LAM has the following requirements to run: Apache/Nginx webserver (SSL recommended) with PHP module (PHP (>= 7.0.0) with ldap, gettext, xml, openssl and optional OpenSSL) Some LAM plugins may require additional PHP extensions (you will get a note on the login page if something is missing) Perl (optional, needed only for lamdaemon) Any standard LDAP server (e.g. OpenLDAP, Active Directory, Samba 4, OpenDJ, 389 Directory Server, Apache DS, ...) A recent web browser that supports CSS2 and JavaScript, at minimum: Firefox (max. 2 years old) Internet Explorer 11 (compatibility mode turned off) Opera (max. 2 years old) Chrome (max. 2 years old) OpenSSL will be used to store your LDAP password encrypted in the session file. Please note that LAM does not ship with a selinux policy. Please disable selinux or create your own policy. See LDAP schema fles for information about used LDAP schema files.

LAM is available as prepackaged version for various platforms.

LAM is part of the official Debian repository. New releases are uploaded to unstable and will be available automatically in testing and the stable releases. You can run apt-get install ldap-account-managerto install LAM on your server. Additionally, you may download the latest LAM Debian packages from the LAM homepage or the Debian package homepage.Installation of the latest packages on Debian Install the LAM package dpkg -i ldap-account-manager_*.deb If you get any messages about missing dependencies run now: apt-get -f install Install the lamdaemon package (optional) dpkg -i ldap-account-manager-lamdaemon_*.deb

There are RPM packages available on the LAM homepage. The packages can be installed with these commands:rpm -e ldap-account-manager ldap-account-manager-lamdaemon (if an older version is installed)rpm -i <path to LAM package> Note: The RPM packages do not contain a dependency to PHP due to the various package names for it. Please make sure that you install Apache/Nginx with PHP.

The RPM packages for Suse/Fedora are very generic and should be installable on other RPM-based distributions, too. The Fedora packages use apache:apache as file owner and the Suse ones use wwwrun:www.

LAM is part of the official FreeBSD ports tree. For more details see these pages:FreeBSD-SVN: http://svnweb.freebsd.org/ports/head/sysutils/ldap-account-manager/FreshPorts: http://www.freshports.org/sysutils/ldap-account-manager

Please extract the archive with the following command: tar xjf ldap-account-manager-<version>.tar.bz2

Copy the files into the html-file scope of the web server. For example /apache/htdocs or /var/www/html. Then set the appropriate file permissions inside the LAM directory: sess: write permission for apache/nginx user tmp: write permission for apache/nginx user tmp/internal: write permission for apache/nginx user config (with subdirectories): write permission for apache/nginx user lib/lamdaemon.pl: set executable

Instead of manually copying files you can also use the included configure script to install LAM. Just run these commands in the extracted directory: ./configure make install Options for "./configure": --with-httpd-user=USER USER is the name of your Apache/Nginx user account (default httpd) --with-httpd-group=GROUP GROUP is the name of your Apache/Nginx group (default httpd) --with-web-root=DIRECTORY DIRECTORY is the name where LAM should be installed (default /usr/local/lam)

Copy config/config.cfg.sample to config/config.cfg. Open the index.html in your web browser: Follow the link "LAM configuration" from the start page to configure LAM. Select "Edit general settings" to setup global settings and to change the master configuration password (default is "lam"). Select "Edit server profiles" to setup a server profile.

Please see the Apache or Nginx chapter.

You can run LAM inside Docker. Possible environment variables are documented in the sample .env file. See here: https://hub.docker.com/r/ldapaccountmanager/lam LAM Pro: Please request access at support providing your Docker Hub user ID. https://hub.docker.com/r/ldapaccountmanager/lampro Configuration files All configuration files are stored in: /etc/ldap-account-manager /var/lib/ldap-account-manager

LAM runs with PHP5 (>= 5.2.4). Needed changes in your php.ini: memory_limit = 64M For large installations (>10000 LDAP entries) you may need to increase the memory limit to 256M. If you run PHP with activated Suhosin extension please check your logs for alerts. E.g. LAM requires that "suhosin.post.max_name_length" and "suhosin.request.max_varname_length" are increased (e.g. to 256).

If you want to use a translated version of LAM be sure to install the needed locales. The following table shows the needed locales for the different languages. Language Locale Catalan ca_ES.utf8 Chinese (Simplified) zh_CN.utf8 Chinese (Traditional) zh_TW.utf8 Czech cs_CZ.utf8 Dutch nl_NL.utf8 English - Great Britain no extra locale needed English - USA en_US.utf8 French fr_FR.utf8 German de_DE.utf8 Hungarian hu_HU.utf8 Italian it_IT.utf8 Japanese ja_JP.utf8 Polish pl_PL.utf8 Portuguese pt_BR.utf8 Russian ru_RU.utf8 Slovak sk_SK.utf8 Spanish es_ES.utf8 Turkish tr_TR.utf8 Ukrainian uk_UA.utf8 You can get a list of all installed locales on your system by executing: locale -a Debian users can add locales with "dpkg-reconfigure locales".

Upgrading from LAM to LAM Pro is like installing a new LAM version. Simply install the LAM Pro packages/tar.bz2 instead of the LAM ones.

Backup configuration files Configuration files need only to be backed up for .tar.bz2 installations. DEB/RPM installations do not require this step. LAM stores all configuration files in the "config" folder. Please backup the following files and copy them after the new version is installed. config/*.conf config/config.cfg config/pdf/*.xml config/profiles/* LAM Pro only: config/selfService/*.* Uninstall current LAM (Pro) version If you used the RPM installation packages then remove the ldap-account-manager and ldap-account-manager-lamdaemon packages by calling "rpm -e ldap-account-manager ldap-account-manager-lamdaemon". Debian needs no removal of old packages. For tar.bz2 please remove the folder where you installed LAM via configure or by copying the files. Install new LAM (Pro) version Please install the new LAM (Pro) release. Skip the part about setting up LAM configuration files. Restore configuration files RPM: Please check if there are any files ending with ".rpmsave" in /var/lib/ldap-account-manager/config. In this case you need to manually remove the .rpmsave extension by overwriting the package file. E.g. rename default.user.rpmsave to default.user. DEB: Nothing needs to be restored. tar.bz2: Please restore your configuration files from the backup. Copy all files from the backup folder to the config folder in your LAM Pro installation. Do not simply replace the folder because the new LAM (Pro) release might include additional files in this folder. Overwrite any existing files with your backup files. Final steps Now open your webbrowser and point it to the LAM login page. All your settings should be migrated. Please check also the version specific instructions. They might include additional actions.

You need to follow all steps from your current version to the new version. Unless explicitly noticed there is no need to install an intermediate release.

No actions required.

LAM Pro: All emails need a specified FROM address. This affects password email, self registration, password self reset and cron emails.

No actions required.

Self service: please verify the self service base URL in your self service profiles in case you have password self reset / user self registration enabled.

No actions required.

No actions required.

No actions needed.

Unix: Options in server profile for Unix users and groups need to be reconfigured. Several settings (e.g. id generation) are now specific to subaccount type. Self Service: If you use a captcha for user self registration this needs to be reconfigured. On tab General settings please activate Google reCAPTCHA (the checkbox to secure login is optional). On tab Module settings please tick the captcha checkbox at self registration settings.

No actions required.

DEB+RPM configuration for nginx uses PHP 7 by default. Please see /etc/ldap-account-manager/nginx.conf if you use PHP 5.

No actions needed.

Windows: The department attribute was changed from "departmentNumber" to "department" to match Windows user manager. The attribute "departmentNumber" is no more supported by the Windows module. You will need to reactivate the department option in your server profile on module settings tab.

Mail routing: No longer added by default. Use profile editor to activate by default for new users/groups. Personal/Unix/Windows: no more replacement of e.g. $user/$group on user upload

LAM Pro requires a license key. You can find it in your customer profile.

No special actions needed.

Self Service: There were large changes to provide a responsive design that works for desktop and mobile. If you use custom CSS to style Self Service then this must be updated.

Samba 3: If you used logon hours then you need to set the correct time zone on tab "Generel settings" in server profile.

No special actions needed.

LAM will no longer follow referrals by default. This is ok for most installations. If you use LDAP referrals please activate referral following for your server profile (tab General settings -> Server settings -> Advanced options). The self service pages now have an own option for allowed IPs. If your LAM installation uses IP restrictions please update the LAM main configuration. Password self reset (LAM Pro) allows to set a backup email address. You need to update the LDAP schema if you want to use this feature.

Apache configuration: LAM supports Apache 2.2 and 2.4. This requires that your Apache server has enabled the "version" module. For Debian and Fedora this is the default setup. The Suse RPM will try to enable the version module during installation. Kolab: User accounts get the object class "mailrecipient" by default. You can change this behaviour in the module settings section of your LAM server profile. Windows: sAMAccountName is no longer set by default. Enable it in server profile if needed. The possible domains for the user name can also be set in server profile.

LAM is no more shipped as tar.gz package but as tar.bz2 which allows smaller file sizes.

Zarafa users: The default attribute for mail aliases is now "dn". If you use "uid" and did not change the server profile for a long time please check your LAM server profile for this setting and save it.

Unix: The list of valid login shells is no longer configured in "config/shells" but in the server/self service profiles (Unix settings). LAM will use the following shells by default: /bin/bash, /bin/csh, /bin/dash, /bin/false, /bin/ksh, /bin/sh. Please update your server/self service profile if you would like to change the list of valid login shells.

The account profiles and PDF structures are now separated by server profile. This means that if you edit e.g. an account profile in server profile A then this change will not affect the account profiles in server profile B. LAM will automatically migrate your existing files as soon as the login page is loaded. Special install instructions: Debian: none, config files will be migrated when opening LAM's login page Suse/Fedora RPM: Run "rpm -e ldap-account-manager ldap-account-manager-lamdaemon" You may get warnings like "warning: /var/lib/ldap-account-manager/config/profiles/default.user saved as /var/lib/ldap-account-manager/config/profiles/default.user.rpmsave" Please rename all files "*.rpmsave" and remove the file extension ".rpmsave". E.g. "default.user.rpmsave" needs to be renamed to "default.user". Install the LAM packages with "rpm -i". E.g. "rpm -i ldap-account-manager-4.0-0.suse.1.noarch.rpm". Open LAM's login page in your browser to complete the migration tar.gz: standard upgrade steps, config files will be migrated when opening LAM's login page

No changes.

Asterisk extensions: The extension entries are now grouped by extension name and account context. LAM will automatically assign priorities and set same owners for all entries.

Debian users: LAM 3.6 requires to install FPDF 1.7. You can download the package here. If you use Debian Stable (Squeeze) please use the package from Testing (Wheezy).

LAM Pro: The global config/passwordMailTemplate.txt is no longer supported. You can setup the mail settings now for each LAM server profile which provides more flexibility. Suse/Fedora RPM installations: LAM is now installed to /usr/share/ldap-account-manager and /var/lib/ldap-account-manager. Please note that configuration files are not migrated automatically. Please move the files from /srv/www/htdocs/lam/config (Suse) or /var/www/html/lam/config (Fedora) to /var/lib/ldap-account-manager/config.

No changes.

If you use custom images for the PDF export then these images need to be 5 times bigger than before (e.g. 250x250px instead of 50x50px). This allows to use images with higher resolution.

No changes.

LAM supported to set a list of valid workstations on the "Personal" page. This required to change the LDAP schema. Since 3.1.0 this is replaced by the new "Hosts" module for users. Lamdaemon: The sudo entry needs to be changed to ".../lamdaemon.pl *".

No changes.

LAM Pro: There is now a separate account type for group of (unique) names. Please edit your server profiles to activate the new account type.

No changes.

If you used the prepackaged installation packages then remove the ldap-account-manager and ldap-account-manager-lamdaemon packages. Otherwise, remove the folder where you installed LAM via configure or by copying the files.

To move LAM (Pro) from one server to another please follow these steps: Install LAM (Pro) on your new server Copy the following files from the old server to the new one (base directory for RPM/DEB is /usr/share/ldap-account-manager/): config/*.conf config/config.cfg config/pdf/* config/profiles/* config/selfService/*.* (needed for LAM Pro only) The files must be writable for the webserver user. Open LAM (Pro) login page on new server and verify installation. Uninstall LAM (Pro) on old server.