InstallationNew installationRequirementsLAM has the following requirements to run:Apache/Nginx webserver (SSL recommended) with PHP module (PHP
(>= 5.6.0) with ldap, gettext, xml, openssl and optional
OpenSSL)Some LAM plugins may require additional PHP extensions (you
will get a note on the login page if something is missing)Perl (optional, needed only for lamdaemon)Any standard LDAP server (e.g. OpenLDAP, Active Directory,
Samba 4, OpenDJ, 389 Directory Server, Apache DS, ...)A recent web browser that supports CSS2 and JavaScript, at
minimum:Firefox (max. 2 years old)Internet Explorer 11 (compatibility mode turned off)Opera (max. 2 years old)Chrome (max. 2 years old)OpenSSL will be used to store your LDAP password encrypted in the
session file.Please note that LAM does not ship with a selinux policy. Please
disable selinux or create your own
policy.See LDAP schema fles for
information about used LDAP schema files.Prepackaged releasesLAM is available as prepackaged version for various
platforms.DebianLAM is part of the official Debian repository. New
releases are uploaded to unstable and will be available
automatically in testing and the stable releases. You can
runapt-get
install ldap-account-managerto install LAM
on your server. Additionally, you may download the latest LAM
Debian packages from the LAM
homepage or the Debian
package homepage.Installation of the latest packages on
DebianInstall the LAM packagedpkg -i ldap-account-manager_*.debIf you get any messages about missing dependencies
run now: apt-get -f installInstall the lamdaemon package (optional)dpkg -i
ldap-account-manager-lamdaemon_*.debSuse/Fedora/CentOSThere are RPM packages available on the LAM
homepage. The packages can be installed with these
commands:rpm -e
ldap-account-manager ldap-account-manager-lamdaemon
(if an older version is installed)rpm -i <path to LAM
package>Note: The RPM packages
do not contain a dependency to PHP due to the various package
names for it. Please make sure that you install Apache/Nginx
with PHP.Other RPM based distributionsThe RPM packages for Suse/Fedora are very generic and should be
installable on other RPM-based distributions, too. The Fedora packages
use apache:apache as file owner and the Suse ones use
wwwrun:www.FreeBSDLAM is part of the official FreeBSD ports tree. For
more details see these pages:FreeBSD-SVN: http://svnweb.freebsd.org/ports/head/sysutils/ldap-account-manager/FreshPorts:
http://www.freshports.org/sysutils/ldap-account-managerInstalling the tar.bz2Extract the archivePlease extract the archive with the following command:tar xjf ldap-account-manager-<version>.tar.bz2Install the filesManual copyCopy the files into the html-file scope of the web server. For
example /apache/htdocs or /var/www/html.Then set the appropriate file permissions inside the LAM
directory:sess: write permission for apache/nginx usertmp: write permission for apache/nginx usertmp/internal: write permission for apache/nginx
userconfig (with subdirectories): write permission for
apache/nginx userlib/lamdaemon.pl: set executableWith configure scriptInstead of manually copying files you can also use the
included configure script to install LAM. Just run these commands in
the extracted directory:./configuremake installOptions for "./configure":--with-httpd-user=USER USER is the name of your
Apache/Nginx user account (default httpd)--with-httpd-group=GROUP GROUP is the name of your
Apache/Nginx group (default httpd)--with-web-root=DIRECTORY DIRECTORY is the name where LAM
should be installed (default /usr/local/lam)Configuration filesCopy config/config.cfg.sample to config/config.cfg. Open the
index.html in your web browser:Follow the link "LAM configuration" from the start page to
configure LAM.Select "Edit general settings" to setup global settings and
to change the master
configuration password (default is "lam").Select "Edit server profiles" to setup a server
profile.Webserver configurationPlease see the Apache or Nginx chapter.DockerYou can run LAM inside Docker.See here:https://hub.docker.com/r/ldapaccountmanager/lamLAM Pro:Please request access at support providing your Docker Hub user
ID.https://hub.docker.com/r/ldapaccountmanager/lamproConfiguration filesAll configuration files are stored in:/etc/ldap-account-manager/var/lib/ldap-account-managerSystem configurationPHPLAM runs with PHP5 (>= 5.2.4). Needed changes in your
php.ini:memory_limit = 64MFor large installations (>10000 LDAP entries) you may need to
increase the memory limit to 256M.If you run PHP with activated Suhosin
extension please check your logs for alerts. E.g. LAM requires that
"suhosin.post.max_name_length" and
"suhosin.request.max_varname_length" are increased (e.g. to
256).Locales for non-English translationIf you want to use a translated version of LAM be sure to
install the needed locales. The following table shows the needed
locales for the different languages.
LocalesLanguageLocaleCatalanca_ES.utf8Chinese (Simplified)zh_CN.utf8Chinese (Traditional)zh_TW.utf8Czechcs_CZ.utf8Dutchnl_NL.utf8English - Great Britainno extra locale neededEnglish - USAen_US.utf8Frenchfr_FR.utf8Germande_DE.utf8Hungarianhu_HU.utf8Italianit_IT.utf8Japaneseja_JP.utf8Polishpl_PL.utf8Portuguesept_BR.utf8Russianru_RU.utf8Slovaksk_SK.utf8Spanishes_ES.utf8Turkishtr_TR.utf8Ukrainianuk_UA.utf8
You can get a list of all installed locales on your system by
executing:locale -aDebian users can add locales with "dpkg-reconfigure
locales".Upgrading LAM or migrate from LAM to LAM ProUpgrading from LAM to LAM Pro is like installing a new LAM version.
Simply install the LAM Pro packages/tar.bz2 instead of the LAM
ones.Upgrade LAMBackup configuration filesConfiguration files need only to be backed up for .tar.bz2
installations. DEB/RPM installations do not require this step.LAM stores all configuration files in the "config" folder. Please
backup the following files and copy them after the new version is
installed.config/*.confconfig/config.cfgconfig/pdf/*.xmlconfig/profiles/*LAM Pro only:config/selfService/*.*Uninstall current LAM (Pro)
versionIf you used the RPM installation packages then remove the
ldap-account-manager and ldap-account-manager-lamdaemon packages by
calling "rpm -e ldap-account-manager
ldap-account-manager-lamdaemon".Debian needs no removal of old packages.For tar.bz2 please remove the folder where you installed LAM via
configure or by copying the files.Install new LAM (Pro)
versionPlease install the new LAM (Pro)
release. Skip the part about setting up LAM configuration files.Restore configuration
filesRPM:Please check if there are any files ending with ".rpmsave" in
/var/lib/ldap-account-manager/config. In this case you need to manually
remove the .rpmsave extension by overwriting the package file. E.g.
rename default.user.rpmsave to default.user.DEB:Nothing needs to be restored.tar.bz2:Please restore your configuration files from the backup. Copy all
files from the backup folder to the config folder in your LAM Pro
installation. Do not simply replace the folder because the new LAM (Pro)
release might include additional files in this folder. Overwrite any
existing files with your backup files.Final stepsNow open your webbrowser and point it to the LAM login page. All
your settings should be migrated.Please check also the version
specific instructions. They might include additional
actions.Version specific upgrade instructionsYou need to follow all steps from your current version to the new
version. Unless explicitly noticed there is no need to install an
intermediate release.6.7 -> 7.0No actions required.6.6 -> 6.7Self service: please verify the self service base URL in your
self service profiles in case you have password self reset / user self
registration enabled.6.5 -> 6.6No actions required.6.4 -> 6.5No actions required.6.3 -> 6.4No actions needed.6.2 -> 6.3Unix: Options in server profile for Unix users and groups need
to be reconfigured. Several settings (e.g. id generation) are now
specific to subaccount type.Self Service: If you use a captcha for user self registration
this needs to be reconfigured. On tab General settings please activate
Google reCAPTCHA (the checkbox to secure login is optional). On tab
Module settings please tick the captcha checkbox at self registration
settings.6.1 -> 6.2No actions required.6.0 -> 6.1DEB+RPM configuration for nginx uses PHP 7 by default. Please
see /etc/ldap-account-manager/nginx.conf if you use PHP 5.5.7 -> 6.0No actions needed.5.6 -> 5.7Windows: The department attribute was changed from
"departmentNumber" to "department" to match Windows user manager. The
attribute "departmentNumber" is no more supported by the Windows
module. You will need to reactivate the department option in your
server profile on module settings tab.5.5 -> 5.6Mail routing: No longer added by default. Use profile editor to
activate by default for new users/groups.Personal/Unix/Windows: no more replacement of e.g. $user/$group
on user upload5.4 -> 5.5LAM Pro requires a license key. You can find it in your customer
profile.5.1 -> 5.4No special actions needed.5.0 -> 5.1Self Service: There were large changes to provide a responsive
design that works for desktop and mobile. If you use custom CSS to
style Self Service then this must be updated.4.9 -> 5.0Samba 3: If you used logon hours then you need to set the
correct time zone on tab "Generel settings" in server profile.4.5 -> 4.9No special actions needed.4.4 -> 4.5LAM will no longer follow referrals by default. This is ok for
most installations. If you use LDAP referrals please activate referral
following for your server profile (tab General settings -> Server
settings -> Advanced options).The self service pages now have an own option for allowed IPs.
If your LAM installation uses IP restrictions please update the LAM
main configuration.Password self reset (LAM Pro) allows to set a backup email
address. You need to update the LDAP schema
if you want to use this feature.4.3 -> 4.4Apache configuration: LAM supports Apache 2.2 and 2.4. This
requires that your Apache server has enabled the "version" module. For
Debian and Fedora this is the default setup. The Suse RPM will try to
enable the version module during installation.Kolab: User accounts get the object class "mailrecipient" by
default. You can change this behaviour in the module settings section
of your LAM server profile.Windows: sAMAccountName is no longer set by default. Enable it
in server profile if needed. The possible domains for the user name
can also be set in server profile.4.2.1 -> 4.3LAM is no more shipped as tar.gz package but as tar.bz2 which
allows smaller file sizes.4.1 -> 4.2/4.2.1Zarafa users: The default attribute for mail aliases is now
"dn". If you use "uid" and did not change the server profile for a
long time please check your LAM server profile for this setting and
save it.4.0 -> 4.1Unix: The list of valid login
shells is no longer configured in "config/shells" but in the
server/self service profiles (Unix settings). LAM will use the
following shells by default: /bin/bash, /bin/csh, /bin/dash,
/bin/false, /bin/ksh, /bin/sh.Please update your server/self service profile if you would like
to change the list of valid login shells.3.9 -> 4.0The account profiles and PDF structures are now separated by
server profile. This means that if you edit e.g. an account profile in
server profile A then this change will not affect the account profiles
in server profile B.LAM will automatically migrate your existing files as soon as
the login page is loaded.Special install instructions:Debian: none, config files will be migrated when opening
LAM's login pageSuse/Fedora RPM:Run "rpm -e ldap-account-manager
ldap-account-manager-lamdaemon"You may get warnings like "warning:
/var/lib/ldap-account-manager/config/profiles/default.user
saved as
/var/lib/ldap-account-manager/config/profiles/default.user.rpmsave"Please rename all files "*.rpmsave" and remove the file
extension ".rpmsave". E.g. "default.user.rpmsave" needs to be
renamed to "default.user".Install the LAM packages with "rpm -i". E.g. "rpm -i
ldap-account-manager-4.0-0.suse.1.noarch.rpm".Open LAM's login page in your browser to complete the
migrationtar.gz: standard upgrade steps, config files will be
migrated when opening LAM's login page3.7 -> 3.9No changes.3.6 -> 3.7Asterisk extensions: The extension entries are now grouped by
extension name and account context. LAM will automatically assign
priorities and set same owners for all entries.3.5.0 -> 3.6Debian users: LAM 3.6 requires
to install FPDF 1.7. You can download the package here.
If you use Debian Stable (Squeeze) please use the package from Testing
(Wheezy).3.4.0 -> 3.5.0LAM Pro: The global
config/passwordMailTemplate.txt is no longer supported. You can setup
the mail settings now for each LAM server profile which provides more
flexibility.Suse/Fedora RPM installations:
LAM is now installed to /usr/share/ldap-account-manager and
/var/lib/ldap-account-manager.Please note that configuration files are not migrated
automatically. Please move the files from /srv/www/htdocs/lam/config
(Suse) or /var/www/html/lam/config (Fedora) to
/var/lib/ldap-account-manager/config.3.3.0 -> 3.4.0No changes.3.2.0 -> 3.3.0If you use custom images for the PDF export then these images
need to be 5 times bigger than before (e.g. 250x250px instead of
50x50px). This allows to use images with higher resolution.3.1.0 -> 3.2.0No changes.3.0.0 -> 3.1.0LAM supported to set a list of valid workstations on the
"Personal" page. This required to change the LDAP schema. Since 3.1.0
this is replaced by the new "Hosts" module for users.Lamdaemon: The sudo entry needs to be changed to
".../lamdaemon.pl *".2.3.0 -> 3.0.0No changes.2.2.0 -> 2.3.0LAM Pro: There is now a
separate account type for group of (unique) names. Please edit your
server profiles to activate the new account type.1.1.0 -> 2.2.0No changes.Uninstallation of LAM (Pro)If you used the prepackaged installation packages then remove the
ldap-account-manager and ldap-account-manager-lamdaemon packages.Otherwise, remove the folder where you installed LAM via configure
or by copying the files.Migration to a new serverTo move LAM (Pro) from one server to another please follow these
steps:Install LAM (Pro) on your new serverCopy the following files from the old server to the new one
(base directory for RPM/DEB is
/usr/share/ldap-account-manager/):config/*.confconfig/config.cfgconfig/pdf/*config/profiles/*config/selfService/*.* (needed for LAM Pro only)The files must be writable for the webserver user.Open LAM (Pro) login page on new server and verify
installation.Uninstall LAM (Pro) on old server.