313 lines
9.7 KiB
XML
313 lines
9.7 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
|
<chapter>
|
|
<title>Big picture</title>
|
|
|
|
<section>
|
|
<title>Overview</title>
|
|
|
|
<para>LAM has two major areas:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Admin interface to manage all sorts of different LDAP entries
|
|
(e.g. users/groups/hosts)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Self service (LAM Pro) where end users can edit their own
|
|
data</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<para></para>
|
|
|
|
<screenshot>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata fileref="images/bigPicture1.png" />
|
|
</imageobject>
|
|
</mediaobject>
|
|
</screenshot>
|
|
|
|
<para><emphasis role="bold">Admin interface</emphasis></para>
|
|
|
|
<para>This is the main part of the application. It allows to manage a
|
|
large list of LDAP entries (e.g. users, groups, DNS entries, ...). This
|
|
part is accessed by LDAP admins and support staff.</para>
|
|
|
|
<screenshot>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata fileref="images/bigPicture2.png" />
|
|
</imageobject>
|
|
</mediaobject>
|
|
</screenshot>
|
|
|
|
<para>Functional areas:</para>
|
|
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>Account tabs: These tabs allow to switsch between different
|
|
account types</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Tree view: Provides an LDAP browser to edit LDAP entries on
|
|
attribute level</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Tools menu: Contains useful tools such as profile and PDF
|
|
editor</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Help: Link to manual</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Logout: Logout of the application</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>List view: Lists all entries of the selected account type
|
|
(e.g. users)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>List configuration: Configuration settings for list view (e.g.
|
|
number of entries per page)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Filter: Filter boxes allow to enter simple filters like
|
|
"a*"</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
|
|
<para><emphasis role="bold">Self Service</emphasis></para>
|
|
|
|
<para>The self service provides a simple interface for your users to
|
|
edit their own data (e.g. telephone number). It also supports user self
|
|
registration and password reset functionality.</para>
|
|
|
|
<para>You can fully customize the layout of the self service
|
|
page.</para>
|
|
|
|
<screenshot>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata fileref="images/bigPicture3.png" />
|
|
</imageobject>
|
|
</mediaobject>
|
|
</screenshot>
|
|
|
|
<para><emphasis role="bold">Configuration</emphasis></para>
|
|
|
|
<para>Configuration is done on multiple levels:</para>
|
|
|
|
<para><emphasis role="bold">Global</emphasis></para>
|
|
|
|
<para>Effective for all parts of LAM (e.g. logging and password
|
|
policy).</para>
|
|
|
|
<para>Configured via LAM admin login -> LAM configuration -> <link
|
|
linkend="generalSettings">Edit general settings</link>.</para>
|
|
|
|
<para><emphasis role="bold">Server profile</emphasis></para>
|
|
|
|
<para>All settings for an LDAP connection (e.g. server name, LDAP
|
|
suffixes, account types/modules to activate) in admin interface. There
|
|
may be multiple for one LDAP server (e.g. for multiple departments,
|
|
different user groups, ...).</para>
|
|
|
|
<para>Configured via LAM admin login -> LAM configuration -> <link
|
|
linkend="serverProfiles">Edit server profile</link>.</para>
|
|
|
|
<para><emphasis role="bold">Self service</emphasis></para>
|
|
|
|
<para>All settings for a self service interface (e.g. fields that can be
|
|
edited, password reset functionality, ...).</para>
|
|
|
|
<para>Configured via LAM admin login -> LAM configuration -> <link
|
|
linkend="a_selfService">Edit self service</link>.</para>
|
|
|
|
<para><emphasis role="bold">Profiles</emphasis></para>
|
|
|
|
<para><link linkend="a_accountProfile">Account profiles</link> store
|
|
default values for new LDAP entries.</para>
|
|
|
|
<para><emphasis role="bold">PDF structures</emphasis></para>
|
|
|
|
<para><link linkend="pdfEditor">PDF structures</link> define the layout
|
|
and list of data fields to include in PDF export.</para>
|
|
</section>
|
|
|
|
<section>
|
|
<title>Glossary</title>
|
|
|
|
<para>Here you can find a list of common terms used in LAM.</para>
|
|
|
|
<table>
|
|
<title>Glossary</title>
|
|
|
|
<tgroup cols="2">
|
|
<thead>
|
|
<row>
|
|
<entry align="center">Term</entry>
|
|
|
|
<entry align="center">Description</entry>
|
|
</row>
|
|
</thead>
|
|
|
|
<tbody>
|
|
<row>
|
|
<entry>Account module</entry>
|
|
|
|
<entry>Plugin for a specific account type (e.g. Unix plugin for
|
|
user type)</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>Account type</entry>
|
|
|
|
<entry>Type of an LDAP entry (e.g. user/group/host)</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>Admin interface</entry>
|
|
|
|
<entry>LAM webpages for admin user (e.g. to create new
|
|
users)</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>Lamdaemon</entry>
|
|
|
|
<entry>Support script to manage user file system quotas and
|
|
create home directories</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>PDF editor</entry>
|
|
|
|
<entry>Manages PDF structures</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>PDF export</entry>
|
|
|
|
<entry>Exports an entry to PDF by using a PDF structure</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>PDF structure</entry>
|
|
|
|
<entry>Defines the layout and list of data fields to include in
|
|
PDF export</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>Profile</entry>
|
|
|
|
<entry>Template for creation of LDAP entries, contains default
|
|
values</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>Profile editor</entry>
|
|
|
|
<entry>Manages profiles for all account types</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>Self Service</entry>
|
|
|
|
<entry>LAM webpages for normal users where they can edit their
|
|
own data</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>Self service profile</entry>
|
|
|
|
<entry>Configuration for self service pages (multiple
|
|
configurations can exist)</entry>
|
|
</row>
|
|
|
|
<row>
|
|
<entry>Tree view</entry>
|
|
|
|
<entry>LDAP browser that allows to modify LDAP entries on
|
|
attribute/object class level</entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section>
|
|
<title>Architecture</title>
|
|
|
|
<para>There are basically two groups of users for LAM:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><emphasis role="bold">LDAP administrators and support
|
|
staff:</emphasis></para>
|
|
|
|
<para>These people administer LDAP entries like user accounts,
|
|
groups, ...</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para><emphasis role="bold">Users:</emphasis></para>
|
|
|
|
<para>This includes all people who need to manage their own data
|
|
inside the LDAP directory. E.g. these people edit their contact
|
|
information with LAM self service (LAM Pro).</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<screenshot>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata fileref="images/lam_architecture.png" />
|
|
</imageobject>
|
|
</mediaobject>
|
|
</screenshot>
|
|
|
|
<para>Therefore, LAM is split into two separate parts, LAM for admins
|
|
and for users. LAM for admins allows to manage various types of LDAP
|
|
entries (e.g. users, groups, hosts, ...). It also contains tools like
|
|
batch upload, account profiles, LDAP schema viewer and an LDAP browser.
|
|
LAM for users focuses on end users. It provides a self service for the
|
|
users to edit their personal data (e.g. contact information). The LAM
|
|
administrator is able to specify what data may be changed by the users.
|
|
The design is also adaptable to your corporate design.</para>
|
|
|
|
<para>LAM for admins/users is accessible via HTTP(S) by all major web
|
|
browsers (Firefox, IE, Opera, ...).</para>
|
|
|
|
<para><emphasis role="bold">LAM runtime environment:</emphasis></para>
|
|
|
|
<para>LAM runs on PHP. Therefore, it is independant of CPU architecture
|
|
and operating system (OS). You can run LAM on any OS which supports
|
|
Apache, Nginx or other PHP compatible web servers.</para>
|
|
|
|
<para><emphasis role="bold">Home directory server:</emphasis></para>
|
|
|
|
<para>You can manage user home directories and their quotas inside LAM.
|
|
The home directories may reside on the server where LAM is installed or
|
|
any remote server. The commands for home directory management are
|
|
secured by SSH. LAM will use the user name and password of the logged in
|
|
LAM administrator for authentication.</para>
|
|
|
|
<para><emphasis role="bold">LDAP directory:</emphasis></para>
|
|
|
|
<para>LAM connects to your LDAP server via standard LDAP protocol. It
|
|
also supports encrypted connections with SSL and TLS.</para>
|
|
</section>
|
|
</chapter>
|