Gomez-Rubio, J L. | 28 Aug 14:24 2015

Hosts pam_check_host_attr for groups?

Roland,

I’ve already got user login per host access setup as described at https://www.ldap-account-manager.org/static/doc/manual-onePage/index.html#idp41637792

How do I set it up so it works on a group? I am using groupOfNames with rfc2307bisPosixGroup.

I was googling for answers and came across 
http://thornelabs.net/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html which mentioned 'Be aware, this solution does not scale well. If a new client sever comes online it will have to be added to every LDAP user needing access. This can of course be scripted, but a more scaleable solution is to use LDAP groups.’ but the author does not say how to configure LDAP.

Thanks for replying!

Jose
------------------------------------------------------------------------------
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
John Maher | 25 Aug 19:29 2015
Picon

Display of SambaPwdMustChange

I am using LAM Pro 5.0 (and have noticed this in earlier versions), and
the value for SambaPwdMustChange only displays as a hyphen ("-"). It
displays as it's correct value in Tree View though.

Any thoughts on how to make this display as a date?

Thanks.

John

--

-- 
* - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - *
John Maher
Senior Systems and Network Administrator
Department of Biochemistry & Molecular Biology and
Department of Chemistry
University of Massachusetts - Amherst
voice: 413-577-3120  fax: 413-545-4490
OpenPGP Key ID: 0x2970A144

------------------------------------------------------------------------------
Roland Gruber | 14 Aug 22:07 2015
Picon

LDAP Account Manager 5.1.RC1 with mobile compatible self service released

LDAP Account Manager (LAM) 5.1.RC1 - August 14th, 2015
======================================================

LAM is a web frontend for managing accounts stored in an LDAP directory.

Announcement:
-------------

The LAM Pro Self Service has a new responsive design that works on
mobile, tablet and desktop. SSH keys are checked for validity on upload
and the IMAP module can be combined with Windows user module.

This is a test release. Please report any bugs till 28th August.

Full changelog:

https://www.ldap-account-manager.org/lamcms/changelog

Download:

https://www.ldap-account-manager.org/lamcms/releases

Features:
---------

* management of various account types
 * Unix
 * Samba 3/4
 * Kolab 2/3
 * Asterisk
 * Zarafa
 * DHCP
 * SSH keys
* profiles for account creation
* account creation via file upload
* automatic creation/deletion of home directories
* setting quotas
* PDF output for all accounts
* editor for organizational units
* schema browser
* tree view
* multiple configuration files
* multi-language support: Catalan, Chinese (Traditional + Simplified),
  Czech, Dutch, English, French, German, Hungarian, Italian, Japanese,
  Polish, Portuguese, Russian, Slovak, Spanish and Turkish
* support for LDAP+SSL/TLS

Demo installation:
------------------

You can try our demo installation online.

https://www.ldap-account-manager.org/lamcms/liveDemo

Support:
--------

If you find a bug please file a bug report. For questions or
implementing new features please use the mailinglist and feature request
tracker at our homepage https://www.ldap-account-manager.org.

Authors & Copyright:
--------------------

Copyright (C) 2003 - 2015:
Roland Gruber <post@...>

LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.

------------------------------------------------------------------------------
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Detlev Habicht | 12 Aug 10:25 2015
Picon
Picon

LAM and IPA

Hi all,

my LDAP knowhow is still not very good, but i have this question:

It is possible to use LAM to access an IPA (IDM, freeIPA) Server?

I need it only for user und groups.

I don’t understand which modules i have to use. I was trying
inetOrgPerson and posixAccount for user, but when i want to edit
data, i can only edit posixAccount data. The inetOrgPerson area
is grey and i cannot access it.

Creating a new user i can see both areas. I see also all data
using the tree.

So again my question: Which modules i have to use to access
IPA user and groups data?

Thanx for any help.

Detlev


--
  Detlev  | Institut fuer Mikroelektronische Systeme
  Habicht | D-30167 Hannover +49 511 76219662 habicht-z4aLgj2Nwzb1qYPpFx2fzhvVK+yQ3ZXh@public.gmane.org
  --------+-------- Handy    +49 172 5415752  ---------------------------



------------------------------------------------------------------------------
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
John Maher | 27 Jul 16:11 2015
Picon

LAM Pro and non-standard schemas

I see that LAM Pro features include "Custom fields: manage your own
custom LDAP object classes". Can LAM Pro make available the attributes
from a personal schema? It would be great to have a tab that had our own
schema's attributes.

Thanks.

John

--

-- 
* - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - *
John Maher
Senior Systems and Network Administrator
Department of Biochemistry & Molecular Biology and
Department of Chemistry
University of Massachusetts - Amherst
voice: 413-577-3120  fax: 413-545-4490
OpenPGP Key ID: 0x2970A144

------------------------------------------------------------------------------
Franck.Rakotonindrainy | 9 Jul 15:24 2015

Self service AND Password must change issue

Hello,

I encounter an issue with the self service password reset when the AD user account is set as "Password must change"

The user is unable to login to change hist password with the following error :
Wrong password/user name combination. Please try again.

80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1



Is it a know issue, is there a workaround ?

Best regards.
Franck Rakotonindrainy
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Marcin KOSMICKI | 1 Jul 13:11 2015

Creation of new group ServiceDesk - with diffrent priviledges

Hi group,

 

This is my first post, so first of all – welcome everybody.

 

My issue is as simple as this:

I need to create a user with fewer privileges than Manger,  preferably a new group called Service Desk with the ability to

 - modify users – things like assignments to groups,

 - edit users details (tab Personal – ability to edit username; first name; last name; etc.)

 - change their passwords to (in case they forget them);

 

For this new group only user Manager can modify (add; edit and delete) users, uses on the group cannot do this between themselves.

 

Is it possible to achieve this, and if it is – how can I do this?

 

Marcin

Sopra Steria is the trading name of the following companies (all registered in England & Wales): (i) Sopra Steria Limited (No. 04077975) (ii) Sopra Group Ltd (No. 01643041) (iii) Sopra Group Holding Ltd (No. 01588948)
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Roland Gruber | 30 Jun 21:54 2015
Picon

LDAP Account Manager 5.0 with cron job for password expiry notification email released

LDAP Account Manager (LAM) 5.0 - June 30th, 2015
================================================

LAM is a web frontend for managing accounts stored in an LDAP directory.

Announcement:
-------------

LAM Pro can notify your users via cron job that their passwords will
expire soon. The Windows support was also enhanced. LAM no longer
supports Internet Explorer 8.

Full changelog:

https://www.ldap-account-manager.org/lamcms/changelog

Download:

https://www.ldap-account-manager.org/lamcms/releases

Features:
---------

* management of various account types
 * Unix
 * Samba 3/4
 * Kolab 2/3
 * Asterisk
 * Zarafa
 * DHCP
 * SSH keys
* profiles for account creation
* account creation via file upload
* automatic creation/deletion of home directories
* setting quotas
* PDF output for all accounts
* editor for organizational units
* schema browser
* tree view
* multiple configuration files
* multi-language support: Catalan, Chinese (Traditional + Simplified),
  Czech, Dutch, English, French, German, Hungarian, Italian, Japanese,
  Polish, Portuguese, Russian, Slovak, Spanish and Turkish
* support for LDAP+SSL/TLS

Demo installation:
------------------

You can try our demo installation online.

https://www.ldap-account-manager.org/lamcms/liveDemo

Support:
--------

If you find a bug please file a bug report. For questions or
implementing new features please use the mailinglist and feature request
tracker at our homepage https://www.ldap-account-manager.org.

Authors & Copyright:
--------------------

Copyright (C) 2003 - 2015:
Roland Gruber <post@...>

LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Paul Smith | 23 Jun 16:25 2015
Picon

Re: self service LAM pro

> On 16.12.2013 18:54, Didier Laborie wrote:
> > To create an account, is there a validation workflow (to avoid spam users) ?
>
> the requests require a valid email address. LAM sends a confirmation
> link to this address for validation.
>
> In 4.5 there will be the possibility to add a captcha to prevent
> automatic registrations.

I'm also interested in setting up a captcha with new user registration 
in order to avoid spam accounts.  Was this functionality ever added to 
LAM?  I looked around, but I didn't see anything (v.4.9).  Maybe it's a 
plugin?  I'd appreciate it if someone could point me in the right 
direction...

TIA,

Paul

--

-- 
Paul W. Smith
Coordinator of Computing Facility Operations
National Center for Computational Hydroscience and Engineering
http://www.ncche.olemiss.edu

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
SCHARFY Manuel | 17 Jun 19:14 2015
Picon

Automatically create group to user

Hello,
 
is it possible to somehow automatically create a (posix)group for a new created Unix user and set it as primary group for that new user? Basically like the “adduser” command mostly does it by default for local passwd/shadow accounts.
Right now the workflow would be:
  • Create a new user account
  • Copy the generated user name
  • Create a group with the user name
  • Switch back to the user and change the primary group
 
Maybe I just overlooked something?
 
Thanks & Br,
Manuel
 
 
------------------------------------------------------------------------------
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Martin | 17 Jun 14:54 2015
Picon

pdf file permission. set to 600 should 660

Hallo zusammen!

When creating a PDF the file is created with 600. therefore I get:
You don't have permission to access /ldap-account-manager/tmp/xy.pdf on this
server.

I need the server to set the rights to 660. After chmodding the file i can
access it.

What do I need to do?

Thx for your help.
Martin

------------------------------------------------------------------------------

Gmane