<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>Tools</title>
<para></para>
<section id="a_accountProfile">
<title>Profile editor</title>
<para>The account profiles are templates for your accounts. Here you can
specify default values which can then be loaded when you create
accounts. You may also load a template for an existing account to reset
it to default values. When you create a new account then LAM will always
load the profile named <emphasis role="bold">"default"</emphasis>. This
account profile can include default values for all your accounts.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/profileEditor2.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>You can enter the LDAP suffix, RDN identifier and various other
attributes depending on account type and activated modules.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/profileEditor.png" />
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Import/export:</emphasis></para>
<para>Profiles can be exported to and imported from other server
profiles.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/profileEditor3.png" />
</imageobject>
</mediaobject>
</screenshot>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/profileEditor4.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>There is a special export target called "*Global templates". All
profiles exported here will be copied to all other server profiles
(incl. new ones). But existing profiles with the same name are not
overwritten. So a profile in global templates is treated as default
profile for all server profiles.</para>
<para>Use this if you would like to setup default profiles that are
valid for all server profiles.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/profileEditor5.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>File upload</title>
<para>When you need to create lots of accounts then you can use LAM's
file upload to create them. LAM will read a CSV formatted file and
create the related LDAP entries. Please check the data in you CSV file
carefully. LAM will do less checks for the file upload than for single
account creation.</para>
<para>At the first page please select the account type and what
extensions should be activated.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/fileUpload1.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>The next page shows all available options for the file upload. You
will also find a sample CSV file which can be used as template for your
CSV file. All red options are required columns in the file. You need to
specify a value for each account.</para>
<para>When you upload the CSV file then LAM first does some checks on
this file. This includes syntax checks and if all required data was
entered. No changes in the LDAP directory are done at this time.</para>
<para>If the checks were successful then LAM will ask again if you want
to create the accounts. You will also have the chance to check the
upload by viewing the changes in LDIF format.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/fileUpload2.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title id="toolMultiEdit">Multi edit</title>
<para>This tool allows you to modify a large list of LDAP entries in
batch mode. You can add new attributes/object classes, remove attributes
and set attributes to a specific value.</para>
<para>At the beginning, you need to specify where the entries are stored
that should be changed. You can select an account suffix, the tree
suffix or enter your own DN by selecting "Other".</para>
<para>Next, enter an additional LDAP filter to limit the entries that
should be changed. E.g. use "(objectclass=inetOrgPerson)" to filter for
users. You may also enter e.g. "(!(objectClass=passwordSelfReset))" to
match all accounts that do not yet have the <link
linkend="passwordSelfResetUser">password self reset</link>
feature.</para>
<literallayout>
</literallayout>
<para>Now, it is time to define the changes that should be done. The
following operations are possible:</para>
<itemizedlist>
<listitem>
<para>Add: Adds an attribute value if not yet existing. Please do
not use for single-value attributes that already have a
value.</para>
</listitem>
<listitem>
<para>Modify: Sets an attribute to the given value. If the attribute
does not yet exist then it is added. If the attribute has multiple
values then all other values are removed.</para>
</listitem>
<listitem>
<para>Delete: Deletes the specified value from this attribute. If
you leave the value field blank then all attribute values are
removed.</para>
</listitem>
</itemizedlist>
<para>Please note that all actions are run as separate LDAP commands.
You cannot add an object class and a required attribute at the same
time.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/multiEdit1.png" />
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Dry run</emphasis></para>
<para>You should always start with a dry run. It will not do any changes
to your LDAP directory but print out all modifications that will be
done. You will also be able to download the changes in LDIF format to
use with ldapmodify. This is useful if you want to adjust some actions
manually.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/multiEdit2.png" />
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Apply changes</emphasis></para>
<para>This will run the actions against your LDAP directory. You will
see which accounts are edited in the progress area and also if any
errors occured.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/multiEdit3.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>OU editor</title>
<para>This is a simple editor to add/delete organisational units in your
LDAP tree. This way you can structure the accounts.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/ouEditor.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section id="pdfEditor">
<title>PDF editor</title>
<para>All accounts in LAM may be exported as PDF files. You can specify
the page structure and displayed information by editing the PDF
profiles.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/pdfEditor2.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>When you export accounts to PDF then each account will get its own
page inside the PDF. There is a headline on each page where you can show
a page title. You may also add a logo to each page. To add more logos
please use the logo management on the PDF editor main page.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/pdfEditor.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>The main part is structured into sections of information. Each
section has a title. This can either be static text or the value of an
attribute. You may also insert a static text block as section. Sections
can be moved by using the arrows next to the section title.</para>
<para>Each section can contain multiple fields which usually represent
LDAP attributes. You can simply add new fields by selecting the field
name and its position. Then use the arrows to move the field inside the
section.</para>
<literallayout>
</literallayout>
<para><emphasis role="bold">Import/export:</emphasis></para>
<para>PDF structures can be exported to and imported from other server
profiles.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/pdfEditor3.png" />
</imageobject>
</mediaobject>
</screenshot>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/pdfEditor4.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>There is a special export target called "*Global templates". All
PDF structures exported here will be copied to all other server profiles
(incl. new ones). But existing PDF structures with the same name are not
overwritten. So a PDF structure in global templates is treated as
default structure for all server profiles.</para>
<para>Use this if you would like to setup default PDF structures that
are valid for all server profiles.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/pdfEditor5.png" />
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Logo management:</emphasis></para>
<para>You can upload image files to put a custom logo on the PDF files.
The image file name must end with .png or .jpg and the size must not
exceed 2000x300px.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/pdfEditor6.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>Schema browser</title>
<para>Here you browse the schema of your LDAP server. You can view what
object classes, attributes, syntaxes and matching rules are available.
This is useful if you need to check if a certain object class is
available.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/schemaBrowser.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>Server information</title>
<para>This shows information and statistics about your LDAP server. This
includes the suffixes, used overlays, connection data and operation
statistics. You will need "cn=monitor" setup to see all details. Some
data may not be available depending on your LDAP server software.</para>
<para>Please see the following links how to setup "cn=monitor":</para>
<itemizedlist>
<listitem>
<para><ulink
url="http://www.openldap.org/doc/admin24/monitoringslapd.html">OpenLDAP</ulink></para>
</listitem>
<listitem>
<para><ulink type=""
url="http://directory.fedoraproject.org/wiki/Howto:CN%3DMonitor_LDAP_Monitoring">389
server</ulink></para>
</listitem>
</itemizedlist>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/serverInfo.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>Tests</title>
<para>This allows you to check if your LDAP schema is compatible with
LAM and to find possible problems.</para>
<section>
<title>Lamdaemon test</title>
<para>LAM provides an external script to manage home directories and
quotas. You can test here if everything is setup correctly.</para>
<para>If you get an error like "no tty present and no askpass program
specified" then the path to the lamdaemon.pl may be wrong. Please see
the <link linkend="a_lamdaemon">lamdaemon installation
instructions</link> for setup details.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/lamdaemonTest.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>Schema test</title>
<para>This will test if your LDAP schema supports all object classes
and attributes of the active LAM modules. If you get a message that
something is missing please check that you installed all <link
linkend="a_schema">required schemas</link>.</para>
<para>If you get error messages about object class violations then
this test can tell you what is missing.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/schemaTest.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
</section>
</chapter>