Troubleshooting
Reset configuration password The password for the server profiles can be reset using the master configuration password. Open LAM configuration -> Edit server profiles ->Manage server profiles for this. In case you lost your master configuration password you need to manually edit the main configuration file (config.cfg) on the file system. Locate config.cfg: On DEB/RPM installations it is in /usr/share/ldap-account-manager/config and for tar.bz2 in config folder. Locate the "password" entry in the file Replace the password hash after "password: " with your new clear-text password (e.g. "secret") After the change the line should look like this: password: secret You can now login using your new password. Set the password once again via GUI in main configuration settings. This will then put again a hash value in the config.cfg file.
Functional issues Size limit You will get a message like "LDAP sizelimit exceeded, not all entries are shown." when you hit the LDAP search limit. OpenLDAP: See the OpenLDAP settings to fix this. 389 server: set nsslapd-sizelimit in cn=config (may also be set per user) other LDAP servers: please see your server documentation Invalid syntax errors: If you get any strange errors like "Invalid syntax" or "Invalid DN syntax" please check if your LDAP schema matches LAM's requirements. Schema test: This can be done by running "Tools" -> "Tests" -> "Schema test" inside LAM. If there are any object classes or attributes missing you will get a notice. See LDAP schema files for a list of used schemas. You may also want to deactivate unused modules in your LAM server profile (tab "Modules"). LDAP Logging: If your schema is correct you can turn on LDAP logging to get more detailed error messages from your LDAP server. OpenLDAP logging: slapd.conf: In /etc/ldap/slapd.conf turn logging on with the line "loglevel 256". slapd.d: In /etc/ldap/slapd.d/cn=config.ldif please change the attribute "olcLogLevel" to "Stats". Please add a line "olcLogLevel: Stats" if the attribute is missing. After changing the configuration please restart OpenLDAP. It usually uses /var/log/syslog for log output. PHP logging Sometimes it can help to enable PHP logging inside LAM. You can do this in the logging area of LAM's main configuration. Set the logging option to "all" and check if there are any messages printed in your browser window. Please note that not every notice message is an error but it may help to find the problem.
Performance issues LAM is tested to work with 10000 users with acceptable performance. If you have a larger directory or slow hardware then here are some points to increase performance. The first step is to check if performance problems are caused by the LAM web server or the LDAP server. Please check which machine suffers from high system load (CPU/memory consumption). High network latency may also be a problem. For large installations please make sure that LAM web server and LDAP server are located in the same building/server room. If you run LAM on multiple nodes (DNS load balancing/hardware load balancer) then also check the clustering section.
LDAP server Use indices Depending on the queries it may help to add some more indices on the LDAP server. Depending on your LDAP software it may already suggest indices in its log files. See here for typical OpenLDAP indices. Reduce query results by splitting LDAP management into multiple server profiles If you manage a very large directory then it might already be separated into multiple subtrees (e.g. by country, subsidiary, ...). Do not use a single LAM server profile to manage your whole directory. Use different server profiles for each separated LDAP subtree where possible (e.g. one for German users and one for French ones). Limit query results LAM allows to set an LDAP search limit for each server profile. This will limit the number of entries returned by your LDAP server. Use with caution because it can cause problems (e.g. with automatic UID generation) when LAM is not able to read all entries.
LAM web server Install a PHP accelerator There are tools like APC/OpCache (free) or Zend Server (commercial) that provide caching of PHP pages to improve performance. They will reduce the time for parsing the PHP pages and IO load. This is a simply way to enhance performance since APC/OpCache is part of most Linux distributions. If you use APC then make sure that it uses enough memory (e.g. "apc.shm_size=128M"). You can check the memory usage with the file apc.php that is shipped with APC. OpCache statistics can be shown with opcache-status. Disable session encryption LAM encrypts sensitive data in your session files. You can disable it to reduce CPU load.