You can define different access levels for each profile to allow or disallow write access. The password reset page helps your deskside support staff to reset user passwords.

There are three access levels: Write access (default) There are no restrictions. LAM admin users can manage account, create profiles and set passwords. Change passwords Similar to "Read only" except that the password reset page is available. Read only No write access to the LDAP database is allowed. It is also impossible to manage account and PDF profiles. Accounts may be viewed but no changes can be saved. The access level can be set on the server configuration page:

This special page allows your deskside support staff to reset the Unix and Samba passwords of your users. Account may also be (un)locked If you set the access level to "Change passwords" then LAM will not allow any changes to the LDAP database except password changes via this page. The account pages will be still available in read-only mode. You can open the password reset page by clicking on the key symbol on each user account: There are three different options to set a new password. You can further restrict these options in server profile settings. set random password and display it on screen This will set the user's password to a random value. The password will be 11 characters long with a random combination of letters, digits and ".-_". You may want to use this method to tell users their new passwords via phone. set random password and mail it to user If the user account has set the mail attribute then LAM can send your user a mail with the new password. You can change the mail template to fit your needs. Please configure your LAM server profile to setup the sender address, subject and mail body. See here for setting up your SMTP server. Using this method will prevent that your support staff knows the new password. set specific password Here you can specify your own password. LAM will display contact information about the user like the user's name, email address and telephone number. This will help your deskside support to easily contact your users. Options: Depending on the account there may be additional options available. Sync Samba NT/LM password with Unix password: If a user account has Samba passwords set then LAM will offer to synchronize the passwords. Unlock Samba account: Locked Samba accounts can be unlocked with the password change. Update Samba password timestamps: This will set the timestamps when the password was changed (sambaPwdLastSet). Only existing attributes are updated. No new attributes are added. Sync Kerberos password with Unix password: This will also update the Heimdal Kerberos password. Sync Asterisk (voicemail) password with Unix password: Changes also the Asterisk passwords. Force password change: This will force the user to change his password at next login. This option supports Shadow, Samba 3 and PPolicy (automatically detected). Account (un)locking: Depending if the account includes a Unix/Samba extension and PPolicy is activated the page will show options to (un)lock the account. E.g. if the account is fully unlocked then there will be no unlocking options printed.