Update: ldap-account-manager stack

ldap-account-manager/README.md

@@ -0,0 +1,18 @@
+
+You need to copy existing data first ...
+
+```
+docker run -d --name lam_tmp --rm ldapaccountmanager/lam:latest 
+docker cp lam_tmp:/var/lib/ldap-account-manager/config/ .
+docker stop lam_tmp
+
+mkdir -p data/sess
+mv config conf
+sudo chown -R 33:33 data/ conf/
+sudo chmod go+rx conf/
+sudo chmod go+r conf/*
+sudo rm conf/config.cfg
+sudo cp conf/config.cfg.sample conf/config.cfg
+
+sudo sed -i 's/^password:.*/password: admin/' conf/config.cfg
+```

ldap-account-manager/conf/.htaccess

@@ -0,0 +1,3 @@
+<Files *>
+  Require all denied
+</Files>

ldap-account-manager/conf/addressbook.sample.conf

@@ -0,0 +1,209 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: ldap://localhost:389
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=Manager,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: lam
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=yourdomain,dc=org
+
+# default language (a line from config/language)
+defaultLanguage: en_GB.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user
+
+
+types: suffix_user: ou=People,dc=my-domain,dc=com
+types: attr_user: #uid;#givenName;#sn;#mail
+types: modules_user: inetOrgPerson
+
+types: suffix_group: ou=group,dc=my-domain,dc=com
+types: attr_group: #cn;#gidNumber;#memberUID;#description
+types: modules_group: posixGroup
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+
+
+
+# enable TLS encryption
+useTLS: yes
+
+
+# follow referrals
+followReferrals: false
+
+
+# paged results
+pagedResults: false
+
+
+# Access level for this profile.
+accessLevel: 100
+
+
+# Login method.
+loginMethod: list
+
+
+# Search suffix for LAM login.
+loginSearchSuffix: dc=yourdomain,dc=org
+
+
+# Search filter for LAM login.
+loginSearchFilter: uid=%USER%
+
+
+# Bind DN for login search.
+loginSearchDN:
+
+
+# Bind password for login search.
+loginSearchPassword:
+
+
+# HTTP authentication for LAM login.
+httpAuthentication: false
+
+
+# Password mail from
+lamProMailFrom:
+
+
+# Password mail reply-to
+lamProMailReplyTo:
+
+
+# Password mail is HTML
+lamProMailIsHTML: false
+
+
+# Allow alternate address
+lamProMailAllowAlternateAddress: true
+modules: inetOrgPerson_hideDescription: false
+modules: inetOrgPerson_hideStreet: false
+modules: inetOrgPerson_hidePostOfficeBox: false
+modules: inetOrgPerson_hidePostalCode: false
+modules: inetOrgPerson_hideLocation: false
+modules: inetOrgPerson_hideState: false
+modules: inetOrgPerson_hidePostalAddress: false
+modules: inetOrgPerson_hideRegisteredAddress: false
+modules: inetOrgPerson_hideOfficeName: false
+modules: inetOrgPerson_hideRoomNumber: false
+modules: inetOrgPerson_hideTelephoneNumber: false
+modules: inetOrgPerson_hideHomeTelephoneNumber: false
+modules: inetOrgPerson_hideMobileNumber: false
+modules: inetOrgPerson_hideFaxNumber: false
+modules: inetOrgPerson_hidePager: true
+modules: inetOrgPerson_hideEMailAddress: false
+modules: inetOrgPerson_hideJobTitle: false
+modules: inetOrgPerson_hideCarLicense: false
+modules: inetOrgPerson_hideEmployeeType: false
+modules: inetOrgPerson_hideBusinessCategory: false
+modules: inetOrgPerson_hideDepartments: false
+modules: inetOrgPerson_hideManager: false
+modules: inetOrgPerson_hideOu: false
+modules: inetOrgPerson_hideO: false
+modules: inetOrgPerson_hideEmployeeNumber: false
+modules: inetOrgPerson_hideInitials: false
+modules: inetOrgPerson_hideLabeledURI: false
+modules: inetOrgPerson_hideuserCertificate: false
+modules: inetOrgPerson_hidejpegPhoto: false
+modules: inetOrgPerson_hideUID: false
+modules: inetOrgPerson_readOnly_businessCategory: false
+modules: inetOrgPerson_readOnly_cn: false
+modules: inetOrgPerson_readOnly_employeeType: false
+modules: inetOrgPerson_readOnly_postalAddress: false
+modules: inetOrgPerson_readOnly_uid: false
+modules: inetOrgPerson_readOnly_title: false
+modules: inetOrgPerson_readOnly_description: false
+modules: inetOrgPerson_readOnly_st: false
+modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
+modules: inetOrgPerson_readOnly_mail: false
+modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
+modules: inetOrgPerson_readOnly_jpegPhoto: false
+modules: inetOrgPerson_readOnly_carLicense: false
+modules: inetOrgPerson_readOnly_labeledURI: false
+modules: inetOrgPerson_readOnly_initials: false
+modules: inetOrgPerson_readOnly_registeredAddress: false
+modules: inetOrgPerson_readOnly_mobile: false
+modules: inetOrgPerson_readOnly_sn: false
+modules: inetOrgPerson_readOnly_o: false
+modules: inetOrgPerson_readOnly_ou: false
+modules: inetOrgPerson_readOnly_l: false
+modules: inetOrgPerson_readOnly_pager: false
+modules: inetOrgPerson_readOnly_userPassword: false
+modules: inetOrgPerson_readOnly_employeeNumber: false
+modules: inetOrgPerson_readOnly_postOfficeBox: false
+modules: inetOrgPerson_readOnly_postalCode: false
+modules: inetOrgPerson_readOnly_roomNumber: false
+modules: inetOrgPerson_readOnly_street: false
+modules: inetOrgPerson_readOnly_homePhone: false
+modules: inetOrgPerson_readOnly_telephoneNumber: false
+modules: inetOrgPerson_readOnly_departmentNumber: false
+modules: inetOrgPerson_readOnly_manager: false
+modules: inetOrgPerson_readOnly_givenName: false
+modules: inetOrgPerson_jpegPhoto_maxWidth:
+modules: inetOrgPerson_jpegPhoto_maxHeight:
+modules: inetOrgPerson_jpegPhoto_maxSize:
+types: filter_user:
+types: customLabel_user:
+types: filter_group:
+types: customLabel_group:
+types: hidden_user:
+types: hideNewButton_user:
+types: hideDeleteButton_user:
+types: readOnly_user:
+tools: tool_hide_toolServerInformation: false
+tools: tool_hide_toolFileUpload: false
+tools: tool_hide_toolMultiEdit: false
+tools: tool_hide_toolPDFEditor: false
+tools: tool_hide_toolOUEditor: false
+tools: tool_hide_toolProfileEditor: false
+tools: tool_hide_toolTests: false
+tools: tool_hide_toolSchemaBrowser: false

ldap-account-manager/conf/config.cfg

@@ -0,0 +1,21 @@
+
+# password to add/delete/rename configuration profiles (default: lam)
+password: admin
+
+# default profile, without ".conf"
+default: lam
+
+# log level
+logLevel: 4
+
+# log destination
+logDestination: SYSLOG
+
+configDatabaseType: files
+configDatabaseServer:
+configDatabasePort:
+configDatabaseName:
+configDatabaseUser:
+configDatabasePassword:
+
+license:

ldap-account-manager/conf/config.cfg.sample

@@ -0,0 +1,21 @@
+
+# password to add/delete/rename configuration profiles (default: lam)
+password: {SSHA}D6AaX93kPmck9wAxNlq3GF93S7A= R7gkjQ==
+
+# default profile, without ".conf"
+default: lam
+
+# log level
+logLevel: 4
+
+# log destination
+logDestination: SYSLOG
+
+configDatabaseType: files
+configDatabaseServer:
+configDatabasePort:
+configDatabaseName:
+configDatabaseUser:
+configDatabasePassword:
+
+license:

ldap-account-manager/conf/lam.conf

@@ -0,0 +1,71 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: openldap
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=admin,dc=dev,dc=box
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: {SSHA}lYFB4utZ47V/Fu0dvcCgnWdRD1s= ridkeg==
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=dev,dc=box
+
+# default language (a line from config/language)
+defaultLanguage: en_US.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user,group
+
+
+types: suffix_user: dc=dev,dc=box
+types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
+types: modules_user: inetOrgPerson,posixAccount,shadowAccount
+
+types: suffix_group: dc=dev,dc=box
+types: attr_group: #cn;#gidNumber;#memberUID;#description
+types: modules_group: posixGroup
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+

ldap-account-manager/conf/language

@@ -0,0 +1,63 @@
+# LDAP Account Manager language configuration file
+#
+# Do not modify!
+
+# Each line consists of a ":"-separated entry. The first part is the locale name,
+# the second is the character encoding and the third the language name.
+
+# Catalan
+# ca_ES.utf8:UTF-8:Català (Catalunya)
+
+# Czech
+# cs_CZ.utf8:UTF-8:Čeština (Česko)
+
+# German
+de_DE.utf8:UTF-8:Deutsch (Deutschland)
+
+# GB English
+en_GB.utf8:UTF-8:English (Great Britain)
+
+# US English
+en_US.utf8:UTF-8:English (USA)
+
+# Spanish
+es_ES.utf8:UTF-8:Español (España)
+
+# French
+fr_FR.utf8:UTF-8:Français (France)
+
+# Italian
+it_IT.utf8:UTF-8:Italiano (Italia)
+
+# Hungarian
+# hu_HU.utf8:UTF-8:Magyar (Magyarország)
+
+# Dutch
+nl_NL.utf8:UTF-8:Nederlands (Nederland)
+
+# Polish
+pl_PL.utf8:UTF-8:Polski (Polska)
+
+# Portuguese
+pt_BR.utf8:UTF-8:Português (Brasil)
+
+# Russian
+# ru_RU.utf8:UTF-8:Русский (Россия)
+
+# Slovakian
+sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
+
+# Turkish
+# tr_TR.utf8:UTF-8:Türkçe (Türkiye)
+
+# Ukrainian
+uk_UA.utf8:UTF-8:Українська (Україна)
+
+# Japanese
+ja_JP.utf8:UTF-8:日本語 (日本)
+
+# Chinese (Traditional)
+zh_TW.utf8:UTF-8:繁體中文 (台灣)
+
+# Chinese (Simplified)
+zh_CN.utf8:UTF-8:简体中文 (中国)

ldap-account-manager/conf/pdf/lam/default.group.xml

@@ -0,0 +1,8 @@
+<pdf filename="" headline="Group information" foldingmarks="">
+	<section name="_posixGroup_cn">
+		<entry name="main_dn"/>
+		<entry name="posixGroup_description"/>
+		<entry name="posixGroup_gidNumber"/>
+		<entry name="posixGroup_memberUid"/>
+	</section>
+</pdf>

ldap-account-manager/conf/pdf/lam/default.user.xml

@@ -0,0 +1,35 @@
+<pdf filename="printLogo.jpg" headline="User information" foldingmarks="">
+	<section name="Personal user information">
+		<entry name="inetOrgPerson_title"/>
+		<entry name="inetOrgPerson_givenName"/>
+		<entry name="inetOrgPerson_sn"/>
+		<entry name="inetOrgPerson_street"/>
+		<entry name="inetOrgPerson_postalCode"/>
+		<entry name="inetOrgPerson_postalAddress"/>
+		<entry name="inetOrgPerson_mail"/>
+		<entry name="inetOrgPerson_telephoneNumber"/>
+		<entry name="inetOrgPerson_mobileTelephoneNumber"/>
+		<entry name="inetOrgPerson_facsimileTelephoneNumber"/>
+	</section>
+	<section name="Unix settings">
+		<entry name="posixAccount_uid"/>
+		<entry name="posixAccount_userPassword"/>
+		<entry name="posixAccount_primaryGroup"/>
+		<entry name="posixAccount_additionalGroups"/>
+		<entry name="posixAccount_homeDirectory"/>
+		<entry name="posixAccount_loginShell"/>
+		<entry name="shadowAccount_shadowExpire"/>
+	</section>
+	<section name="Windows settings">
+		<entry name="sambaSamAccount_displayName"/>
+		<entry name="sambaSamAccount_sambaDomainName"/>
+		<entry name="sambaSamAccount_sambaHomeDrive"/>
+		<entry name="sambaSamAccount_sambaHomePath"/>
+		<entry name="sambaSamAccount_sambaLogonScript"/>
+		<entry name="sambaSamAccount_sambaProfilePath"/>
+		<entry name="sambaSamAccount_sambaUserWorkstations"/>
+	</section>
+	<section name="Quota Settings">
+		<entry name="quota_quotas"/>
+	</section>
+</pdf>

ldap-account-manager/conf/profiles/lam/default.user

@@ -0,0 +1,19 @@
+shadowAccount_shadowWarning: 10
+shadowAccount_shadowInactive: 10
+shadowAccount_shadowMin: 1
+shadowAccount_shadowMax: 365
+sambaAccount_useunixpwd: true
+sambaAccount_acctFlagsN: false
+sambaAccount_acctFlagsX: true
+sambaAccount_acctFlagsD: false
+sambaAccount_homeDrive: U:
+sambaSamAccount_useunixpwd: true
+sambaSamAccount_sambaAcctFlagsN: false
+sambaSamAccount_sambaAcctFlagsX: true
+sambaSamAccount_sambaAcctFlagsD: false
+sambaSamAccount_sambaHomeDrive: U:
+sambaSamAccount_group: 513
+posixAccount_homeDirectory: /home/$user
+posixAccount_loginShell: /bin/bash
+asteriskAccount_AstAccountHost: dynamic
+asteriskAccount_AstAccountContext: default

ldap-account-manager/conf/samba3.sample.conf

@@ -0,0 +1,254 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: ldap://localhost:389
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=Manager,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: lam
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=yourdomain,dc=org
+
+# default language (a line from config/language)
+defaultLanguage: en_GB.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user,group,host,smbDomain
+
+
+types: suffix_user: ou=People,dc=my-domain,dc=com
+types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
+types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
+
+types: suffix_group: ou=group,dc=my-domain,dc=com
+types: attr_group: #cn;#gidNumber;#memberUID;#description
+types: modules_group: posixGroup,sambaGroupMapping
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+
+
+
+# enable TLS encryption
+useTLS: yes
+
+
+# follow referrals
+followReferrals: false
+
+
+# paged results
+pagedResults: false
+
+
+# Access level for this profile.
+accessLevel: 100
+
+
+# Login method.
+loginMethod: list
+
+
+# Search suffix for LAM login.
+loginSearchSuffix: dc=yourdomain,dc=org
+
+
+# Search filter for LAM login.
+loginSearchFilter: uid=%USER%
+
+
+# Bind DN for login search.
+loginSearchDN:
+
+
+# Bind password for login search.
+loginSearchPassword:
+
+
+# HTTP authentication for LAM login.
+httpAuthentication: false
+
+
+# Password mail from
+lamProMailFrom:
+
+
+# Password mail reply-to
+lamProMailReplyTo:
+
+
+# Password mail is HTML
+lamProMailIsHTML: false
+
+
+# Allow alternate address
+lamProMailAllowAlternateAddress: true
+modules: posixGroup_group_gidGenerator: range
+modules: posixGroup_group_sambaIDPoolDN:
+modules: posixGroup_group_gidCheckSuffix:
+modules: posixGroup_group_hidememberUid: false
+modules: sambaSamAccount_timeZone: 0
+modules: sambaSamAccount_lmHash: yes
+modules: sambaSamAccount_hideHomeDrive: false
+modules: sambaSamAccount_hideHomePath: false
+modules: sambaSamAccount_hideProfilePath: false
+modules: sambaSamAccount_hideLogonScript: false
+modules: sambaSamAccount_hideSambaPwdLastSet: false
+modules: sambaSamAccount_hideWorkstations: false
+modules: sambaSamAccount_hideLogonHours: false
+modules: sambaSamAccount_hideTerminalServer: false
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_user_sambaIDPoolDNUsers:
+modules: posixAccount_user_uidCheckSuffixUser:
+modules: posixAccount_host_uidGeneratorHosts: range
+modules: posixAccount_host_sambaIDPoolDNHosts:
+modules: posixAccount_host_uidCheckSuffixHost:
+modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
+modules: posixAccount_user_hidegecos: false
+modules: posixAccount_primaryGroupAsSecondary: false
+modules: posixAccount_user_userNameSuggestion: @givenname@%sn%
+modules: inetOrgPerson_hideDescription: false
+modules: inetOrgPerson_hideStreet: false
+modules: inetOrgPerson_hidePostOfficeBox: false
+modules: inetOrgPerson_hidePostalCode: false
+modules: inetOrgPerson_hideLocation: false
+modules: inetOrgPerson_hideState: false
+modules: inetOrgPerson_hidePostalAddress: false
+modules: inetOrgPerson_hideRegisteredAddress: false
+modules: inetOrgPerson_hideOfficeName: false
+modules: inetOrgPerson_hideRoomNumber: false
+modules: inetOrgPerson_hideTelephoneNumber: false
+modules: inetOrgPerson_hideHomeTelephoneNumber: false
+modules: inetOrgPerson_hideMobileNumber: false
+modules: inetOrgPerson_hideFaxNumber: false
+modules: inetOrgPerson_hidePager: true
+modules: inetOrgPerson_hideEMailAddress: false
+modules: inetOrgPerson_hideJobTitle: false
+modules: inetOrgPerson_hideCarLicense: false
+modules: inetOrgPerson_hideEmployeeType: false
+modules: inetOrgPerson_hideBusinessCategory: false
+modules: inetOrgPerson_hideDepartments: false
+modules: inetOrgPerson_hideManager: false
+modules: inetOrgPerson_hideOu: false
+modules: inetOrgPerson_hideO: false
+modules: inetOrgPerson_hideEmployeeNumber: false
+modules: inetOrgPerson_hideInitials: false
+modules: inetOrgPerson_hideLabeledURI: false
+modules: inetOrgPerson_hideuserCertificate: false
+modules: inetOrgPerson_hidejpegPhoto: false
+modules: inetOrgPerson_readOnly_businessCategory: false
+modules: inetOrgPerson_readOnly_cn: false
+modules: inetOrgPerson_readOnly_employeeType: false
+modules: inetOrgPerson_readOnly_postalAddress: false
+modules: inetOrgPerson_readOnly_uid: false
+modules: inetOrgPerson_readOnly_title: false
+modules: inetOrgPerson_readOnly_description: false
+modules: inetOrgPerson_readOnly_st: false
+modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
+modules: inetOrgPerson_readOnly_mail: false
+modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
+modules: inetOrgPerson_readOnly_jpegPhoto: false
+modules: inetOrgPerson_readOnly_carLicense: false
+modules: inetOrgPerson_readOnly_labeledURI: false
+modules: inetOrgPerson_readOnly_initials: false
+modules: inetOrgPerson_readOnly_registeredAddress: false
+modules: inetOrgPerson_readOnly_mobile: false
+modules: inetOrgPerson_readOnly_sn: false
+modules: inetOrgPerson_readOnly_o: false
+modules: inetOrgPerson_readOnly_ou: false
+modules: inetOrgPerson_readOnly_l: false
+modules: inetOrgPerson_readOnly_pager: false
+modules: inetOrgPerson_readOnly_userPassword: false
+modules: inetOrgPerson_readOnly_employeeNumber: false
+modules: inetOrgPerson_readOnly_postOfficeBox: false
+modules: inetOrgPerson_readOnly_postalCode: false
+modules: inetOrgPerson_readOnly_roomNumber: false
+modules: inetOrgPerson_readOnly_street: false
+modules: inetOrgPerson_readOnly_homePhone: false
+modules: inetOrgPerson_readOnly_telephoneNumber: false
+modules: inetOrgPerson_readOnly_departmentNumber: false
+modules: inetOrgPerson_readOnly_manager: false
+modules: inetOrgPerson_readOnly_givenName: false
+modules: inetOrgPerson_jpegPhoto_maxWidth:
+modules: inetOrgPerson_jpegPhoto_maxHeight:
+modules: inetOrgPerson_jpegPhoto_maxSize:
+types: filter_user:
+types: customLabel_user:
+types: filter_group:
+types: customLabel_group:
+types: hidden_user:
+types: hideNewButton_user:
+types: hideDeleteButton_user:
+types: readOnly_user:
+types: hidden_group:
+types: hideNewButton_group:
+types: hideDeleteButton_group:
+types: readOnly_group:
+types: hidden_host:
+types: hideNewButton_host:
+types: hideDeleteButton_host:
+types: readOnly_host:
+types: suffix_host: ou=machines,dc=my-domain,dc=com
+types: attr_host: #cn;#description;#uidNumber;#gidNumber
+types: filter_host:
+types: customLabel_host:
+types: hidden_smbDomain:
+types: hideNewButton_smbDomain:
+types: hideDeleteButton_smbDomain:
+types: readOnly_smbDomain:
+types: suffix_smbDomain: dc=my-domain,dc=com
+types: attr_smbDomain: #sambaDomainName;#sambaSID
+types: filter_smbDomain:
+types: customLabel_smbDomain:
+types: modules_host: account,posixAccount,sambaSamAccount
+types: modules_smbDomain: sambaDomain
+tools: tool_hide_toolServerInformation: false
+tools: tool_hide_toolFileUpload: false
+tools: tool_hide_toolMultiEdit: false
+tools: tool_hide_toolPDFEditor: false
+tools: tool_hide_toolOUEditor: false
+tools: tool_hide_toolProfileEditor: false
+tools: tool_hide_toolTests: false
+tools: tool_hide_toolSchemaBrowser: false

ldap-account-manager/conf/templates/pdf/default.alias.xml

@@ -0,0 +1,6 @@
+<pdf type="alias" filename="printLogo.jpg" headline="Alias information">
+	<section name="_uidObject_uid">
+		<entry name="aliasEntry_entry" />
+		<entry name="main_dn" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.asteriskExt.xml

@@ -0,0 +1,7 @@
+<pdf type="asteriskExt" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_asteriskExtension_AstExtension">
+		<entry name="asteriskExtension_AstContext" />
+		<entry name="asteriskExtension_owners" />
+		<entry name="asteriskExtension_rules" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.automountType.xml

@@ -0,0 +1,6 @@
+<pdf type="automountType" filename="printLogo.jpg" headline="Automount information">
+	<section name="_automount_cn">
+		<entry name="automount_description" />
+		<entry name="automount_automountInformation" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.bind.xml

@@ -0,0 +1,7 @@
+<pdf type="bind" filename="printLogo.jpg" headline="DNS information" foldingmarks="no">
+	<section name="_bindDLZ_dlzHostName">
+		<entry name="bindDLZ_aRecord" />
+		<entry name="bindDLZ_ptrRecord" />
+		<entry name="bindDLZ_mxRecord" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.customType.xml

@@ -0,0 +1,4 @@
+<pdf type="bind" filename="printLogo.jpg" headline="Custom entry" foldingmarks="no">
+	<section name="_main_dn">
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.dhcp.xml

@@ -0,0 +1,20 @@
+<pdf type="dhcp" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_dhcp_settings_subnet">
+		<entry name="dhcp_settings_domainName" />
+		<entry name="dhcp_settings_leaseTime" />
+		<entry name="dhcp_settings_maxLeaseTime" />
+		<entry name="dhcp_settings_DNSserver" />
+		<entry name="dhcp_settings_gateway" />
+		<entry name="dhcp_settings_netbiosServer" />
+		<entry name="dhcp_settings_netbiosType" />
+		<entry name="dhcp_settings_subnetMask" />
+		<entry name="dhcp_settings_netMask" />
+		<entry name="ddns_DNSserver" />
+		<entry name="ddns_zone" />
+		<entry name="ddns_reverseZone" />
+		<entry name="range_ranges" />
+	</section>
+	<section name="Fixed IPs">
+		<entry name="fixed_ip_IPlist" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.gon.xml

@@ -0,0 +1,8 @@
+<pdf type="gon" headline="Group information">
+	<section name="_groupOfNames_name">
+		<entry name="main_dn" />
+		<entry name="groupOfNames_description" />
+		<entry name="groupOfNames_owner" />
+		<entry name="groupOfNames_members" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.group.xml

@@ -0,0 +1,8 @@
+<pdf type="group" headline="Group information">
+	<section name="_posixGroup_cn">
+		<entry name="main_dn" />
+		<entry name="posixGroup_description" />
+		<entry name="posixGroup_gidNumber" />
+		<entry name="posixGroup_memberUid" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.host.xml

@@ -0,0 +1,9 @@
+<pdf type="host" filename="printLogo.jpg" headline="Host information">
+	<section name="_posixAccount_uid">
+		<entry name="main_dn" />
+		<entry name="posixAccount_description" />
+		<entry name="posixAccount_uidNumber" />
+		<entry name="posixAccount_primaryGroup" />
+		<entry name="sambaSamAccount_sambaDomainName" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.kolabSharedFolderType.xml

@@ -0,0 +1,11 @@
+<pdf type="kolabSharedFolderType" filename="printLogo.jpg" headline="Shared folder information" foldingmarks="no">
+	<section name="_kolabSharedFolder_cn">
+		<entry name="kolabSharedFolder_mailHost" />
+		<entry name="kolabSharedFolder_kolabTargetFolder" />
+		<entry name="kolabSharedFolder_kolabFolderType" />
+		<entry name="kolabSharedFolder_delegate" />
+		<entry name="kolabSharedFolder_aliases" />
+		<entry name="kolabSharedFolder_kolabAllowSMTPSender" />
+		<entry name="kolabSharedFolder_kolabAllowSMTPRecipient" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.kopanoAddressListType.xml

@@ -0,0 +1,8 @@
+<pdf type="kopanoAddressListType" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_kopanoAddressList_cn">
+		<entry name="kopanoAddressList_kopanoBase" />
+		<entry name="kopanoAddressList_kopanoFilter" />
+		<entry name="kopanoAddressList_kopanoAccount" />
+		<entry name="kopanoAddressList_kopanoHidden" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.kopanoDynamicGroupType.xml

@@ -0,0 +1,10 @@
+<pdf type="kopanoDynamicGroupType" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_kopanoDynamicGroup_cn">
+		<entry name="kopanoDynamicGroup_mail" />
+		<entry name="kopanoDynamicGroup_kopanoAliases" />
+		<entry name="kopanoDynamicGroup_kopanoBase" />
+		<entry name="kopanoDynamicGroup_kopanoFilter" />
+		<entry name="kopanoDynamicGroup_kopanoAccount" />
+		<entry name="kopanoDynamicGroup_kopanoHidden" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.mailAlias.xml

@@ -0,0 +1,5 @@
+<pdf type="mailAlias" filename="printLogo.jpg" headline="Mail alias information">
+	<section name="_nisMailAlias_alias">
+		<entry name="nisMailAlias_recipients" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.mitKerberosPolicyType.xml

@@ -0,0 +1,13 @@
+<pdf filename="printLogo.jpg" headline="Kerberos Policy" foldingmarks="no">
+	<section name="_mitKerberosPolicy_cn">
+		<entry name="mitKerberosPolicy_krbMinPwdLife"/>
+		<entry name="mitKerberosPolicy_krbMaxPwdLife"/>
+		<entry name="mitKerberosPolicy_krbPwdMinLength"/>
+		<entry name="mitKerberosPolicy_krbPwdHistoryLength"/>
+		<entry name="mitKerberosPolicy_krbPwdMaxFailure"/>
+		<entry name="mitKerberosPolicy_krbPwdLockoutDuration"/>
+		<entry name="mitKerberosPolicy_krbPwdFailureCountInterval"/>
+		<entry name="mitKerberosPolicy_krbPwdMinDiffChars"/>
+		<entry name="mitKerberosPolicy_krbPwdAllowedKeysalts"/>
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.netgroup.xml

@@ -0,0 +1,7 @@
+<pdf type="netgroup" filename="printLogo.jpg" headline="NIS netgroup information">
+	<section name="_nisnetgroup_cn">
+		<entry name="nisnetgroup_description" />
+		<entry name="nisnetgroup_subgroups" />
+		<entry name="nisnetgroup_members" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.nisObjectType.xml

@@ -0,0 +1,7 @@
+<pdf type="nisObjectType" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_nisObject_cn">
+		<entry name="nisObject_nisMapName" />
+		<entry name="nisObject_nisMapEntry" />
+		<entry name="nisObject_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.nsviewType.xml

@@ -0,0 +1,6 @@
+<pdf type="nsviewType" filename="printLogo.jpg" headline="LDAP Account Manager" foldingmarks="no">
+	<section name="_nsview_ou">
+		<entry name="nsview_nsViewFilter" />
+		<entry name="nsview_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.oracleContextType.xml

@@ -0,0 +1,6 @@
+<pdf type="oracleContextType" filename="printLogo.jpg" headline="Database information">
+	<section name="_oracleService_cn">
+		<entry name="oracleService_orclNetDescString" />
+		<entry name="oracleService_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.powerDNSType.xml

@@ -0,0 +1,7 @@
+<pdf filename="printLogo.jpg" headline="DNS information" foldingmarks="no">
+	<section name="_powerDNS_dc">
+		<entry name="powerDNS_associatedDomain" />
+		<entry name="powerDNS_records" />
+		<entry name="powerDNS_DNSTTL" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.ppolicyType.xml

@@ -0,0 +1,18 @@
+<pdf type="ppolicyType" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_ppolicy_cn">
+		<entry name="ppolicy_pwdMinAge" />
+		<entry name="ppolicy_pwdMaxAge" />
+		<entry name="ppolicy_pwdExpireWarning" />
+		<entry name="ppolicy_pwdGraceAuthnLimit" />
+		<entry name="ppolicy_pwdInHistory" />
+		<entry name="ppolicy_pwdCheckQuality" />
+		<entry name="ppolicy_pwdMinLength" />
+		<entry name="ppolicy_pwdLockout" />
+		<entry name="ppolicy_pwdLockoutDuration" />
+		<entry name="ppolicy_pwdMaxFailure" />
+		<entry name="ppolicy_pwdFailureCountInterval" />
+		<entry name="ppolicy_pwdMustChange" />
+		<entry name="ppolicy_pwdAllowUserChange" />
+		<entry name="ppolicy_pwdSafeModify" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.pykotaBillingCodeType.xml

@@ -0,0 +1,7 @@
+<pdf type="pykotaBillingCodeType" filename="printLogo.jpg" headline="LDAP Account Manager" foldingmarks="no">
+	<section name="_pykotaBillingCode_pykotaBillingCode">
+		<entry name="pykotaBillingCode_pykotaBalance" />
+		<entry name="pykotaBillingCode_pykotaPageCounter" />
+		<entry name="pykotaBillingCode_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.pykotaPrinterType.xml

@@ -0,0 +1,11 @@
+<pdf type="pykotaPrinterType" filename="printLogo.jpg" headline="Printer information" foldingmarks="no">
+	<section name="_pykotaPrinter_cn">
+		<entry name="pykotaPrinter_description" />
+		<entry name="pykotaPrinter_pykotaMaxJobSize" />
+		<entry name="pykotaPrinter_pykotaPricePerJob" />
+		<entry name="pykotaPrinter_pykotaPricePerPage" />
+		<entry name="pykotaPrinter_pykotaPassThrough" />
+		<entry name="pykotaPrinter_uniqueMember" />
+		<entry name="pykotaPrinter_parentUniqueMember" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.smbDomain.xml

@@ -0,0 +1,6 @@
+<pdf type="smbDomain" filename="printLogo.jpg" headline="Samba domain information">
+	<section name="_sambaDomain_domainName">
+		<entry name="sambaDomain_domainSID" />
+		<entry name="sambaDomain_RIDbase" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.sudo.xml

@@ -0,0 +1,11 @@
+<pdf type="sudo" filename="printLogo.jpg" headline="Sudo role">
+	<section name="_sudoRole_cn">
+		<entry name="sudoRole_sudoUser" />
+		<entry name="sudoRole_sudoHost" />
+		<entry name="sudoRole_sudoCommand" />
+		<entry name="sudoRole_sudoRunAsUser" />
+		<entry name="sudoRole_sudoRunAsGroup" />
+		<entry name="sudoRole_sudoOption" />
+		<entry name="sudoRole_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.user.xml

@@ -0,0 +1,35 @@
+<pdf type="user" filename="printLogo.jpg" headline="User information">
+	<section name="Personal user information">
+		<entry name="inetOrgPerson_title" />
+		<entry name="inetOrgPerson_givenName" />
+		<entry name="inetOrgPerson_sn" />
+		<entry name="inetOrgPerson_street" />
+		<entry name="inetOrgPerson_postalCode" />
+		<entry name="inetOrgPerson_postalAddress" />
+		<entry name="inetOrgPerson_mail" />
+		<entry name="inetOrgPerson_telephoneNumber" />
+		<entry name="inetOrgPerson_mobileTelephoneNumber" />
+		<entry name="inetOrgPerson_facsimileTelephoneNumber" />
+	</section>
+	<section name="Unix settings">
+		<entry name="posixAccount_uid" />
+		<entry name="posixAccount_userPassword" />
+		<entry name="posixAccount_primaryGroup" />
+		<entry name="posixAccount_additionalGroups" />
+		<entry name="posixAccount_homeDirectory" />
+		<entry name="posixAccount_loginShell" />
+		<entry name="shadowAccount_shadowExpire" />
+	</section>
+	<section name="Windows settings">
+		<entry name="sambaSamAccount_displayName" />
+		<entry name="sambaSamAccount_sambaDomainName" />
+		<entry name="sambaSamAccount_sambaHomeDrive" />
+		<entry name="sambaSamAccount_sambaHomePath" />
+		<entry name="sambaSamAccount_sambaLogonScript" />
+		<entry name="sambaSamAccount_sambaProfilePath" />
+		<entry name="sambaSamAccount_sambaUserWorkstations" />
+	</section>
+	<section name="Quota Settings">
+		<entry name="quota_quotas" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/profiles/default.alias

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.asteriskExt

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.automountType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.bind

@@ -0,0 +1,3 @@
+profname: default
+ldap_suffix: -
+ldap_rdn: cn

ldap-account-manager/conf/templates/profiles/default.customType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.gon

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.group

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.kolabSharedFolderType

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.kopanoAddressListType

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.kopanoDynamicGroupType

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.mailAlias

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.mitKerberosPolicyType

@@ -0,0 +1,12 @@
+profname: default
+ldap_suffix: -
+ldap_rdn: cn
+mitKerberosPolicykrbMinPwdLife: 
+mitKerberosPolicykrbMaxPwdLife: 
+mitKerberosPolicykrbPwdMinLength: 1
+mitKerberosPolicykrbPwdHistoryLength: 1
+mitKerberosPolicykrbPwdMaxFailure: 0
+mitKerberosPolicykrbPwdLockoutDuration: 
+mitKerberosPolicykrbPwdFailureCountInterval: 
+mitKerberosPolicykrbPwdMinDiffChars: 1
+mitKerberosPolicykrbPwdAllowedKeysalts: 

ldap-account-manager/conf/templates/profiles/default.netgroup

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.nisObjectType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.nsviewType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.oracleContextType

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.powerDNSType

@@ -0,0 +1,2 @@
+ldap_suffix: -
+ldap_rdn: dc

ldap-account-manager/conf/templates/profiles/default.ppolicyType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.pykotaBillingCodeType

@@ -0,0 +1,3 @@
+profname: default
+ldap_suffix: -
+ldap_rdn: cn

ldap-account-manager/conf/templates/profiles/default.pykotaPrinterType

@@ -0,0 +1,3 @@
+profname: default
+ldap_suffix: -
+ldap_rdn: cn

ldap-account-manager/conf/templates/profiles/default.smbDomain

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.sudo

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.user

@@ -0,0 +1,19 @@
+shadowAccount_shadowWarning: 10
+shadowAccount_shadowInactive: 10
+shadowAccount_shadowMin: 1
+shadowAccount_shadowMax: 365
+sambaAccount_useunixpwd: true
+sambaAccount_acctFlagsN: false
+sambaAccount_acctFlagsX: true
+sambaAccount_acctFlagsD: false
+sambaAccount_homeDrive: U:
+sambaSamAccount_useunixpwd: true
+sambaSamAccount_sambaAcctFlagsN: false
+sambaSamAccount_sambaAcctFlagsX: true
+sambaSamAccount_sambaAcctFlagsD: false
+sambaSamAccount_sambaHomeDrive: U:
+sambaSamAccount_group: 513
+posixAccount_homeDirectory: /home/$user
+posixAccount_loginShell: /bin/bash
+asteriskAccount_AstAccountHost: dynamic
+asteriskAccount_AstAccountContext: default

ldap-account-manager/conf/unix.sample.conf

@@ -0,0 +1,71 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: ldap://localhost:389
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=Manager,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: lam
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=yourdomain,dc=org
+
+# default language (a line from config/language)
+defaultLanguage: en_GB.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user,group
+
+
+types: suffix_user: ou=People,dc=my-domain,dc=com
+types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
+types: modules_user: inetOrgPerson,posixAccount,shadowAccount
+
+types: suffix_group: ou=group,dc=my-domain,dc=com
+types: attr_group: #cn;#gidNumber;#memberUID;#description
+types: modules_group: posixGroup
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+

ldap-account-manager/conf/windows_samba4.sample.conf

@@ -0,0 +1,220 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: ldap://pdc.my-domain.com
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=Administrator,cn=users,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: lam
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=my-domain,dc=com
+
+# default language (a line from config/language)
+defaultLanguage: en_GB.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user,group,host
+
+
+types: suffix_user: dc=my-domain,dc=com
+types: attr_user: #cn;#givenName;#sn;#mail
+types: modules_user: windowsUser
+
+types: suffix_group: dc=my-domain,dc=com
+types: attr_group: #cn;#member;#description
+types: modules_group: windowsGroup
+
+types: suffix_host: CN=Computers,dc=my-domain,dc=com
+types: attr_host: #cn;#description;#location
+types: modules_host: windowsHost
+
+types: suffix_smbDomain: dc=my-domain,dc=com
+types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID
+types: modules_smbDomain: sambaDomain
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+
+
+
+# enable TLS encryption
+useTLS: no
+
+
+# Access level for this profile.
+accessLevel: 100
+
+
+# Login method.
+loginMethod: list
+
+
+# Search suffix for LAM login.
+loginSearchSuffix: dc=yourdomain,dc=org
+
+
+# Search filter for LAM login.
+loginSearchFilter: uid=%USER%
+
+
+# Bind DN for login search.
+loginSearchDN:
+
+
+# Bind password for login search.
+loginSearchPassword:
+
+
+# HTTP authentication for LAM login.
+httpAuthentication: false
+
+
+# Password mail from
+lamProMailFrom:
+
+
+# Password mail reply-to
+lamProMailReplyTo:
+
+
+# Password mail is HTML
+lamProMailIsHTML: false
+types: filter_user:
+types: filter_group:
+types: filter_host:
+types: filter_smbDomain:
+types: hidden_group:
+types: hidden_host:
+types: hidden_smbDomain:
+tools: tool_hide_toolServerInformation: false
+tools: tool_hide_toolFileUpload: false
+tools: tool_hide_toolPDFEditor: false
+tools: tool_hide_toolOUEditor: false
+tools: tool_hide_toolProfileEditor: false
+tools: tool_hide_toolTests: false
+tools: tool_hide_toolSchemaBrowser: false
+modules: windowsGroup_hidemail: false
+types: hidden_user:
+modules: customScripts_scripts: user postModify echo $INFO.userPasswordClearText$
+modules: customScripts_containsHTML: false
+modules: customScripts_hideCommand: false
+modules: zarafa_schema: ad
+modules: zarafaUser_hideQuotaOverride: false
+modules: zarafaUser_hideQuotaWarn: false
+modules: zarafaUser_hideQuotaSoft: false
+modules: zarafaUser_hideQuotaHard: false
+modules: zarafaUser_hideSendAsPrivilege: false
+modules: zarafaUser_hideSharedStoreOnly: false
+modules: zarafaUser_hideResourceType: false
+modules: zarafaUser_hideResourceCapacity: false
+modules: zarafaUser_hideAccount: false
+modules: zarafaUser_hideZarafaUserArchiveServers: false
+modules: zarafaUser_hideUserServer: false
+modules: zarafaUser_hideFeatures: false
+modules: zarafaUser_hideAliases: false
+modules: zarafaUser_sendAsAttribute: dn
+modules: zarafaGroup_hideSendAsPrivilege: false
+modules: zarafaServer_hideProxyURL: false
+types: hidden_zarafaAddressListType:
+types: suffix_zarafaAddressListType: OU=zarafa,DC=samba4,DC=test
+types: filter_zarafaAddressListType:
+types: attr_zarafaAddressListType: #cn;#zarafaBase;#zarafaFilter
+types: modules_zarafaAddressListType: zarafaAddressList
+types: hidden_zarafaDynamicGroupType:
+types: suffix_zarafaDynamicGroupType: OU=zarafa,DC=samba4,DC=test
+types: filter_zarafaDynamicGroupType:
+types: attr_zarafaDynamicGroupType: #cn;#mail;#zarafaaliases;#zarafaBase;#zarafaFilter
+types: modules_zarafaDynamicGroupType: zarafaDynamicGroup
+modules: windowsGroup_hideotherMailbox: false
+types: hideNewButton_user:
+types: hideDeleteButton_user:
+types: hideNewButton_group:
+types: hideDeleteButton_group:
+types: hideNewButton_host:
+types: hideDeleteButton_host:
+types: hideNewButton_zarafaDynamicGroupType:
+types: hideDeleteButton_zarafaDynamicGroupType:
+types: hideNewButton_zarafaAddressListType:
+types: hideDeleteButton_zarafaAddressListType:
+modules: windowsGroup_hidemanagedBy: true
+modules: passwordSelfReset_questions: Bla1?+::+Bla2?
+modules: posixGroup_group_gidGenerator: range
+modules: posixGroup_group_sambaIDPoolDN:
+modules: posixGroup_group_gidCheckSuffix:
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_user_sambaIDPoolDNUsers:
+modules: posixAccount_user_uidCheckSuffixUser:
+modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
+modules: posixAccount_user_hidegecos: false
+modules: posixAccount_primaryGroupAsSecondary: false
+modules: posixAccount_user_userNameSuggestion: @givenname@%sn%
+modules: windowsUser_domains: my-domain.com
+modules: windowsUser_hidesAMAccountName: false
+tools: tool_hide_toolMultiEdit: false
+
+
+# follow referrals
+followReferrals: false
+
+
+# paged results
+pagedResults: false
+
+
+# Allow alternate address
+lamProMailAllowAlternateAddress: true
+modules: windowsGroup_hidemsSFU30Name: true
+modules: windowsGroup_hidemsSFU30NisDomain: true
+modules: windowsUser_hidemsSFU30Name: true
+modules: windowsUser_hidemsSFU30NisDomain: true
+types: customLabel_user:
+types: customLabel_group:
+types: customLabel_host:
+types: customLabel_zarafaDynamicGroupType:
+types: customLabel_zarafaAddressListType:
+types: readOnly_user:
+types: readOnly_group:
+types: readOnly_host:
+types: readOnly_zarafaAddressListType:

ldap-account-manager/docker-compose.debug.yml

@@ -1,8 +1,9 @@
 
 
 services:
-    lum:
+    lam:
       environment:
+        # Probably does not work, need to find correct var names
         - LDAP_DEBUG=true
         - LDAP_VERBOSE_CONNECTION_LOGS=true
         - SESSION_DEBUG=true

ldap-account-manager/docker-compose.mysql.yml

@@ -0,0 +1,20 @@
+version: "3.7"
+
+services:
+
+  lam:
+
+    # Doc: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
+    environment:
+      - LAM_CONFIGURATION_DATABASE=mysql
+      # MySQL server if database is mysql
+      - LAM_CONFIGURATION_HOST=${mysql_host}
+      # MySQL port if database is mysql
+      - LAM_CONFIGURATION_PORT=${mysql_port}
+      # MySQL user name if database is mysql
+      - LAM_CONFIGURATION_USER=${mysql_user_login}
+      # MySQL password if database is mysql
+      - LAM_CONFIGURATION_PASSWORD=${mysql_user_passwd}
+      # MySQL database name if database is mysql
+      - LAM_CONFIGURATION_DATABASE_NAME=${mysql_user_db}
+

ldap-account-manager/docker-compose.yml

@@ -10,14 +10,20 @@ services:
     volumes:
       ###- $app_dir_conf:/etc/ldap-account-manager
       - $app_dir_conf:/var/lib/ldap-account-manager/config
-      - $app_dir_conf/sess:/var/lib/ldap-account-manager/sess
+      - $app_dir_data/sess:/var/lib/ldap-account-manager/sess
 
+    # Doc: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
     environment:
-      - LAM_PASSWORD=${ldap_admin_bind_passwd}
+      - LAM_SKIP_PRECONFIGURE=false
-      - LAM_LANG=${app_lang}
-      - LDAP_SERVER=${ldap_uri_server}
       - LDAP_DOMAIN=${ldap_domain}
       - LDAP_BASE_DN=${ldap_base_dn}
-      - ADMIN_USER=${ldap_admin_bind_dn}
+
-      - DEBUG=true
+      - LAM_LANG=${app_lang}
+
+      - LDAP_SERVER=${ldap_uri_server}
+      - LAM_PASSWORD=${app_admin_passwd} # This is a app password, not ldap
+      #- LAM_PASSWORD=${ldap_admin_bind_passwd} # Not this is not related to LDAP passowrd, just an internal password
+      # This is only used for editing app profiles and settings
+
+      - ADMIN_USER=${ldap_admin_bind_dn}