Bobby | 24 Mar 10:11 2015
Picon

LAM Multi User Upload

Hi guys, am trying to create multiple account using the multi user 
upload. while entering the user data I came across this entry field:

posixAccount_uid
posixaccount_username

Lam is connected to openldap and the dn_rdn used prefix for user account 
is uid.. I am confused on which value to fill and which to leave empty 
or should both be filled with the same value?

Normally a typical user dn is as thus uid=user,ou=People,dc=example,dc=com

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
Elias Pereira | 19 Mar 20:44 2015
Picon

Update lam

Hi guys,

I can usually upgrade from version 3.7 to 4.8 or is there any change to be made before?

--
Elias Pereira
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Elias Pereira | 17 Mar 15:08 2015
Picon

Re: Force everyone to change password

Roland, sorry about the other e-mail that I send only to you!

Thanks for the answer!!

Would look like this?




On Mon, Mar 16, 2015 at 7:12 PM, Elias Pereira <empbilly-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
Thanks for the answer Roland!

Another doubt:

Have any way to reset the master password from the general settings?

On Fri, Mar 13, 2015 at 1:24 PM, Roland Gruber <post <at> rolandgruber.de> wrote:
Hi Elias,

On 13.03.2015 15:13, Elias Pereira wrote:
> I like to know if you have any way I can force all users to change the
> password for the domain?

you can use Tools -> Multi Edit for this task.

E.g. to force password change via PPolicy you can set attribute
"pwdReset" to "TRUE".


--

Best regards

Roland


LDAP Account Manager
http://www.ldap-account-manager.org/

Want more? Get LDAP Account Manager Pro!
https://www.ldap-account-manager.org/lamcms/lamPro

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Lam-public mailing list
Lam-public-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/lam-public



--
Elias Pereira



--
Elias Pereira
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
John Maher | 16 Mar 19:24 2015
Picon

Dynamically setting the home directory for new user

Within Tools > Profile editor, in the "Home directory" field the default
setting is "/home/$user".  I'm trying to set the home directory of a new
user to be "/home/≤Primary_group_name>/$user". Is there an easy way to
do this?

Thanks for you help.

John

--

-- 
* - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - *
John Maher
Senior Systems and Network Administrator
Department of Biochemistry & Molecular Biology and
Department of Chemistry
University of Massachusetts - Amherst
voice: 413-577-3120  fax: 413-545-4490
OpenPGP Key ID: 0x2970A144

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
Elmopi, Stefano | 16 Mar 10:23 2015
Picon

Force Reset Password


Hi Roland,

I attach the two screenshot required.
For Password_Panel, is the same, whether I put a password and then push the button "Ok" or I push the button "Set random password"


Best regards

Stefano


Message: 1
Date: Fri, 06 Mar 2015 17:17:25 +0100
From: Roland Gruber <post <at> rolandgruber.de>
Subject: Re: [Lam-public] Force Reset Password
To: lam-public-5NWGOfrQmnc@public.gmane.orgurceforge.net
Message-ID: <54F9D315.3030802-qF4ddCv+L6t7S1K2b6EZKQ@public.gmane.org>
Content-Type: text/plain; charset="windows-1252"

Hi Stefano,

can you provide a screenshot of the user tabs (Personal, Unix, ...) and
also the password dialog before you click on Ok?

I need to see which modules are active and what was entered in the dialog.


Best regards

Roland



"Ai sensi e per gli effetti della legge sulla tutela dei dati personali (D.lgs 196/2003),
le informazioni contenute nella presente <at> mail sono di natura riservata e destinate
ad un uso aziendale-lavorativo con esclusione di utilizzi ad uso personale; come tali,
pertanto, sono riservate esclusivamente ai destinatari sopra indicati. E' proibito leggere,
copiare, usare o diffondere il contenuto della presente <at> mail senza autorizzazione.
Se avete ricevuto questa <at> mail per errore, siete pregati di rispedire la stessa al mittente.
Grazie"
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Roland Gruber | 15 Mar 19:54 2015
Picon

LDAP Account Manager 4.9.RC1 with usability and Self Service improvements released

LDAP Account Manager (LAM) 4.9.RC1 - March 15th, 2015
=====================================================

LAM is a web frontend for managing accounts stored in an LDAP directory.

Announcement:
-------------

Server profiles can be created based on existing profiles or built-in
templates. Password self reset supports to enter custom security
questions. Password changes in Self Service can be done by sending old
password together with new password.

This is a test version. Please report any bugs till 25th March.

Full changelog:

https://www.ldap-account-manager.org/lamcms/changelog

Download:

https://www.ldap-account-manager.org/lamcms/releases

Features:
---------

* management of various account types
 * Unix
 * Samba 3/4
 * Kolab 2/3
 * Asterisk
 * Zarafa
 * DHCP
 * SSH keys
* profiles for account creation
* account creation via file upload
* automatic creation/deletion of home directories
* setting quotas
* PDF output for all accounts
* editor for organizational units
* schema browser
* tree view
* multiple configuration files
* multi-language support: Catalan, Chinese (Traditional + Simplified),
  Czech, Dutch, English, French, German, Hungarian, Italian, Japanese,
  Polish, Portuguese, Russian, Slovak, Spanish and Turkish
* support for LDAP+SSL/TLS

Demo installation:
------------------

You can try our demo installation online.

https://www.ldap-account-manager.org/lamcms/liveDemo

Support:
--------

If you find a bug please file a bug report. For questions or
implementing new features please use the mailinglist and feature request
tracker at our homepage https://www.ldap-account-manager.org.

Authors & Copyright:
--------------------

Copyright (C) 2003 - 2015:
Roland Gruber <post@...>

LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Elias Pereira | 13 Mar 15:13 2015
Picon

Force everyone to change password

Hi guys,

I like to know if you have any way I can force all users to change the password for the domain?

--
Elias Pereira
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Darin Perusich | 11 Mar 18:34 2015

retrieving uidNumber from the DS

I've been setting up a synchronization system between two directory 
servers, Active Directory and OpenDJ, using the LDAP Synchronization 
Connector http://lsc-project.org/wiki/ and the approach it uses for 
populating the uidNumber I'm wondering if it can be used by LAM.

The approach is to create a cn which contains a serialNumber which is 
the initial uidNumber. When it creates an account it retrieves that 
serialNumber and increments it +1, and set that value to the uidNumber, 
create the user, then updates the serialNumber in the directory. I may 
have the sequence wrong but that's basically it.

I know LAM increments the uidNumber in some fashion but I was curious to 
know if something like this could be done. I'm thinking of a scenario 
where accounts are being auto-created w/such a tool and also manually 
created with LAM.

dn: ou=sequences,dc=dom,dc=com
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: sequences

dn: cn=uidNumberSequence,ou=sequences,dc=dom,dc=com
objectClass: top
objectClass: device
cn: uidNumberSequence
serialNumber: 10000

--

-- 
Darin Perusich
Email: Darin.Perusich@...
Office: 716-888-3690
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you are not the intended recipient of this 
message, please contact the sender and delete this material from this computer.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
jpooser | 26 Feb 22:08 2015

centos 7 php tls/ldaps not working

using centos 7 to connect to remote openldap server vi LAM

selinux is in permissive mode

LAM host connects fine from command line using ldapwhoami and other ldap 
cli tools... ldap client config definitely ok on host, but php fails...

lam reports:

LDAP error, server says: (-1) Can't contact LDAP server

have followed all advise on this list about creating both:

/etc/ldap.conf as well as /etc/openldap/ldap.conf

specifying:
TLS_REQCERT never

pointing to certfile, certdir, etc., etc... .

a simple php test script (see below) returns:

PHP Warning:  ldap_start_tls(): Unable to start TLS: Can't contact LDAP 
server

this seems to be a more general php/ldaps issue rather than something 
specific to LAM... but any leads would be appreciated

--snip---

<?php

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

    $ldap="ldaps://SECRETHOSTNAME";
    $usr="uid=SECRETUSER,ou=people,dc=mydomain,dc=com";
    $pwd="SECRETPASS";

    $ds=ldap_connect($ldap);
    $ldapbind=false;
    if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
       if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0))
          if(ldap_start_tls($ds))
                $ldapbind =  <at> ldap_bind($ds, $usr, $pwd);
    ldap_close($ds);

    if(!$ldapbind)
       echo "ERROR";
    else
       echo "OK";
?>

--

-- 
Jeoffrey Pooser
Chief Security Officer
Clickshare Service Corporation
(413)-200-0904

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
Elmopi, Stefano | 19 Feb 12:27 2015
Picon

Error on change password


Hi Roland,


I continue on this new email a speech already started, I try to clarify.

From administrative panel of LAM, I click on the key icon (Change password), next to the name of the user,

choose options: "Send via mail" under the section "Generate random password" and "Force password change" under

the section "Password change options" and push "Change password" button.

Arrives the email to the user, the user clicks on the link and enter the password that was sent. At this point the panel

shows only the fields for changing password,enter the new password in compliance with all the requirements

and push "Save" button. at this point, on the panel, the following messages appear:


You are reusing an old password. Please choose a different password.

The operation was stopped because of the above errors.


But if the user log out and then log in again with your new password, is able to enter safely, the password change was successful

These are the log of the LDAP server when push "Save" button:


Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 fd=12 ACCEPT from IP=172.16.149.20:54788 (IP=0.0.0.0:389)

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=0 EXT oid=1.3.6.1.4.1.1466.20037

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=0 STARTTLS

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=0 RESULT oid= err=0 text=

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 fd=12 TLS established tls_ssf=128 ssf=128

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=1 BIND dn="uid=aa0560,ou=Interni,ou=Utenze,dc=sociale,dc=it" method=128

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=1 BIND dn="uid=aa0560,ou=Interni,ou=Utenze,dc=sociale,dc=it" mech=SIMPLE ssf=0

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=1 RESULT tag=97 err=0 text=

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=2 SRCH base="uid=aa0560,ou=Interni,ou=Utenze,dc=sociale,dc=it" scope=0 deref=0 filter="(objectClass=*)"

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=2 SRCH attr=* +

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=2 SEARCH RESULT tag=101 err=50 nentries=0 text=Operations are restricted to bind/unbind/abandon/StartTLS/modify password

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=3 MOD dn="uid=aa0560,ou=Interni,ou=Utenze,dc=sociale,dc=it"

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=3 MOD attr=userPassword

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=3 RESULT tag=103 err=0 text=

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=4 SRCH base="uid=aa0560,ou=Interni,ou=Utenze,dc=sociale,dc=it" scope=0 deref=0 filter="(objectClass=*)"

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=4 SRCH attr=* +

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=5 SRCH base="uid=aa0560,ou=Interni,ou=Utenze,dc=sociale,dc=it" scope=0 deref=0 filter="(objectClass=*)"

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=5 SRCH attr=* +

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 op=6 UNBIND

Feb 19 12:11:25 ldpsoc01devpom slapd[25813]: conn=1081 fd=12 closed



Best Regards



Ing. Stefano Elmopi
Cooperativa Capodarco - Resp. Area ICT Gestione Esercizio
Via Ostiense 131/L Corpo B, 00154 Roma

cell. 3466147165
tel.  0657060500

email:stefano.elmopi-IenwjEANACOonA0d6jMUrA@public.gmane.org



"Ai sensi e per gli effetti della legge sulla tutela dei dati personali (D.lgs 196/2003),
le informazioni contenute nella presente <at> mail sono di natura riservata e destinate
ad un uso aziendale-lavorativo con esclusione di utilizzi ad uso personale; come tali,
pertanto, sono riservate esclusivamente ai destinatari sopra indicati. E' proibito leggere,
copiare, usare o diffondere il contenuto della presente <at> mail senza autorizzazione.
Se avete ricevuto questa <at> mail per errore, siete pregati di rispedire la stessa al mittente.
Grazie"
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Elmopi, Stefano | 19 Feb 12:23 2015
Picon

Force Reset Password


Hi Roland,

I continue on this new email a speech already started, I try to clarify.
From the administrative panel of LAM, within the personal panel of a user to change its password.
I click on the button "Set password" and opens a panel and choose options: "Send via mail" and "Force password change"
and push "Set random password" button.
Arrives the email to the user, the user clicks on the link and enter the password that was sent
At this point I would have expected that the panel presented only the fields to change the passwod but is not so.
Instead, always from administrative panel of LAM, I click on the key icon (Change password), next to the name of the user,
choose options: "Send via mail" under the section "Generate random password" and "Force password change" under
the section "Password change options" and push "Change password" button.
Arrives the email to the user, the user clicks on the link and enter the password that was sent
At this point the panel shows only the fields for changing password, not user data.
Same processing but with two different results


Best Regards


Ing. Stefano Elmopi
Cooperativa Capodarco - Resp. Area ICT Gestione Esercizio
Via Ostiense 131/L Corpo B, 00154 Roma

cell. 3466147165
tel.  0657060500

email:stefano.elmopi-IenwjEANACOonA0d6jMUrA@public.gmane.org



"Ai sensi e per gli effetti della legge sulla tutela dei dati personali (D.lgs 196/2003),
le informazioni contenute nella presente <at> mail sono di natura riservata e destinate
ad un uso aziendale-lavorativo con esclusione di utilizzi ad uso personale; come tali,
pertanto, sono riservate esclusivamente ai destinatari sopra indicati. E' proibito leggere,
copiare, usare o diffondere il contenuto della presente <at> mail senza autorizzazione.
Se avete ricevuto questa <at> mail per errore, siete pregati di rispedire la stessa al mittente.
Grazie"
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public

Gmane