The account profiles are templates for your accounts. Here you can specify default values which can then be loaded when you create accounts. You may also load a template for an existing account to reset it to default values. When you create a new account then LAM will always load the profile named "default". This account profile can include default values for all your accounts. You can enter the LDAP suffix, RDN identifier and various other attributes depending on account type and activated modules. Import/export: Profiles can be exported to and imported from other server profiles. There is a special export target called "*Global templates". All profiles exported here will be copied to all other server profiles (incl. new ones). But existing profiles with the same name are not overwritten. So a profile in global templates is treated as default profile for all server profiles. Use this if you would like to setup default profiles that are valid for all server profiles.

When you need to create lots of accounts then you can use LAM's file upload to create them. In contrast to LDAP import/export this operates on account type level. LAM will read a CSV formatted file and create the related LDAP entries. Please check the data in you CSV file carefully. LAM will do less checks for the file upload than for single account creation. At the first page please select the account type and what extensions should be activated. The next page shows all available options for the file upload. You will also find a sample CSV file which can be used as template for your CSV file. All red options are required columns in the file. You need to specify a value for each account. When you upload the CSV file then LAM first does some checks on this file. This includes syntax checks and if all required data was entered. No changes in the LDAP directory are done at this time. If the checks were successful then LAM will ask again if you want to create the accounts. You will also have the chance to check the upload by viewing the changes in LDIF format.

This tool allows you to modify a large list of LDAP entries in batch mode. You can add new attributes/object classes, remove attributes and set attributes to a specific value. At the beginning, you need to specify where the entries are stored that should be changed. You can select an account suffix, the tree suffix or enter your own DN by selecting "Other". Next, enter an additional LDAP filter to limit the entries that should be changed. E.g. use "(objectclass=inetOrgPerson)" to filter for users. You may also enter e.g. "(!(objectClass=passwordSelfReset))" to match all accounts that do not yet have the password self reset feature. Now, it is time to define the changes that should be done. The following operations are possible: Add: Adds an attribute value if not yet existing. Please do not use for single-value attributes that already have a value. Modify: Sets an attribute to the given value. If the attribute does not yet exist then it is added. If the attribute has multiple values then all other values are removed. Delete: Deletes the specified value from this attribute. If you leave the value field blank then all attribute values are removed. Please note that all actions are run as separate LDAP commands. You cannot add an object class and a required attribute at the same time. Dry run You should always start with a dry run. It will not do any changes to your LDAP directory but print out all modifications that will be done. You will also be able to download the changes in LDIF format to use with ldapmodify. This is useful if you want to adjust some actions manually. Apply changes This will run the actions against your LDAP directory. You will see which accounts are edited in the progress area and also if any errors occured.

Here you can import and export plain LDAP data. In contrast to file upload this operates on plain LDAP attribute level.

The LDAP import supports input data in LDIF format. You can provide plain text or upload an LDIF file. The "Don't stop on errors" option will cause the import to continue even if entries could not be created.

Here you can export your plain LDAP data as LDIF or CSV file. Base DN: this is the starting point of the export. Enter a DN or press the magnifying glass icon to open the DN selection dialog. Search scope: You can export just the base DN, base DN + its direct children or the whole subtree. Search filter: this can be used to filter the entries by specifying a standard LDAP filter. The preselected filter "(objectclass=*)" matches all entries. Attributes: the list of attributes that should be part of export. "*" matches all standard attributes (excluding system attributes). Include system attributes: this will also include system attributes like the entry creation time and creator's DN. Save as file: will save to file instead of printing the data on the web page. Export format: you can select LDIF or CSV (e.g. for usage in spreadsheet applications). End of line: use the one appropriate for your operating system.

This is a simple editor to add/delete organisational units in your LDAP tree. This way you can structure the accounts.

All accounts in LAM may be exported as PDF files. You can specify the page structure and displayed information by editing the PDF profiles. When you export accounts to PDF then each account will get its own page inside the PDF. There is a headline on each page where you can show a page title. You may also add a logo to each page. To add more logos please use the logo management on the PDF editor main page. The main part is structured into sections of information. Each section has a title. This can either be static text or the value of an attribute. You may also insert a static text block as section. Sections can be moved by using the arrows next to the section title. Each section can contain multiple fields which usually represent LDAP attributes. You can simply add new fields by selecting the field name and its position. Then use the arrows to move the field inside the section. Import/export: PDF structures can be exported to and imported from other server profiles. There is a special export target called "*Global templates". All PDF structures exported here will be copied to all other server profiles (incl. new ones). But existing PDF structures with the same name are not overwritten. So a PDF structure in global templates is treated as default structure for all server profiles. Use this if you would like to setup default PDF structures that are valid for all server profiles. Logo management: You can upload image files to put a custom logo on the PDF files. The image file name must end with .png or .jpg.

Here you browse the schema of your LDAP server. You can view what object classes, attributes, syntaxes and matching rules are available. This is useful if you need to check if a certain object class is available.

This shows information and statistics about your LDAP server. This includes the suffixes, used overlays, connection data and operation statistics. You will need "cn=monitor" setup to see all details. Some data may not be available depending on your LDAP server software. Please see the following links how to setup "cn=monitor": OpenLDAP 389 server

See the Webauthn/FIDO2 appendix for an overview about Webauthn/FIDO2 in LAM. Here you can manage your webauthn/FIDO2 devices. You can register additional security devices and remove old ones. If no more device is registered then LAM will ask you for registration on next login.

This allows you to check if your LDAP schema is compatible with LAM and to find possible problems.

LAM provides an external script to manage home directories and quotas. You can test here if everything is setup correctly. If you get an error like "no tty present and no askpass program specified" then the path to the lamdaemon.pl may be wrong. Please see the lamdaemon installation instructions for setup details.

This will test if your LDAP schema supports all object classes and attributes of the active LAM modules. If you get a message that something is missing please check that you installed all required schemas. If you get error messages about object class violations then this test can tell you what is missing.