Update: Pasify and traefik plugins

.paasify/plugins/_paasify.jsonnet

@@ -72,7 +72,10 @@ local metadata = {
 
 # Provides global vars
 local global_vars_default(runtime) =
+  # Role: Define constants
+  # Usage: CONSTANTS for docker-compose and jsonnet
   # Only the usage of paasify.X vars is allowed
+  # Static variables only
   assert std.isString(runtime.paasify_stack);
 
   local app_ident = runtime.paasify_ns + runtime.paasify_sep + runtime.paasify_stack;
@@ -108,6 +111,7 @@ local global_vars_default(runtime) =
     app_puid: '1000',
     app_pgid: '1000',
 
+    app_lang: 'en_US',
     app_tz: 'UTC',
     app_tz_var: 'TZ',
     app_tz_mount: false,
@@ -115,12 +119,15 @@ local global_vars_default(runtime) =
 
     app_debug: 'false',
 
-    app_dir_conf: './conf',
+    app_dir_root: './',
-    app_dir_data: './data',
+    app_dir_db_data: './db_data', # Backup data
-    app_dir_logs: './logs',
+    app_dir_db_conf: './db_conf', # Commitables files into git
-    app_dir_share: './share',
+    app_dir_conf: './conf', # Commitables files into git
-    app_dir_tmp: './tmp',
+    app_dir_data: './data', # Backup data
-    app_dir_secrets: './secrets',
+    app_dir_logs: './logs', # Backup ?
+    app_dir_share: './share', # No backup
+    app_dir_tmp: './tmp', # Just a tmp pool dir
+    app_dir_secrets: './secrets', # Autogenerated secrets
 
     # TOFIX: Merging data, SHOULD BEIN OVERRIDE !!!
     app_admin_login: 'admin',
@@ -131,14 +138,16 @@ local global_vars_default(runtime) =
     app_user_email: 'user@' + self.app_domain,
     app_user_passwd: 'user',
 
-    # Other implementations standard:
+    # Generic networks
-    # mysql_network_name
+    net_vpn: runtime.paasify_ns + runtime.paasify_sep + 'vpn',
-    # pgsql_network_name
+    net_proxy: runtime.paasify_ns + runtime.paasify_sep + 'proxy',
-    # ldap_network_name
+    net_ldap: runtime.paasify_ns + runtime.paasify_sep + 'ldap',
-    # wireguard_network_name
+    net_sql: runtime.paasify_ns + runtime.paasify_sep + 'sql', 
-    # traefik_network_name
+    net_nosql: runtime.paasify_ns + runtime.paasify_sep + 'nosql', 
-    # Like:
+    net_queue: runtime.paasify_ns + runtime.paasify_sep + 'queue', 
-    #   traefik_network_name: ns + sep + 'traefik',
+    net_ostorage: runtime.paasify_ns + runtime.paasify_sep + 'ostorage', # Object storage
+    net_fstorage: runtime.paasify_ns + runtime.paasify_sep + 'fstorage', # File storage
+    net_bstorage: runtime.paasify_ns + runtime.paasify_sep + 'bstorage', # Block storage
     
     #FUTURE app_dir_prefix: std.get(user_data, 'app_dir_prefix', './')
     # app_dir_logs: ResolvePath(std.get(user_data, 'app_dir_logs', './logs/'), cwd),
@@ -152,9 +161,13 @@ local global_vars_default(runtime) =
 
 # Provides global var overrides
 local global_vars_override(conf) =
+  # Role: ensure all variables are provided before processing
+  # Usage: VARS for docker-compose and jsonnet
+  #
   # Any plugin user configuration can be used here
   # No usage of paasify.X is permitted here at anytime !
   # Forbidden to change existing vars, only new vars with _PREFIX
+  # All variables must start with _
 
   BuildConfImage(
     conf.app_image,
@@ -170,11 +183,13 @@ local global_vars_override(conf) =
 
 
 # Provides docker data override
+# -------------------------------------
 local docker_transform(conf_raw, docker_data) =
+  # Role: Create a dynamic compose file
+  # Usage: docker_struct for jsonnet (no docker-compose!!!)
   assert std.isString(conf_raw.paasify_stack_service);
   local conf = global_vars_default(conf_raw) + conf_raw + global_vars_override(conf_raw);
 
-  #local service_name = std.prune( conf.tag_name , conf.paasify_service);
   local service_name = conf.paasify_stack_service;
   local services_names = std.split(conf.paasify_stack_services, ',') ;
 
@@ -188,10 +203,10 @@ local docker_transform(conf_raw, docker_data) =
       } for svc_name in services_names
     },
 
-      #[service_name]+: { 
+    #[service_name]+: { 
-      #  comment: 'only on main container',
+    #  comment: 'only on main container',
-      #},
+    #},
-      #
+    #
 
     #['x-paasify']+: {
     #  config_dump: conf,
@@ -212,30 +227,10 @@ local main() =
   if action == 'metadata' then
     metadata
 
-  # TOFIX IN CODE: else if action == 'docker_vars' then
-  # else if action == 'vars_docker_v1' then
-  #   local user_data = getConf('user_data');
-
-  #   local default_data = global_vars_override(global_vars_default(user_data));
-  #   local common =  { [x]: std.get(user_data, std.lstripChars(x, '_'), default_data[x] ) for x in std.objectFields(default_data) };
-  #   #local common =  { [std.lstripChars(x, '_')]: std.get(user_data, std.lstripChars(x, '_'), default_data[x] ) for x in std.objectFields(default_data) };
-  #   {
-  #     input: user_data,
-
-  #     base: global_vars_override(default_data),
-  #     diff: global_vars_override(default_data + common ),
-  #     merged: global_vars_override(default_data + user_data ),
-  #   }
-
-
   else if action == 'vars_docker' then
     local user_data = getConf('user_data');
-    # ??? local runtime = { [key]: user_data[key] for key in std.objectFields(user_data) if std.startsWith(key, 'paasify_') };
-
     local default_data = global_vars_default(user_data);
-
     local common =  { [x]: std.get(user_data, std.lstripChars(x, '_'), default_data[x] ) for x in std.objectFields(default_data) };
-    #local common =  { [std.lstripChars(x, '_')]: std.get(user_data, std.lstripChars(x, '_'), default_data[x] ) for x in std.objectFields(default_data) };
     {
       input: user_data,
       

.paasify/plugins/traefik-svc.jsonnet

@@ -45,7 +45,7 @@ local global_vars_default(user_data) =
     traefik_net_ident: 'default',
     traefik_net_external: true,
     traefik_svc_ident: stack ,
-    traefik_svc_port: 80,
+    traefik_svc_port: user_data.app_port ,
 
     traefik_svc_name: null,
     traefik_svc_domain: null,
@@ -57,6 +57,10 @@ local global_vars_default(user_data) =
   };
 
 local global_vars_override(conf) =
+  # Any plugin user configuration can be used here
+  # No usage of paasify.X is permitted here at anytime !
+  # Forbidden to change existing vars, only new vars with _PREFIX
+  # All variables must start with _
   
   local default_ident = conf.paasify_ns + conf.paasify_sep + conf.paasify_stack;
 
@@ -79,8 +83,6 @@ local global_vars_override(conf) =
   {
     _traefik_svc_name: std.prune(default_svc_name)[0],
     _traefik_svc_domain: std.prune(default_svc_domain)[0],
-    #_traefik_svc_domain: std.prune(default_svc_domain), #[0],
-    #_traefik_svc_domain2: conf,
 
     _traefik_svc_entrypoints: std.prune(default_svc_entrypoints)[0],
     _traefik_svc_auth: std.get(conf, 'traefik_svc_auth', default=null),
@@ -91,31 +93,6 @@ local global_vars_override(conf) =
   ;
 
 
-
-
-######### OLD ,  new => global_vars_override
-#local conf_override(user_data) =
-#
-#  local ns = std.get(user_data, 'paasify_ns');
-#  local stack = std.get(user_data, 'paasify_stack');
-#  local sep = std.get(user_data, 'paasify_sep');
-#
-#  # Runtime vars
-#  local default_name = std.get(user_data, 'app_name', stack);
-#  local default_top_domain = std.get(user_data, 'app_domain', ns);
-#  local traefik_ident = if stack != default_name then default_name else 'app';
-#  #local svc_name = ns + sep + default_name + sep + traefik_ident;
-#  local svc_name = traefik_ident + ns  + default_name ;
-#
-#  # Build config
-#  user_data
-#  + {
-#      _traefik_svc_domain: std.get(user_data, 'traefik_svc_domain', default_name + '.' + default_top_domain),
-#      _traefik_svc_name: std.get(user_data, 'traefik_svc_name', svc_name),
-#    }
-#  ;
-
-
 # Internal functions
 # -------------------------------------
 
@@ -172,19 +149,17 @@ local TraefikPrjNetwork(id, name, external) =
   else {};
 
 
-# Return result
+# Provides docker data override
 # -------------------------------------
 local docker_transform(conf_raw, docker_data) = 
   assert std.isString(conf_raw.paasify_stack_service);
   local conf = conf_raw + global_vars_override(conf_raw);
 
-  #local paasify_stack_service = std.get(conf, 'traefik_svc_ident', conf.paasify_stack_service );
   local service = std.get(conf, 'traefik_svc_ident', conf.paasify_stack_service );
   local services = std.split(std.get(conf, 'paasify_stack_services', service), ',');
 
   { 
     # Append stack network
-    #networks+: TraefikPrjNetwork(svc_network_id, svc_network),
     networks+: TraefikPrjNetwork(
       conf.traefik_net_ident,
       conf.traefik_network_name,
@@ -214,15 +189,6 @@ local docker_transform(conf_raw, docker_data) =
           conf.traefik_network_name),
       },
     },
-    
-    #["x-paasify"]: {
-    #   #stack_data: stack_data,
-    #   #user_data: user_data,
-    #   #config: config,
-    #   config2: conf,
-    #   #env_data: env_data,
-    #},
-    
   };
 
 
@@ -242,21 +208,14 @@ local main() =
   # TOFIX IN CODE: else if action == 'docker_vars' then
   else if action == 'vars_docker' then
     local user_data = getConf('user_data');
-    #local runtime = { [key]: user_data[key] for key in std.objectFields(user_data) if std.startsWith(key, 'paasify_') };
-
-    #local default_data = global_vars_override(runtime, global_vars_default(user_data));
     local default_data = global_vars_default(user_data);
-
     local common =  { [x]: std.get(user_data, std.lstripChars(x, '_'), default_data[x] ) for x in std.objectFields(default_data) };
+
     {
       input: user_data,
-      default_data: default_data,
       
       diff: default_data + common + global_vars_override(default_data + user_data ),
       merged: user_data + global_vars_override(default_data + user_data ),
-
-      # PROD
-      #diff_OLD: global_vars_override(runtime, default_data + common ),
     }
 
   else if action == 'docker_transform' then
@@ -274,34 +233,3 @@ local main() =
 # Run main script !
 main()
 
-
-
-#
-#
-#if action == 'conf_schema' then
-#  {}
-#else if action == 'vars_docker' then # Fetch default variables
-#
-#  local default_data = global_vars_default(user_data);
-#  local common =  { [x]: std.get(user_data, x, default_data[x] ) for x in std.objectFields(default_data) };
-#  {
-#    #input: user_data,
-#
-#    # Mendatory fields
-#    diff: conf_override( common ),
-#    merged: conf_override( default_data + user_data ),
-#  }
-#
-#else if action == 'docker_transform' then
-#  {
-#    conf_in: user_data,
-#    conf_out: conf_override(user_data),
-#    diff: docker_transform(conf_override(user_data), docker_data),
-#    merged: docker_data + self.diff,
-#  }
-#
-#   # + {
-#   #   'zz_diff': docker_transform(conf_override(user_data), {})
-#   # }
-#
-#

authelia/docker-compose.expose.yml

@@ -1,4 +1,4 @@
 services:
   authelia:
     expose:
-      - ${APP_EXPOSE_IP}:${APP_EXPOSE_PORT:-9091}:9091
+      - ${app_expose_ip}:${app_expose_port:-9091}:9091

authelia/docker-compose.yml

@@ -23,9 +23,9 @@ services:
       #- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
       #- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com'  # yamllint disable-line rule:line-length
       #
-      - 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.trustForwardHeader=true'
-      - 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${APP_DOMAIN}'
+      - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${app_fqdn}'
-      - 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
+      - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
     healthcheck:
       disable: true
     environment:
@@ -38,10 +38,10 @@ services:
 
 
       # MISC
-      #- AUTHELIA_DEFAULT_REDICTION_URL=${APP_DOMAIN}
+      #- AUTHELIA_DEFAULT_REDICTION_URL=${app_fqdn}
-      - AUTHELIA_DEFAULT_REDIRECTION_URL=https://${APP_DOMAIN}
+      - AUTHELIA_DEFAULT_REDIRECTION_URL=https://${app_fqdn}
-      - AUTHELIA_SESSION_DOMAIN=${APP_TOP_DOMAIN}
+      - AUTHELIA_SESSION_DOMAIN=${app_domain}
-      #- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${APP_TOP_DOMAIN}
+      #- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${app_domain}
 
       # LDAP configuration
       # DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP=true

consul/docker-compose.expose.yml

@@ -0,0 +1,13 @@
+x-consul-bootstrap: &consul_server_ports
+  ports:
+    - "$app_expose_ip:8400:8400"
+    - "$app_expose_ip:8500:8500"
+    - "$app_expose_ip:8600:8600"
+    - "$app_expose_ip:8600:8600/udp"
+
+
+services:
+
+  consul:
+    <<: *consul_server_ports
+

consul/docker-compose.yml

@@ -0,0 +1,62 @@
+---
+version: '3'
+
+# Default consul image
+x-consul: &consul
+  #image: consul:latest
+  image: consul:1.10
+  restart: unless-stopped
+  networks:
+    - default
+  environment:
+    CONSUL_BIND_INTERFACE: eth0
+
+# Roles configuration
+x-consul-agent: &consul_agent
+  <<: *consul
+  command: "agent -retry-join consul -client 0.0.0.0"
+
+x-consul-server: &consul_server
+  <<: *consul
+  command: "agent -server -retry-join consul -client 0.0.0.0"
+
+x-consul-bootstrap: &consul_server_bootstrap
+  <<: *consul_server
+  command: "agent -server -bootstrap-expect 3 -ui -client 0.0.0.0"
+    #ports:
+    #  - "8400:8400"
+    #  - "8500:8500"
+    #  - "8600:8600"
+    #  - "8600:8600/udp"
+
+networks:
+  default:
+
+services:
+
+  consul:
+    <<: *consul_server_bootstrap
+    hostname: consul
+    volumes:
+      - $app_data_dir/server1:/consul/data
+
+  consul-server-1:
+    <<: *consul_server
+    hostname: consul-server-1
+
+  consul-server-2:
+    <<: *consul_server
+    hostname: consul-server-2
+
+  consul-agent:
+    <<: *consul_agent
+    hostname: consul-agent-0
+
+#  consul-agent-1:
+#    <<: *consul_agent
+#    hostname: consul-agent-1
+#
+#  consul-agent-2:
+#    <<: *consul_agent
+#    hostname: consul-agent-2
+

drone/docker-compose.debug.yml

@@ -0,0 +1,11 @@
+services:
+  drone:
+    environment:
+      - DRONE_DEBUG=true
+      - DRONE_TRACE=false
+
+  drone-runner:
+    environment:
+      - DRONE_DEBUG=true
+      - DRONE_TRACE=false
+

drone/docker-compose.yml

@@ -0,0 +1,53 @@
+version: '3.6'
+
+networks:
+  default:
+  build:
+
+services:
+  drone:
+    image: drone/drone:${app_image_version:-2.12}
+    environment:
+
+      - DRONE_SERVER_PROTO=https
+      - DRONE_SERVER_HOST=$app_fqdn
+      - DRONE_RPC_SECRET=$app_secret_token
+      - DRONE_TLS_AUTOCERT=false
+
+      - DRONE_GIT_ALWAYS_AUTH=${DRONE_GIT_ALWAYS_AUTH:-false} # Set to true to access private repos
+      - DRONE_USER_CREATE=$DRONE_USER_CREATE
+      # DEPRECATED- DRONE_ADMIN=$DRONE_ADMIN # Depreacted since 0.9 => DRONE_USER_CREATE
+
+      - DRONE_DATABASE_DRIVER=sqlite3
+      - DRONE_DATABASE_DATASOURCE=/data/database.sqlite
+
+      # Howto: https://docs.drone.io/server/provider/gitea/
+      # See API: https://try.gitea.io/api/swagger#/user/userCreateOAuth2Application
+      - DRONE_GITEA_SERVER=$DRONE_GITEA_SERVER
+      - DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID
+      - DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET
+
+    networks:
+      - default
+      - build
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - $app_dir_data:/data
+
+  drone-runner:
+    image: drone/drone-runner-docker:${app_image_version:-1.8}
+    depends_on:
+      - drone
+    environment:
+      - DRONE_RPC_PROTO=http
+      - DRONE_RPC_HOST=drone
+      - DRONE_RUNNER_NAME=drone-runner
+
+      - DRONE_RPC_SECRET=$app_secret_token
+      - DRONE_RUNNER_CAPACITY=2
+
+    networks:
+      - build
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+

gaia/docker-compose.expose.yml

@@ -0,0 +1,5 @@
+services:
+  gaia:
+    ports: 
+      - "$app_expose_ip:$app_expose_port:8080"
+

gaia/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "3.9"
+services:
+  gaia:
+    image: "gaiaapp/gaia"
+    environment:
+      - "GAIA_RUNNER_API_PASSWORD=$app_secret_token"
+      - "GAIA_MONGODB_URI=mongodb://mongo/gaia"
+  runner:
+    image: "gaiaapp/runner"
+    environment:
+      - "GAIA_URL=http://gaia:8080"
+      - "GAIA_RUNNER_API_PASSWORD=$app_secret_token"
+
+  mongo:
+    image: "mongo:4.4"
+

gitea/docker-compose.expose.yml

@@ -0,0 +1,8 @@
+
+services:
+  gitea:
+    ports:
+      - "$app_expose_ip:222:22"
+      - "$app_expose_ip:80:80"
+
+

gitea/docker-compose.mysql.yml

@@ -0,0 +1,29 @@
+
+networks:
+  db:
+
+services:
+  gitea:
+    environment:
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=${mysql_host:-mysql}
+      - GITEA__database__NAME=${mysql_user_db:-gitea}
+      - GITEA__database__USER=${mysql_user_login:-gitea}
+      - GITEA__database__PASSWD=${mysql_user_passwd:-gitea}
+    networks:
+      db:
+
+  mysql:
+    image: mariadb:10
+    restart: unless-stopped
+    volumes:
+      - $app_dir_db_data:/var/lib/mysql
+    environment:
+      MYSQL_ROOT_PASSWORD: "${mysql_root_passwd:-gitea}"
+      MYSQL_DATABASE: "${mysql_user_db:-gitea}"
+      MYSQL_USER: "${mysql_user_login:-gitea}"
+      MYSQL_PASSWORD: "${mysql_user_passwd:-gitea}"
+
+    networks:
+      db:
+

gitea/docker-compose.yml

@@ -0,0 +1,31 @@
+version: '3.6'
+
+networks:
+  default:
+
+services:
+  gitea:
+    image: gitea/gitea:${GITEA_VERSION:-1.16}
+    restart: unless-stopped
+    environment:
+      # https://docs.gitea.io/en-us/install-with-docker/#environments-variables
+      - APP_NAME="Gitea"
+      - USER_UID=1000
+      - USER_GID=1000
+
+      - GITEA__server__DOMAIN=$app_fqdn
+      - GITEA__server__SSH_DOMAIN=$app_fqdn
+      - GITEA__server__ROOT_URL=https://$app_fqdn
+
+    networks:
+      default:
+    volumes:
+      - $app_dir_data:/data:rw
+      #- $app_dir_data/repos:/data/git:rw
+      #- $app_dir_data/var:/data/gitea:rw
+      #- $app_dir_data/ssh:/data/ssh:rw
+
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+

ldap-account-manager/README.md

@@ -0,0 +1,18 @@
+
+You need to copy existing data first ...
+
+```
+docker run -d --name lam_tmp --rm ldapaccountmanager/lam:latest 
+docker cp lam_tmp:/var/lib/ldap-account-manager/config/ .
+docker stop lam_tmp
+
+mkdir -p data/sess
+mv config conf
+sudo chown -R 33:33 data/ conf/
+sudo chmod go+rx conf/
+sudo chmod go+r conf/*
+sudo rm conf/config.cfg
+sudo cp conf/config.cfg.sample conf/config.cfg
+
+sudo sed -i 's/^password:.*/password: admin/' conf/config.cfg
+```

ldap-account-manager/conf/.htaccess

@@ -0,0 +1,3 @@
+<Files *>
+  Require all denied
+</Files>

ldap-account-manager/conf/addressbook.sample.conf

@@ -0,0 +1,209 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: ldap://localhost:389
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=Manager,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: lam
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=yourdomain,dc=org
+
+# default language (a line from config/language)
+defaultLanguage: en_GB.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user
+
+
+types: suffix_user: ou=People,dc=my-domain,dc=com
+types: attr_user: #uid;#givenName;#sn;#mail
+types: modules_user: inetOrgPerson
+
+types: suffix_group: ou=group,dc=my-domain,dc=com
+types: attr_group: #cn;#gidNumber;#memberUID;#description
+types: modules_group: posixGroup
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+
+
+
+# enable TLS encryption
+useTLS: yes
+
+
+# follow referrals
+followReferrals: false
+
+
+# paged results
+pagedResults: false
+
+
+# Access level for this profile.
+accessLevel: 100
+
+
+# Login method.
+loginMethod: list
+
+
+# Search suffix for LAM login.
+loginSearchSuffix: dc=yourdomain,dc=org
+
+
+# Search filter for LAM login.
+loginSearchFilter: uid=%USER%
+
+
+# Bind DN for login search.
+loginSearchDN:
+
+
+# Bind password for login search.
+loginSearchPassword:
+
+
+# HTTP authentication for LAM login.
+httpAuthentication: false
+
+
+# Password mail from
+lamProMailFrom:
+
+
+# Password mail reply-to
+lamProMailReplyTo:
+
+
+# Password mail is HTML
+lamProMailIsHTML: false
+
+
+# Allow alternate address
+lamProMailAllowAlternateAddress: true
+modules: inetOrgPerson_hideDescription: false
+modules: inetOrgPerson_hideStreet: false
+modules: inetOrgPerson_hidePostOfficeBox: false
+modules: inetOrgPerson_hidePostalCode: false
+modules: inetOrgPerson_hideLocation: false
+modules: inetOrgPerson_hideState: false
+modules: inetOrgPerson_hidePostalAddress: false
+modules: inetOrgPerson_hideRegisteredAddress: false
+modules: inetOrgPerson_hideOfficeName: false
+modules: inetOrgPerson_hideRoomNumber: false
+modules: inetOrgPerson_hideTelephoneNumber: false
+modules: inetOrgPerson_hideHomeTelephoneNumber: false
+modules: inetOrgPerson_hideMobileNumber: false
+modules: inetOrgPerson_hideFaxNumber: false
+modules: inetOrgPerson_hidePager: true
+modules: inetOrgPerson_hideEMailAddress: false
+modules: inetOrgPerson_hideJobTitle: false
+modules: inetOrgPerson_hideCarLicense: false
+modules: inetOrgPerson_hideEmployeeType: false
+modules: inetOrgPerson_hideBusinessCategory: false
+modules: inetOrgPerson_hideDepartments: false
+modules: inetOrgPerson_hideManager: false
+modules: inetOrgPerson_hideOu: false
+modules: inetOrgPerson_hideO: false
+modules: inetOrgPerson_hideEmployeeNumber: false
+modules: inetOrgPerson_hideInitials: false
+modules: inetOrgPerson_hideLabeledURI: false
+modules: inetOrgPerson_hideuserCertificate: false
+modules: inetOrgPerson_hidejpegPhoto: false
+modules: inetOrgPerson_hideUID: false
+modules: inetOrgPerson_readOnly_businessCategory: false
+modules: inetOrgPerson_readOnly_cn: false
+modules: inetOrgPerson_readOnly_employeeType: false
+modules: inetOrgPerson_readOnly_postalAddress: false
+modules: inetOrgPerson_readOnly_uid: false
+modules: inetOrgPerson_readOnly_title: false
+modules: inetOrgPerson_readOnly_description: false
+modules: inetOrgPerson_readOnly_st: false
+modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
+modules: inetOrgPerson_readOnly_mail: false
+modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
+modules: inetOrgPerson_readOnly_jpegPhoto: false
+modules: inetOrgPerson_readOnly_carLicense: false
+modules: inetOrgPerson_readOnly_labeledURI: false
+modules: inetOrgPerson_readOnly_initials: false
+modules: inetOrgPerson_readOnly_registeredAddress: false
+modules: inetOrgPerson_readOnly_mobile: false
+modules: inetOrgPerson_readOnly_sn: false
+modules: inetOrgPerson_readOnly_o: false
+modules: inetOrgPerson_readOnly_ou: false
+modules: inetOrgPerson_readOnly_l: false
+modules: inetOrgPerson_readOnly_pager: false
+modules: inetOrgPerson_readOnly_userPassword: false
+modules: inetOrgPerson_readOnly_employeeNumber: false
+modules: inetOrgPerson_readOnly_postOfficeBox: false
+modules: inetOrgPerson_readOnly_postalCode: false
+modules: inetOrgPerson_readOnly_roomNumber: false
+modules: inetOrgPerson_readOnly_street: false
+modules: inetOrgPerson_readOnly_homePhone: false
+modules: inetOrgPerson_readOnly_telephoneNumber: false
+modules: inetOrgPerson_readOnly_departmentNumber: false
+modules: inetOrgPerson_readOnly_manager: false
+modules: inetOrgPerson_readOnly_givenName: false
+modules: inetOrgPerson_jpegPhoto_maxWidth:
+modules: inetOrgPerson_jpegPhoto_maxHeight:
+modules: inetOrgPerson_jpegPhoto_maxSize:
+types: filter_user:
+types: customLabel_user:
+types: filter_group:
+types: customLabel_group:
+types: hidden_user:
+types: hideNewButton_user:
+types: hideDeleteButton_user:
+types: readOnly_user:
+tools: tool_hide_toolServerInformation: false
+tools: tool_hide_toolFileUpload: false
+tools: tool_hide_toolMultiEdit: false
+tools: tool_hide_toolPDFEditor: false
+tools: tool_hide_toolOUEditor: false
+tools: tool_hide_toolProfileEditor: false
+tools: tool_hide_toolTests: false
+tools: tool_hide_toolSchemaBrowser: false

ldap-account-manager/conf/config.cfg

@@ -0,0 +1,21 @@
+
+# password to add/delete/rename configuration profiles (default: lam)
+password: admin
+
+# default profile, without ".conf"
+default: lam
+
+# log level
+logLevel: 4
+
+# log destination
+logDestination: SYSLOG
+
+configDatabaseType: files
+configDatabaseServer:
+configDatabasePort:
+configDatabaseName:
+configDatabaseUser:
+configDatabasePassword:
+
+license:

ldap-account-manager/conf/config.cfg.sample

@@ -0,0 +1,21 @@
+
+# password to add/delete/rename configuration profiles (default: lam)
+password: {SSHA}D6AaX93kPmck9wAxNlq3GF93S7A= R7gkjQ==
+
+# default profile, without ".conf"
+default: lam
+
+# log level
+logLevel: 4
+
+# log destination
+logDestination: SYSLOG
+
+configDatabaseType: files
+configDatabaseServer:
+configDatabasePort:
+configDatabaseName:
+configDatabaseUser:
+configDatabasePassword:
+
+license:

ldap-account-manager/conf/lam.conf

@@ -0,0 +1,71 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: openldap
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=admin,dc=dev,dc=box
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: {SSHA}lYFB4utZ47V/Fu0dvcCgnWdRD1s= ridkeg==
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=dev,dc=box
+
+# default language (a line from config/language)
+defaultLanguage: en_US.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user,group
+
+
+types: suffix_user: dc=dev,dc=box
+types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
+types: modules_user: inetOrgPerson,posixAccount,shadowAccount
+
+types: suffix_group: dc=dev,dc=box
+types: attr_group: #cn;#gidNumber;#memberUID;#description
+types: modules_group: posixGroup
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+

ldap-account-manager/conf/language

@@ -0,0 +1,63 @@
+# LDAP Account Manager language configuration file
+#
+# Do not modify!
+
+# Each line consists of a ":"-separated entry. The first part is the locale name,
+# the second is the character encoding and the third the language name.
+
+# Catalan
+# ca_ES.utf8:UTF-8:Català (Catalunya)
+
+# Czech
+# cs_CZ.utf8:UTF-8:Čeština (Česko)
+
+# German
+de_DE.utf8:UTF-8:Deutsch (Deutschland)
+
+# GB English
+en_GB.utf8:UTF-8:English (Great Britain)
+
+# US English
+en_US.utf8:UTF-8:English (USA)
+
+# Spanish
+es_ES.utf8:UTF-8:Español (España)
+
+# French
+fr_FR.utf8:UTF-8:Français (France)
+
+# Italian
+it_IT.utf8:UTF-8:Italiano (Italia)
+
+# Hungarian
+# hu_HU.utf8:UTF-8:Magyar (Magyarország)
+
+# Dutch
+nl_NL.utf8:UTF-8:Nederlands (Nederland)
+
+# Polish
+pl_PL.utf8:UTF-8:Polski (Polska)
+
+# Portuguese
+pt_BR.utf8:UTF-8:Português (Brasil)
+
+# Russian
+# ru_RU.utf8:UTF-8:Русский (Россия)
+
+# Slovakian
+sk_SK.utf8:UTF-8:Slovenčina (Slovensko)
+
+# Turkish
+# tr_TR.utf8:UTF-8:Türkçe (Türkiye)
+
+# Ukrainian
+uk_UA.utf8:UTF-8:Українська (Україна)
+
+# Japanese
+ja_JP.utf8:UTF-8:日本語 (日本)
+
+# Chinese (Traditional)
+zh_TW.utf8:UTF-8:繁體中文 (台灣)
+
+# Chinese (Simplified)
+zh_CN.utf8:UTF-8:简体中文 (中国)

ldap-account-manager/conf/pdf/lam/default.group.xml

@@ -0,0 +1,8 @@
+<pdf filename="" headline="Group information" foldingmarks="">
+	<section name="_posixGroup_cn">
+		<entry name="main_dn"/>
+		<entry name="posixGroup_description"/>
+		<entry name="posixGroup_gidNumber"/>
+		<entry name="posixGroup_memberUid"/>
+	</section>
+</pdf>

ldap-account-manager/conf/pdf/lam/default.user.xml

@@ -0,0 +1,35 @@
+<pdf filename="printLogo.jpg" headline="User information" foldingmarks="">
+	<section name="Personal user information">
+		<entry name="inetOrgPerson_title"/>
+		<entry name="inetOrgPerson_givenName"/>
+		<entry name="inetOrgPerson_sn"/>
+		<entry name="inetOrgPerson_street"/>
+		<entry name="inetOrgPerson_postalCode"/>
+		<entry name="inetOrgPerson_postalAddress"/>
+		<entry name="inetOrgPerson_mail"/>
+		<entry name="inetOrgPerson_telephoneNumber"/>
+		<entry name="inetOrgPerson_mobileTelephoneNumber"/>
+		<entry name="inetOrgPerson_facsimileTelephoneNumber"/>
+	</section>
+	<section name="Unix settings">
+		<entry name="posixAccount_uid"/>
+		<entry name="posixAccount_userPassword"/>
+		<entry name="posixAccount_primaryGroup"/>
+		<entry name="posixAccount_additionalGroups"/>
+		<entry name="posixAccount_homeDirectory"/>
+		<entry name="posixAccount_loginShell"/>
+		<entry name="shadowAccount_shadowExpire"/>
+	</section>
+	<section name="Windows settings">
+		<entry name="sambaSamAccount_displayName"/>
+		<entry name="sambaSamAccount_sambaDomainName"/>
+		<entry name="sambaSamAccount_sambaHomeDrive"/>
+		<entry name="sambaSamAccount_sambaHomePath"/>
+		<entry name="sambaSamAccount_sambaLogonScript"/>
+		<entry name="sambaSamAccount_sambaProfilePath"/>
+		<entry name="sambaSamAccount_sambaUserWorkstations"/>
+	</section>
+	<section name="Quota Settings">
+		<entry name="quota_quotas"/>
+	</section>
+</pdf>

ldap-account-manager/conf/profiles/lam/default.user

@@ -0,0 +1,19 @@
+shadowAccount_shadowWarning: 10
+shadowAccount_shadowInactive: 10
+shadowAccount_shadowMin: 1
+shadowAccount_shadowMax: 365
+sambaAccount_useunixpwd: true
+sambaAccount_acctFlagsN: false
+sambaAccount_acctFlagsX: true
+sambaAccount_acctFlagsD: false
+sambaAccount_homeDrive: U:
+sambaSamAccount_useunixpwd: true
+sambaSamAccount_sambaAcctFlagsN: false
+sambaSamAccount_sambaAcctFlagsX: true
+sambaSamAccount_sambaAcctFlagsD: false
+sambaSamAccount_sambaHomeDrive: U:
+sambaSamAccount_group: 513
+posixAccount_homeDirectory: /home/$user
+posixAccount_loginShell: /bin/bash
+asteriskAccount_AstAccountHost: dynamic
+asteriskAccount_AstAccountContext: default

ldap-account-manager/conf/samba3.sample.conf

@@ -0,0 +1,254 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: ldap://localhost:389
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=Manager,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: lam
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=yourdomain,dc=org
+
+# default language (a line from config/language)
+defaultLanguage: en_GB.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user,group,host,smbDomain
+
+
+types: suffix_user: ou=People,dc=my-domain,dc=com
+types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
+types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
+
+types: suffix_group: ou=group,dc=my-domain,dc=com
+types: attr_group: #cn;#gidNumber;#memberUID;#description
+types: modules_group: posixGroup,sambaGroupMapping
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+
+
+
+# enable TLS encryption
+useTLS: yes
+
+
+# follow referrals
+followReferrals: false
+
+
+# paged results
+pagedResults: false
+
+
+# Access level for this profile.
+accessLevel: 100
+
+
+# Login method.
+loginMethod: list
+
+
+# Search suffix for LAM login.
+loginSearchSuffix: dc=yourdomain,dc=org
+
+
+# Search filter for LAM login.
+loginSearchFilter: uid=%USER%
+
+
+# Bind DN for login search.
+loginSearchDN:
+
+
+# Bind password for login search.
+loginSearchPassword:
+
+
+# HTTP authentication for LAM login.
+httpAuthentication: false
+
+
+# Password mail from
+lamProMailFrom:
+
+
+# Password mail reply-to
+lamProMailReplyTo:
+
+
+# Password mail is HTML
+lamProMailIsHTML: false
+
+
+# Allow alternate address
+lamProMailAllowAlternateAddress: true
+modules: posixGroup_group_gidGenerator: range
+modules: posixGroup_group_sambaIDPoolDN:
+modules: posixGroup_group_gidCheckSuffix:
+modules: posixGroup_group_hidememberUid: false
+modules: sambaSamAccount_timeZone: 0
+modules: sambaSamAccount_lmHash: yes
+modules: sambaSamAccount_hideHomeDrive: false
+modules: sambaSamAccount_hideHomePath: false
+modules: sambaSamAccount_hideProfilePath: false
+modules: sambaSamAccount_hideLogonScript: false
+modules: sambaSamAccount_hideSambaPwdLastSet: false
+modules: sambaSamAccount_hideWorkstations: false
+modules: sambaSamAccount_hideLogonHours: false
+modules: sambaSamAccount_hideTerminalServer: false
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_user_sambaIDPoolDNUsers:
+modules: posixAccount_user_uidCheckSuffixUser:
+modules: posixAccount_host_uidGeneratorHosts: range
+modules: posixAccount_host_sambaIDPoolDNHosts:
+modules: posixAccount_host_uidCheckSuffixHost:
+modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
+modules: posixAccount_user_hidegecos: false
+modules: posixAccount_primaryGroupAsSecondary: false
+modules: posixAccount_user_userNameSuggestion: @givenname@%sn%
+modules: inetOrgPerson_hideDescription: false
+modules: inetOrgPerson_hideStreet: false
+modules: inetOrgPerson_hidePostOfficeBox: false
+modules: inetOrgPerson_hidePostalCode: false
+modules: inetOrgPerson_hideLocation: false
+modules: inetOrgPerson_hideState: false
+modules: inetOrgPerson_hidePostalAddress: false
+modules: inetOrgPerson_hideRegisteredAddress: false
+modules: inetOrgPerson_hideOfficeName: false
+modules: inetOrgPerson_hideRoomNumber: false
+modules: inetOrgPerson_hideTelephoneNumber: false
+modules: inetOrgPerson_hideHomeTelephoneNumber: false
+modules: inetOrgPerson_hideMobileNumber: false
+modules: inetOrgPerson_hideFaxNumber: false
+modules: inetOrgPerson_hidePager: true
+modules: inetOrgPerson_hideEMailAddress: false
+modules: inetOrgPerson_hideJobTitle: false
+modules: inetOrgPerson_hideCarLicense: false
+modules: inetOrgPerson_hideEmployeeType: false
+modules: inetOrgPerson_hideBusinessCategory: false
+modules: inetOrgPerson_hideDepartments: false
+modules: inetOrgPerson_hideManager: false
+modules: inetOrgPerson_hideOu: false
+modules: inetOrgPerson_hideO: false
+modules: inetOrgPerson_hideEmployeeNumber: false
+modules: inetOrgPerson_hideInitials: false
+modules: inetOrgPerson_hideLabeledURI: false
+modules: inetOrgPerson_hideuserCertificate: false
+modules: inetOrgPerson_hidejpegPhoto: false
+modules: inetOrgPerson_readOnly_businessCategory: false
+modules: inetOrgPerson_readOnly_cn: false
+modules: inetOrgPerson_readOnly_employeeType: false
+modules: inetOrgPerson_readOnly_postalAddress: false
+modules: inetOrgPerson_readOnly_uid: false
+modules: inetOrgPerson_readOnly_title: false
+modules: inetOrgPerson_readOnly_description: false
+modules: inetOrgPerson_readOnly_st: false
+modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
+modules: inetOrgPerson_readOnly_mail: false
+modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
+modules: inetOrgPerson_readOnly_jpegPhoto: false
+modules: inetOrgPerson_readOnly_carLicense: false
+modules: inetOrgPerson_readOnly_labeledURI: false
+modules: inetOrgPerson_readOnly_initials: false
+modules: inetOrgPerson_readOnly_registeredAddress: false
+modules: inetOrgPerson_readOnly_mobile: false
+modules: inetOrgPerson_readOnly_sn: false
+modules: inetOrgPerson_readOnly_o: false
+modules: inetOrgPerson_readOnly_ou: false
+modules: inetOrgPerson_readOnly_l: false
+modules: inetOrgPerson_readOnly_pager: false
+modules: inetOrgPerson_readOnly_userPassword: false
+modules: inetOrgPerson_readOnly_employeeNumber: false
+modules: inetOrgPerson_readOnly_postOfficeBox: false
+modules: inetOrgPerson_readOnly_postalCode: false
+modules: inetOrgPerson_readOnly_roomNumber: false
+modules: inetOrgPerson_readOnly_street: false
+modules: inetOrgPerson_readOnly_homePhone: false
+modules: inetOrgPerson_readOnly_telephoneNumber: false
+modules: inetOrgPerson_readOnly_departmentNumber: false
+modules: inetOrgPerson_readOnly_manager: false
+modules: inetOrgPerson_readOnly_givenName: false
+modules: inetOrgPerson_jpegPhoto_maxWidth:
+modules: inetOrgPerson_jpegPhoto_maxHeight:
+modules: inetOrgPerson_jpegPhoto_maxSize:
+types: filter_user:
+types: customLabel_user:
+types: filter_group:
+types: customLabel_group:
+types: hidden_user:
+types: hideNewButton_user:
+types: hideDeleteButton_user:
+types: readOnly_user:
+types: hidden_group:
+types: hideNewButton_group:
+types: hideDeleteButton_group:
+types: readOnly_group:
+types: hidden_host:
+types: hideNewButton_host:
+types: hideDeleteButton_host:
+types: readOnly_host:
+types: suffix_host: ou=machines,dc=my-domain,dc=com
+types: attr_host: #cn;#description;#uidNumber;#gidNumber
+types: filter_host:
+types: customLabel_host:
+types: hidden_smbDomain:
+types: hideNewButton_smbDomain:
+types: hideDeleteButton_smbDomain:
+types: readOnly_smbDomain:
+types: suffix_smbDomain: dc=my-domain,dc=com
+types: attr_smbDomain: #sambaDomainName;#sambaSID
+types: filter_smbDomain:
+types: customLabel_smbDomain:
+types: modules_host: account,posixAccount,sambaSamAccount
+types: modules_smbDomain: sambaDomain
+tools: tool_hide_toolServerInformation: false
+tools: tool_hide_toolFileUpload: false
+tools: tool_hide_toolMultiEdit: false
+tools: tool_hide_toolPDFEditor: false
+tools: tool_hide_toolOUEditor: false
+tools: tool_hide_toolProfileEditor: false
+tools: tool_hide_toolTests: false
+tools: tool_hide_toolSchemaBrowser: false

ldap-account-manager/conf/templates/pdf/default.alias.xml

@@ -0,0 +1,6 @@
+<pdf type="alias" filename="printLogo.jpg" headline="Alias information">
+	<section name="_uidObject_uid">
+		<entry name="aliasEntry_entry" />
+		<entry name="main_dn" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.asteriskExt.xml

@@ -0,0 +1,7 @@
+<pdf type="asteriskExt" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_asteriskExtension_AstExtension">
+		<entry name="asteriskExtension_AstContext" />
+		<entry name="asteriskExtension_owners" />
+		<entry name="asteriskExtension_rules" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.automountType.xml

@@ -0,0 +1,6 @@
+<pdf type="automountType" filename="printLogo.jpg" headline="Automount information">
+	<section name="_automount_cn">
+		<entry name="automount_description" />
+		<entry name="automount_automountInformation" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.bind.xml

@@ -0,0 +1,7 @@
+<pdf type="bind" filename="printLogo.jpg" headline="DNS information" foldingmarks="no">
+	<section name="_bindDLZ_dlzHostName">
+		<entry name="bindDLZ_aRecord" />
+		<entry name="bindDLZ_ptrRecord" />
+		<entry name="bindDLZ_mxRecord" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.customType.xml

@@ -0,0 +1,4 @@
+<pdf type="bind" filename="printLogo.jpg" headline="Custom entry" foldingmarks="no">
+	<section name="_main_dn">
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.dhcp.xml

@@ -0,0 +1,20 @@
+<pdf type="dhcp" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_dhcp_settings_subnet">
+		<entry name="dhcp_settings_domainName" />
+		<entry name="dhcp_settings_leaseTime" />
+		<entry name="dhcp_settings_maxLeaseTime" />
+		<entry name="dhcp_settings_DNSserver" />
+		<entry name="dhcp_settings_gateway" />
+		<entry name="dhcp_settings_netbiosServer" />
+		<entry name="dhcp_settings_netbiosType" />
+		<entry name="dhcp_settings_subnetMask" />
+		<entry name="dhcp_settings_netMask" />
+		<entry name="ddns_DNSserver" />
+		<entry name="ddns_zone" />
+		<entry name="ddns_reverseZone" />
+		<entry name="range_ranges" />
+	</section>
+	<section name="Fixed IPs">
+		<entry name="fixed_ip_IPlist" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.gon.xml

@@ -0,0 +1,8 @@
+<pdf type="gon" headline="Group information">
+	<section name="_groupOfNames_name">
+		<entry name="main_dn" />
+		<entry name="groupOfNames_description" />
+		<entry name="groupOfNames_owner" />
+		<entry name="groupOfNames_members" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.group.xml

@@ -0,0 +1,8 @@
+<pdf type="group" headline="Group information">
+	<section name="_posixGroup_cn">
+		<entry name="main_dn" />
+		<entry name="posixGroup_description" />
+		<entry name="posixGroup_gidNumber" />
+		<entry name="posixGroup_memberUid" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.host.xml

@@ -0,0 +1,9 @@
+<pdf type="host" filename="printLogo.jpg" headline="Host information">
+	<section name="_posixAccount_uid">
+		<entry name="main_dn" />
+		<entry name="posixAccount_description" />
+		<entry name="posixAccount_uidNumber" />
+		<entry name="posixAccount_primaryGroup" />
+		<entry name="sambaSamAccount_sambaDomainName" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.kolabSharedFolderType.xml

@@ -0,0 +1,11 @@
+<pdf type="kolabSharedFolderType" filename="printLogo.jpg" headline="Shared folder information" foldingmarks="no">
+	<section name="_kolabSharedFolder_cn">
+		<entry name="kolabSharedFolder_mailHost" />
+		<entry name="kolabSharedFolder_kolabTargetFolder" />
+		<entry name="kolabSharedFolder_kolabFolderType" />
+		<entry name="kolabSharedFolder_delegate" />
+		<entry name="kolabSharedFolder_aliases" />
+		<entry name="kolabSharedFolder_kolabAllowSMTPSender" />
+		<entry name="kolabSharedFolder_kolabAllowSMTPRecipient" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.kopanoAddressListType.xml

@@ -0,0 +1,8 @@
+<pdf type="kopanoAddressListType" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_kopanoAddressList_cn">
+		<entry name="kopanoAddressList_kopanoBase" />
+		<entry name="kopanoAddressList_kopanoFilter" />
+		<entry name="kopanoAddressList_kopanoAccount" />
+		<entry name="kopanoAddressList_kopanoHidden" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.kopanoDynamicGroupType.xml

@@ -0,0 +1,10 @@
+<pdf type="kopanoDynamicGroupType" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_kopanoDynamicGroup_cn">
+		<entry name="kopanoDynamicGroup_mail" />
+		<entry name="kopanoDynamicGroup_kopanoAliases" />
+		<entry name="kopanoDynamicGroup_kopanoBase" />
+		<entry name="kopanoDynamicGroup_kopanoFilter" />
+		<entry name="kopanoDynamicGroup_kopanoAccount" />
+		<entry name="kopanoDynamicGroup_kopanoHidden" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.mailAlias.xml

@@ -0,0 +1,5 @@
+<pdf type="mailAlias" filename="printLogo.jpg" headline="Mail alias information">
+	<section name="_nisMailAlias_alias">
+		<entry name="nisMailAlias_recipients" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.mitKerberosPolicyType.xml

@@ -0,0 +1,13 @@
+<pdf filename="printLogo.jpg" headline="Kerberos Policy" foldingmarks="no">
+	<section name="_mitKerberosPolicy_cn">
+		<entry name="mitKerberosPolicy_krbMinPwdLife"/>
+		<entry name="mitKerberosPolicy_krbMaxPwdLife"/>
+		<entry name="mitKerberosPolicy_krbPwdMinLength"/>
+		<entry name="mitKerberosPolicy_krbPwdHistoryLength"/>
+		<entry name="mitKerberosPolicy_krbPwdMaxFailure"/>
+		<entry name="mitKerberosPolicy_krbPwdLockoutDuration"/>
+		<entry name="mitKerberosPolicy_krbPwdFailureCountInterval"/>
+		<entry name="mitKerberosPolicy_krbPwdMinDiffChars"/>
+		<entry name="mitKerberosPolicy_krbPwdAllowedKeysalts"/>
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.netgroup.xml

@@ -0,0 +1,7 @@
+<pdf type="netgroup" filename="printLogo.jpg" headline="NIS netgroup information">
+	<section name="_nisnetgroup_cn">
+		<entry name="nisnetgroup_description" />
+		<entry name="nisnetgroup_subgroups" />
+		<entry name="nisnetgroup_members" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.nisObjectType.xml

@@ -0,0 +1,7 @@
+<pdf type="nisObjectType" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_nisObject_cn">
+		<entry name="nisObject_nisMapName" />
+		<entry name="nisObject_nisMapEntry" />
+		<entry name="nisObject_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.nsviewType.xml

@@ -0,0 +1,6 @@
+<pdf type="nsviewType" filename="printLogo.jpg" headline="LDAP Account Manager" foldingmarks="no">
+	<section name="_nsview_ou">
+		<entry name="nsview_nsViewFilter" />
+		<entry name="nsview_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.oracleContextType.xml

@@ -0,0 +1,6 @@
+<pdf type="oracleContextType" filename="printLogo.jpg" headline="Database information">
+	<section name="_oracleService_cn">
+		<entry name="oracleService_orclNetDescString" />
+		<entry name="oracleService_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.powerDNSType.xml

@@ -0,0 +1,7 @@
+<pdf filename="printLogo.jpg" headline="DNS information" foldingmarks="no">
+	<section name="_powerDNS_dc">
+		<entry name="powerDNS_associatedDomain" />
+		<entry name="powerDNS_records" />
+		<entry name="powerDNS_DNSTTL" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.ppolicyType.xml

@@ -0,0 +1,18 @@
+<pdf type="ppolicyType" filename="printLogo.jpg" headline="LDAP Account Manager">
+	<section name="_ppolicy_cn">
+		<entry name="ppolicy_pwdMinAge" />
+		<entry name="ppolicy_pwdMaxAge" />
+		<entry name="ppolicy_pwdExpireWarning" />
+		<entry name="ppolicy_pwdGraceAuthnLimit" />
+		<entry name="ppolicy_pwdInHistory" />
+		<entry name="ppolicy_pwdCheckQuality" />
+		<entry name="ppolicy_pwdMinLength" />
+		<entry name="ppolicy_pwdLockout" />
+		<entry name="ppolicy_pwdLockoutDuration" />
+		<entry name="ppolicy_pwdMaxFailure" />
+		<entry name="ppolicy_pwdFailureCountInterval" />
+		<entry name="ppolicy_pwdMustChange" />
+		<entry name="ppolicy_pwdAllowUserChange" />
+		<entry name="ppolicy_pwdSafeModify" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.pykotaBillingCodeType.xml

@@ -0,0 +1,7 @@
+<pdf type="pykotaBillingCodeType" filename="printLogo.jpg" headline="LDAP Account Manager" foldingmarks="no">
+	<section name="_pykotaBillingCode_pykotaBillingCode">
+		<entry name="pykotaBillingCode_pykotaBalance" />
+		<entry name="pykotaBillingCode_pykotaPageCounter" />
+		<entry name="pykotaBillingCode_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.pykotaPrinterType.xml

@@ -0,0 +1,11 @@
+<pdf type="pykotaPrinterType" filename="printLogo.jpg" headline="Printer information" foldingmarks="no">
+	<section name="_pykotaPrinter_cn">
+		<entry name="pykotaPrinter_description" />
+		<entry name="pykotaPrinter_pykotaMaxJobSize" />
+		<entry name="pykotaPrinter_pykotaPricePerJob" />
+		<entry name="pykotaPrinter_pykotaPricePerPage" />
+		<entry name="pykotaPrinter_pykotaPassThrough" />
+		<entry name="pykotaPrinter_uniqueMember" />
+		<entry name="pykotaPrinter_parentUniqueMember" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.smbDomain.xml

@@ -0,0 +1,6 @@
+<pdf type="smbDomain" filename="printLogo.jpg" headline="Samba domain information">
+	<section name="_sambaDomain_domainName">
+		<entry name="sambaDomain_domainSID" />
+		<entry name="sambaDomain_RIDbase" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.sudo.xml

@@ -0,0 +1,11 @@
+<pdf type="sudo" filename="printLogo.jpg" headline="Sudo role">
+	<section name="_sudoRole_cn">
+		<entry name="sudoRole_sudoUser" />
+		<entry name="sudoRole_sudoHost" />
+		<entry name="sudoRole_sudoCommand" />
+		<entry name="sudoRole_sudoRunAsUser" />
+		<entry name="sudoRole_sudoRunAsGroup" />
+		<entry name="sudoRole_sudoOption" />
+		<entry name="sudoRole_description" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/pdf/default.user.xml

@@ -0,0 +1,35 @@
+<pdf type="user" filename="printLogo.jpg" headline="User information">
+	<section name="Personal user information">
+		<entry name="inetOrgPerson_title" />
+		<entry name="inetOrgPerson_givenName" />
+		<entry name="inetOrgPerson_sn" />
+		<entry name="inetOrgPerson_street" />
+		<entry name="inetOrgPerson_postalCode" />
+		<entry name="inetOrgPerson_postalAddress" />
+		<entry name="inetOrgPerson_mail" />
+		<entry name="inetOrgPerson_telephoneNumber" />
+		<entry name="inetOrgPerson_mobileTelephoneNumber" />
+		<entry name="inetOrgPerson_facsimileTelephoneNumber" />
+	</section>
+	<section name="Unix settings">
+		<entry name="posixAccount_uid" />
+		<entry name="posixAccount_userPassword" />
+		<entry name="posixAccount_primaryGroup" />
+		<entry name="posixAccount_additionalGroups" />
+		<entry name="posixAccount_homeDirectory" />
+		<entry name="posixAccount_loginShell" />
+		<entry name="shadowAccount_shadowExpire" />
+	</section>
+	<section name="Windows settings">
+		<entry name="sambaSamAccount_displayName" />
+		<entry name="sambaSamAccount_sambaDomainName" />
+		<entry name="sambaSamAccount_sambaHomeDrive" />
+		<entry name="sambaSamAccount_sambaHomePath" />
+		<entry name="sambaSamAccount_sambaLogonScript" />
+		<entry name="sambaSamAccount_sambaProfilePath" />
+		<entry name="sambaSamAccount_sambaUserWorkstations" />
+	</section>
+	<section name="Quota Settings">
+		<entry name="quota_quotas" />
+	</section>
+</pdf>

ldap-account-manager/conf/templates/profiles/default.alias

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.asteriskExt

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.automountType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.bind

@@ -0,0 +1,3 @@
+profname: default
+ldap_suffix: -
+ldap_rdn: cn

ldap-account-manager/conf/templates/profiles/default.customType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.gon

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.group

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.kolabSharedFolderType

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.kopanoAddressListType

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.kopanoDynamicGroupType

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.mailAlias

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.mitKerberosPolicyType

@@ -0,0 +1,12 @@
+profname: default
+ldap_suffix: -
+ldap_rdn: cn
+mitKerberosPolicykrbMinPwdLife: 
+mitKerberosPolicykrbMaxPwdLife: 
+mitKerberosPolicykrbPwdMinLength: 1
+mitKerberosPolicykrbPwdHistoryLength: 1
+mitKerberosPolicykrbPwdMaxFailure: 0
+mitKerberosPolicykrbPwdLockoutDuration: 
+mitKerberosPolicykrbPwdFailureCountInterval: 
+mitKerberosPolicykrbPwdMinDiffChars: 1
+mitKerberosPolicykrbPwdAllowedKeysalts: 

ldap-account-manager/conf/templates/profiles/default.netgroup

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.nisObjectType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.nsviewType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.oracleContextType

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.powerDNSType

@@ -0,0 +1,2 @@
+ldap_suffix: -
+ldap_rdn: dc

ldap-account-manager/conf/templates/profiles/default.ppolicyType

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.pykotaBillingCodeType

@@ -0,0 +1,3 @@
+profname: default
+ldap_suffix: -
+ldap_rdn: cn

ldap-account-manager/conf/templates/profiles/default.pykotaPrinterType

@@ -0,0 +1,3 @@
+profname: default
+ldap_suffix: -
+ldap_rdn: cn

ldap-account-manager/conf/templates/profiles/default.smbDomain

@@ -0,0 +1 @@
+ 

ldap-account-manager/conf/templates/profiles/default.sudo

@@ -0,0 +1 @@
+

ldap-account-manager/conf/templates/profiles/default.user

@@ -0,0 +1,19 @@
+shadowAccount_shadowWarning: 10
+shadowAccount_shadowInactive: 10
+shadowAccount_shadowMin: 1
+shadowAccount_shadowMax: 365
+sambaAccount_useunixpwd: true
+sambaAccount_acctFlagsN: false
+sambaAccount_acctFlagsX: true
+sambaAccount_acctFlagsD: false
+sambaAccount_homeDrive: U:
+sambaSamAccount_useunixpwd: true
+sambaSamAccount_sambaAcctFlagsN: false
+sambaSamAccount_sambaAcctFlagsX: true
+sambaSamAccount_sambaAcctFlagsD: false
+sambaSamAccount_sambaHomeDrive: U:
+sambaSamAccount_group: 513
+posixAccount_homeDirectory: /home/$user
+posixAccount_loginShell: /bin/bash
+asteriskAccount_AstAccountHost: dynamic
+asteriskAccount_AstAccountContext: default

ldap-account-manager/conf/unix.sample.conf

@@ -0,0 +1,71 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: ldap://localhost:389
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=Manager,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: lam
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=yourdomain,dc=org
+
+# default language (a line from config/language)
+defaultLanguage: en_GB.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user,group
+
+
+types: suffix_user: ou=People,dc=my-domain,dc=com
+types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
+types: modules_user: inetOrgPerson,posixAccount,shadowAccount
+
+types: suffix_group: ou=group,dc=my-domain,dc=com
+types: attr_group: #cn;#gidNumber;#memberUID;#description
+types: modules_group: posixGroup
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+

ldap-account-manager/conf/windows_samba4.sample.conf

@@ -0,0 +1,220 @@
+# LDAP Account Manager configuration
+#
+# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
+#
+###################################################################################################
+
+# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
+ServerURL: ldap://pdc.my-domain.com
+
+# list of users who are allowed to use LDAP Account Manager
+# names have to be separated by semicolons
+# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
+Admins: cn=Administrator,cn=users,dc=my-domain,dc=com
+
+# password to change these preferences via webfrontend (default: lam)
+Passwd: lam
+
+# suffix of tree view
+# e.g. dc=yourdomain,dc=org
+tools: treeViewSuffix: dc=my-domain,dc=com
+
+# default language (a line from config/language)
+defaultLanguage: en_GB.utf8
+
+# Path to external Script
+scriptPath:
+
+# Server of external Script
+scriptServer:
+
+# Access rights for home directories
+scriptRights: 750
+
+# Number of minutes LAM caches LDAP searches.
+cachetimeout: 5
+
+# LDAP search limit.
+searchLimit: 0
+
+# Module settings
+
+modules: posixAccount_user_minUID: 10000
+modules: posixAccount_user_maxUID: 30000
+modules: posixAccount_host_minMachine: 50000
+modules: posixAccount_host_maxMachine: 60000
+modules: posixGroup_group_minGID: 10000
+modules: posixGroup_group_maxGID: 20000
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_host_uidGeneratorUsers: range
+modules: posixAccount_group_gidGeneratorUsers: range
+modules: posixGroup_pwdHash: SSHA
+modules: posixAccount_pwdHash: SSHA
+
+# List of active account types.
+activeTypes: user,group,host
+
+
+types: suffix_user: dc=my-domain,dc=com
+types: attr_user: #cn;#givenName;#sn;#mail
+types: modules_user: windowsUser
+
+types: suffix_group: dc=my-domain,dc=com
+types: attr_group: #cn;#member;#description
+types: modules_group: windowsGroup
+
+types: suffix_host: CN=Computers,dc=my-domain,dc=com
+types: attr_host: #cn;#description;#location
+types: modules_host: windowsHost
+
+types: suffix_smbDomain: dc=my-domain,dc=com
+types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID
+types: modules_smbDomain: sambaDomain
+
+# Password mail subject
+lamProMailSubject: Your password was reset
+
+# Password mail text
+lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
+
+
+
+# enable TLS encryption
+useTLS: no
+
+
+# Access level for this profile.
+accessLevel: 100
+
+
+# Login method.
+loginMethod: list
+
+
+# Search suffix for LAM login.
+loginSearchSuffix: dc=yourdomain,dc=org
+
+
+# Search filter for LAM login.
+loginSearchFilter: uid=%USER%
+
+
+# Bind DN for login search.
+loginSearchDN:
+
+
+# Bind password for login search.
+loginSearchPassword:
+
+
+# HTTP authentication for LAM login.
+httpAuthentication: false
+
+
+# Password mail from
+lamProMailFrom:
+
+
+# Password mail reply-to
+lamProMailReplyTo:
+
+
+# Password mail is HTML
+lamProMailIsHTML: false
+types: filter_user:
+types: filter_group:
+types: filter_host:
+types: filter_smbDomain:
+types: hidden_group:
+types: hidden_host:
+types: hidden_smbDomain:
+tools: tool_hide_toolServerInformation: false
+tools: tool_hide_toolFileUpload: false
+tools: tool_hide_toolPDFEditor: false
+tools: tool_hide_toolOUEditor: false
+tools: tool_hide_toolProfileEditor: false
+tools: tool_hide_toolTests: false
+tools: tool_hide_toolSchemaBrowser: false
+modules: windowsGroup_hidemail: false
+types: hidden_user:
+modules: customScripts_scripts: user postModify echo $INFO.userPasswordClearText$
+modules: customScripts_containsHTML: false
+modules: customScripts_hideCommand: false
+modules: zarafa_schema: ad
+modules: zarafaUser_hideQuotaOverride: false
+modules: zarafaUser_hideQuotaWarn: false
+modules: zarafaUser_hideQuotaSoft: false
+modules: zarafaUser_hideQuotaHard: false
+modules: zarafaUser_hideSendAsPrivilege: false
+modules: zarafaUser_hideSharedStoreOnly: false
+modules: zarafaUser_hideResourceType: false
+modules: zarafaUser_hideResourceCapacity: false
+modules: zarafaUser_hideAccount: false
+modules: zarafaUser_hideZarafaUserArchiveServers: false
+modules: zarafaUser_hideUserServer: false
+modules: zarafaUser_hideFeatures: false
+modules: zarafaUser_hideAliases: false
+modules: zarafaUser_sendAsAttribute: dn
+modules: zarafaGroup_hideSendAsPrivilege: false
+modules: zarafaServer_hideProxyURL: false
+types: hidden_zarafaAddressListType:
+types: suffix_zarafaAddressListType: OU=zarafa,DC=samba4,DC=test
+types: filter_zarafaAddressListType:
+types: attr_zarafaAddressListType: #cn;#zarafaBase;#zarafaFilter
+types: modules_zarafaAddressListType: zarafaAddressList
+types: hidden_zarafaDynamicGroupType:
+types: suffix_zarafaDynamicGroupType: OU=zarafa,DC=samba4,DC=test
+types: filter_zarafaDynamicGroupType:
+types: attr_zarafaDynamicGroupType: #cn;#mail;#zarafaaliases;#zarafaBase;#zarafaFilter
+types: modules_zarafaDynamicGroupType: zarafaDynamicGroup
+modules: windowsGroup_hideotherMailbox: false
+types: hideNewButton_user:
+types: hideDeleteButton_user:
+types: hideNewButton_group:
+types: hideDeleteButton_group:
+types: hideNewButton_host:
+types: hideDeleteButton_host:
+types: hideNewButton_zarafaDynamicGroupType:
+types: hideDeleteButton_zarafaDynamicGroupType:
+types: hideNewButton_zarafaAddressListType:
+types: hideDeleteButton_zarafaAddressListType:
+modules: windowsGroup_hidemanagedBy: true
+modules: passwordSelfReset_questions: Bla1?+::+Bla2?
+modules: posixGroup_group_gidGenerator: range
+modules: posixGroup_group_sambaIDPoolDN:
+modules: posixGroup_group_gidCheckSuffix:
+modules: posixAccount_user_uidGeneratorUsers: range
+modules: posixAccount_user_sambaIDPoolDNUsers:
+modules: posixAccount_user_uidCheckSuffixUser:
+modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
+modules: posixAccount_user_hidegecos: false
+modules: posixAccount_primaryGroupAsSecondary: false
+modules: posixAccount_user_userNameSuggestion: @givenname@%sn%
+modules: windowsUser_domains: my-domain.com
+modules: windowsUser_hidesAMAccountName: false
+tools: tool_hide_toolMultiEdit: false
+
+
+# follow referrals
+followReferrals: false
+
+
+# paged results
+pagedResults: false
+
+
+# Allow alternate address
+lamProMailAllowAlternateAddress: true
+modules: windowsGroup_hidemsSFU30Name: true
+modules: windowsGroup_hidemsSFU30NisDomain: true
+modules: windowsUser_hidemsSFU30Name: true
+modules: windowsUser_hidemsSFU30NisDomain: true
+types: customLabel_user:
+types: customLabel_group:
+types: customLabel_host:
+types: customLabel_zarafaDynamicGroupType:
+types: customLabel_zarafaAddressListType:
+types: readOnly_user:
+types: readOnly_group:
+types: readOnly_host:
+types: readOnly_zarafaAddressListType:

ldap-account-manager/docker-compose.debug.yml

@@ -1,8 +1,9 @@
 
 
 services:
-    lum:
+    lam:
       environment:
+        # Probably does not work, need to find correct var names
         - LDAP_DEBUG=true
         - LDAP_VERBOSE_CONNECTION_LOGS=true
         - SESSION_DEBUG=true

ldap-account-manager/docker-compose.mysql.yml

@@ -0,0 +1,20 @@
+version: "3.7"
+
+services:
+
+  lam:
+
+    # Doc: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
+    environment:
+      - LAM_CONFIGURATION_DATABASE=mysql
+      # MySQL server if database is mysql
+      - LAM_CONFIGURATION_HOST=${mysql_host}
+      # MySQL port if database is mysql
+      - LAM_CONFIGURATION_PORT=${mysql_port}
+      # MySQL user name if database is mysql
+      - LAM_CONFIGURATION_USER=${mysql_user_login}
+      # MySQL password if database is mysql
+      - LAM_CONFIGURATION_PASSWORD=${mysql_user_passwd}
+      # MySQL database name if database is mysql
+      - LAM_CONFIGURATION_DATABASE_NAME=${mysql_user_db}
+

ldap-account-manager/docker-compose.yml

@@ -8,16 +8,22 @@ services:
       - "9999:80"
 
     volumes:
-      ###- ./lametc/:/etc/ldap-account-manager
+      ###- $app_dir_conf:/etc/ldap-account-manager
-      - ./lamconfig/:/var/lib/ldap-account-manager/config
+      - $app_dir_conf:/var/lib/ldap-account-manager/config
-      - ./lamsession/:/var/lib/ldap-account-manager/sess
+      - $app_dir_data/sess:/var/lib/ldap-account-manager/sess
 
+    # Doc: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
     environment:
-      - LAM_PASSWORD=${LAM_PASSWORD}
+      - LAM_SKIP_PRECONFIGURE=false
-      - LAM_LANG=en_US
+      - LDAP_DOMAIN=${ldap_domain}
-      - LDAP_SERVER=${LDAP_SERVER}
+      - LDAP_BASE_DN=${ldap_base_dn}
-      - LDAP_DOMAIN=${LDAP_DOMAIN}
+
-      - LDAP_BASE_DN=${LDAP_BASE_DN}
+      - LAM_LANG=${app_lang}
-      - ADMIN_USER=cn=admin,${LDAP_BASE_DN}
+
-      - DEBUG=true
+      - LDAP_SERVER=${ldap_uri_server}
+      - LAM_PASSWORD=${app_admin_passwd} # This is a app password, not ldap
+      #- LAM_PASSWORD=${ldap_admin_bind_passwd} # Not this is not related to LDAP passowrd, just an internal password
+      # This is only used for editing app profiles and settings
+
+      - ADMIN_USER=${ldap_admin_bind_dn}
 

ldap-user-manager/TMP_DISABLED_docker-compose.traefik.yml

@@ -1,7 +1,7 @@
 networks:
   proxy:
     external: true
-    name: ${APP_PROXY_NETWORK}
+    name: ${net_proxy}
 
 services:
 
@@ -10,8 +10,8 @@ services:
     labels:
       traefik.enable: "true"
       traefik.http.routers.lum.entrypoints: front-http,front-https
-      traefik.http.routers.lum.rule: Host(`lum.$APP_TOP_DOMAIN`)
+      traefik.http.routers.lum.rule: Host(`lum.$app_domain`)
       traefik.http.routers.lum.service: lum
       traefik.http.routers.lum.tls: "true"
-      traefik.http.routers.lum.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.routers.lum.tls.certresolver: $traefik_svc_certresolver
       traefik.http.services.lum.loadbalancer.server.port: '80'

ldap-user-manager/docker-compose.yml

@@ -1,29 +1,18 @@
 version: "3.7"
 
-#networks:
-#  ldap:
-#    external: true
-#    name: ${APP_LDAP_NETWORK}
-
 services:
 
   lum:
     image: wheelybird/ldap-user-manager:latest
-    #restart: always
-
-    #networks:
-    #  ldap:
-
     environment:
-      - "SERVER_HOSTNAME=lum.$APP_TOP_DOMAIN"
+      - "SERVER_HOSTNAME=lum.$app_domain"
-      - "LDAP_URI=$LDAP_SERVER_URI"
+      - "LDAP_URI=$ldap_uri"
-      - "LDAP_BASE_DN=$LDAP_BASE_DN"
+      - "LDAP_BASE_DN=$ldap_base_dn"
       - "LDAP_ADMINS_GROUP=admins"
-      - "LDAP_ADMIN_BIND_DN=cn=admin,$LDAP_BASE_DN"
+      - "LDAP_ADMIN_BIND_DN=$ldap_admin_bind_dn"
-      - "LDAP_ADMIN_BIND_PWD=$LDAP_ADMIN_PASSWORD"
+      - "LDAP_ADMIN_BIND_PWD=$ldap_admin_bind_passwd"
-        #- "LDAP_ADMIN_BIND_PWD=admin"
       - "LDAP_IGNORE_CERT_ERRORS=true"
-      - "NO_HTTPS=true"
+      - "NO_HTTPS=true" # Tofix, we can't use: ldap_tls here ...
       - "ACCEPT_WEAK_PASSWORDS=true"
 
       # MrJK Tweaking

librespeed/docker-compose.expose.yml

@@ -1,6 +1,6 @@
 services:
   librespeed:
     ports:
-      #- ${APP_EXPOSE_PORT:-80}:80
+      #- ${app_expose_port:-80}:80
-      - ${APP_EXPOSE_IP:-0.0.0.0}:${APP_EXPOSE_PORT:-80}:80
+      - ${app_expose_ip:-0.0.0.0}:${app_expose_port:-80}:80
 

minio/docker-compose.ldap.yml

@@ -1,7 +1,7 @@
 
 networks:
   ldap:
-    name: ${APP_LDAP_NETWORK:-s3}
+    name: ${net_ldap:-s3}
 
 services:
   minio:

minio/docker-compose.traefik.yml

@@ -2,7 +2,7 @@
 networks:
   front:
     external: true
-    name: ${APP_PROXY_NETWORK:-traefik}
+    name: ${net_proxy:-traefik}
 
 services:
   minio:

minio/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.9"
 
 networks:
   default:
-    name: ${APP_S3_NETWORK:-s3}
+    name: ${net_ostorage:-s3}
 
 
 services:

openldap/docker-compose.lemon-ldap.yml

@@ -17,20 +17,20 @@ services:
       - ./lemonldap-logs:/var/log/nginx
 
     environment:
-      - SSODOMAIN=$APP_TOP_DOMAIN
+      - SSODOMAIN=$app_domain
-      - PORTAL_HOSTNAME=auth.$APP_TOP_DOMAIN
+      - PORTAL_HOSTNAME=auth.$app_domain
-      - MANAGER_HOSTNAME=lemon.$APP_TOP_DOMAIN
+      - MANAGER_HOSTNAME=lemon.$app_domain
-      - HANDLER_HOSTNAME=handler.$APP_TOP_DOMAIN
+      - HANDLER_HOSTNAME=handler.$app_domain
-      - TEST1_HOSTNAME=mytest1.$APP_TOP_DOMAIN
+      - TEST1_HOSTNAME=mytest1.$app_domain
-      - TEST2_HOSTNAME=mytest2.$APP_TOP_DOMAIN
+      - TEST2_HOSTNAME=mytest2.$app_domain
       - LOGLEVEL=debug
     labels:
       traefik.enable: "true"
       traefik.http.routers.lemon.entrypoints: front-http,front-https
-        #traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$APP_TOP_DOMAIN`)
+        #traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$app_domain`)
-      traefik.http.routers.lemon.rule: Host(`auth.$APP_TOP_DOMAIN`,`lemon.$APP_TOP_DOMAIN`,`handler.$APP_TOP_DOMAIN`)
+      traefik.http.routers.lemon.rule: Host(`auth.$app_domain`,`lemon.$app_domain`,`handler.$app_domain`)
-        #traefik.http.routers.lemon.rule: Host(`lemon.$APP_TOP_DOMAIN`)
+        #traefik.http.routers.lemon.rule: Host(`lemon.$app_domain`)
       traefik.http.routers.lemon.service: lemon
       traefik.http.routers.lemon.tls: "true"
-      traefik.http.routers.lemon.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.routers.lemon.tls.certresolver: $traefik_svc_certresolver
       traefik.http.services.lemon.loadbalancer.server.port: '80'

openldap/docker-compose.self-service.yml

@@ -1,7 +1,7 @@
 
 networks:
   proxy:
-    name: ${APP_PROXY_NETWORK}
+    name: ${net_proxy}
 
 
 services:
@@ -18,11 +18,11 @@ services:
     labels:
       traefik.enable: "true"
       traefik.http.routers.selfserve.entrypoints: front-http,front-https
-        #traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$APP_TOP_DOMAIN`)
+        #traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$app_domain`)
-      traefik.http.routers.selfserve.rule: Host(`self.$APP_TOP_DOMAIN`)
+      traefik.http.routers.selfserve.rule: Host(`self.$app_domain`)
-        #traefik.http.routers.selfserve.rule: Host(`selfserve.$APP_TOP_DOMAIN`)
+        #traefik.http.routers.selfserve.rule: Host(`selfserve.$app_domain`)
       traefik.http.routers.selfserve.service: selfserve
       traefik.http.routers.selfserve.tls: "true"
-      traefik.http.routers.selfserve.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.routers.selfserve.tls.certresolver: $traefik_svc_certresolver
       traefik.http.services.selfserve.loadbalancer.server.port: '80'
 

openldap/docker-compose.yml

@@ -1,8 +1,8 @@
 version: "3.9"
 
-networks:
+#networks:
-  default:
+#  default:
-    name: ${app_network_name}
+#    name: ${app_network_name}
 
 
 services:
@@ -13,14 +13,15 @@ services:
       default:
         aliases:
           - ldap
+          - $ldap_uri_server
     environment:
-      - "LDAP_ORGANISATION=$LDAP_ORGANISATION"
+      - "LDAP_ORGANISATION=${ldap_domain:-$app_fqdn}"
-      - "LDAP_DOMAIN=$LDAP_DOMAIN"
+      - "LDAP_DOMAIN=${ldap_domain:-$app_fqdn}"
-      - "LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD"
+      - "LDAP_ADMIN_PASSWORD=${ldap_admin_bind_passwd:-$app_admin_passwd}"
       - "LDAP_RFC2307BIS_SCHEMA=true"
       - "LDAP_REMOVE_CONFIG_AFTER_SETUP=true"
       - "LDAP_TLS_VERIFY_CLIENT=never"
-      - "LDAP_TLS=false"
+      - "LDAP_TLS=${ldap_tls:-false}"
     volumes:
       - $app_dir_conf:/etc/ldap/slapd.d
       - $app_dir_data:/var/lib/ldap

traefik/docker-compose.letsencrypt.yml

@@ -6,13 +6,13 @@ services:
     environment:
 
       # Custom ACME certificates
-      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}=true
+      - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_EMAIL=${APP_ADMIN_EMAIL}
+      - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_EMAIL=${app_admin_email}
-      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_STORAGE=/data/acme-${TRAEFIK_CERTRESOLV}.json
+      - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_STORAGE=/data/acme-${traefik_svc_certresolver}.json
-      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE=true
+      - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_PROVIDER=${TRAEFIK_CERTRESOLV_PROVIDER}
+      - TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_PROVIDER=${traefik_svc_certresolver_PROVIDER}
-        #- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
+        #- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
-        #- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53"
+        #- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53"
 
       # ACME credentials for ovh-eu
       # - OVH_ENDPOINT=ovh-eu

vault/docker-compose.client.yml

@@ -0,0 +1,8 @@
+services:
+
+  vault-client:
+    build: .
+    environment:
+      VAULT_ADDR: "http://vault:8200"
+    networks:
+      default:

vault/docker-compose.expose.yml

@@ -0,0 +1,4 @@
+services:
+  vault-server:
+    ports:
+      - "${app_expose_ip}:${app_expose_port:-8200}:${app_port:-8200}"

vault/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "3.8"
+services:
+  vault:
+    image: vault:latest
+    environment:
+      VAULT_ADDR: "http://0.0.0.0:${app_port:-8200}"
+      VAULT_DEV_ROOT_TOKEN_ID: "${app_secret_token:-admin}"
+    cap_add:
+      - IPC_LOCK
+    networks:
+      default:
+