user, group and host accounts in an
|
<para>LDAP Account Manager (LAM) manages user, group and host accounts in an
|
||||||
LDAP directory. LAM runs on any webserver with PHP5 support and connects to
|
LDAP directory. LAM runs on any webserver with PHP7 support and connects to
|
||||||
your LDAP server unencrypted or via SSL/TLS.</para>
|
your LDAP server unencrypted or via SSL/TLS.</para>
|
||||||
|
|
||||||
<para>LAM supports Samba 3/4, Unix, Kopano, Kolab 3, address book entries,
|
<para>LAM supports Samba 3/4, Unix, Kopano, Kolab 3, address book entries,
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
|
url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
|
||||||
|
|
||||||
<para>Copyright (C) 2003 - 2018 Roland Gruber
|
<para>Copyright (C) 2003 - 2020 Roland Gruber
|
||||||
<post@rolandgruber.de></para>
|
<post@rolandgruber.de></para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Key features:</emphasis></para>
|
<para><emphasis role="bold">Key features:</emphasis></para>
|
||||||
|
@ -63,7 +63,7 @@
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>PHP (>= 5.6.0)</para>
|
<para>PHP (>= 7.0.0)</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2009 - 2016 Roland Gruber
|
Copyright (C) 2009 - 2020 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -109,4 +109,6 @@ pre.programlisting {
|
||||||
background-color:#f3f2f1;
|
background-color:#f3f2f1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
img {
|
||||||
|
max-width: 100%;
|
||||||
|
}
|
||||||
|
|
|
@ -331,7 +331,7 @@ attributetype ( 2.16.840.1.113719.1.203.4.55
|
||||||
attributetype ( 2.16.840.1.113719.1.203.4.56
|
attributetype ( 2.16.840.1.113719.1.203.4.56
|
||||||
NAME 'dhcpComments'
|
NAME 'dhcpComments'
|
||||||
EQUALITY caseIgnoreIA5Match
|
EQUALITY caseIgnoreIA5Match
|
||||||
DESC 'Generic attribute that allows coments within any DHCP object'
|
DESC 'Generic attribute that allows comments within any DHCP object'
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
|
||||||
# Classes
|
# Classes
|
||||||
|
|
|
@ -18,3 +18,5 @@
|
||||||
/view.png
|
/view.png
|
||||||
/zarafa*.png
|
/zarafa*.png
|
||||||
/kopano*.png
|
/kopano*.png
|
||||||
|
/ngroup.png
|
||||||
|
/nuser.png
|
||||||
|
|