changing a domain name

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may

_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public

LDAP Account Manager 4.2.RC1 with Samba 4 support released

LDAP Account Manager (LAM) 4.2.RC1 - May 12th, 2013
===================================================

LAM is a web frontend for managing accounts stored in an LDAP directory.

Announcement:
-------------

You can now manage Samba 4 entries (users/groups/hosts) with LAM.
Zarafa on Samba 4 is also supported (LAM Pro). Additionally, the
buttons to create/delete entries can be disabled for each account type
(LAM Pro).

Please note that this is a test version. Please report any bugs till
31st May.

Full changelog:

https://www.ldap-account-manager.org/lamcms/changelog

Download:

https://www.ldap-account-manager.org/lamcms/releases

Features:
---------

* management of various account types
 * Unix
 * Samba 3/4
 * Kolab 2
 * Asterisk
 * Zarafa
 * DHCP
 * SSH keys
* profiles for account creation
* account creation via file upload
* automatic creation/deletion of home directories
* setting quotas
* PDF output for all accounts
* editor for organizational units
* schema browser
* tree view
* multiple configuration files
* multi-language support: Catalan, Chinese (Traditional + Simplified),
  Czech, Dutch, English, French, German, Hungarian, Italian, Japanese,
  Polish, Portuguese, Russian, Slovak and Spanish
* support for LDAP+SSL/TLS

Demo installation:
------------------

You can try our demo installation online.

https://www.ldap-account-manager.org/lamcms/liveDemo

Support:
--------

If you find a bug please file a bug report. For questions or
implementing new features please use the mailinglist and feature request
tracker at our homepage https://www.ldap-account-manager.org.

Authors & Copyright:
--------------------

Copyright (C) 2003 - 2013:
Roland Gruber <post@...>

LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.

Is LAM Pro 4.1 not expecting o= suffix, only dc=, dc= ?

I'm testing LAM Pro 4.1

I create a server profile, fill in the Server address and the Tree 
suffix which in my case is in the form o=TestCompany.

When I try to log in to the server with that profile I get

The following suffixes are missing in LDAP. LAM can create them for you.
ou=People,dc=my-domain,dc=com
ou=group,dc=my-domain,dc=com
ou=machines,dc=my-domain,dc=com
dc=my-domain,dc=com

Adding this will fail, and If I cancel, I will get messages like this 
when I do stuff.

LDAP search failed! Please check your preferences.
No such object

If I browse the tree in LAM it actually shows what I expect.

Diggin into it I see that in the profile config file there are entries
types: suffix_user: ou=People,dc=my-domain,dc=com etc (for People, 
group, machines, smbDomain)
Editing the suffix there seems to fix the problem.

Is this a bug? I think I went through all steps.

(URL is 
http://testserver/lam/templates/initsuff.php?suffs=%27ou=People,dc=my-domain,dc=com;ou=group,dc=my-domain,dc=com;ou=machines,dc=my-domain,dc=com;dc=my-domain,dc=com)

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1

Where can I change the default groupOfNames

Hi,

I find that when I create a new user in lam pro, it gets added to two 
groupOfNames (which I am not aware of having configured :)).
In
/usr/share/ldap-account-manager/config/profiles/lam/default.user
I found that its configured that way. But I just fail to find where I 
could change this in the lam gui. Where is that?

Best regards,
Isaac

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

default LAM password encryption in LDAP inetOrgPerson

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public

Object class device for machine account Samba

------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html

_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public

cookies and https

We are trying to put an F5 in front of our lam web page and running into
problems. When we connect directly to the server that is hosting lam
making an http connection everything is fine.  The F5 is presenting an
https url and then redirecting that to lam server - so we have http://lam
works fine, https:F5lam does not work. We get a 200 ok from the web page,
but it is sending 0 bytes back.

https:
1.1.1.5 - - [28/Mar/2013:16:19:18 -0500] "GET /templates/login.php
HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0)
Gecko/20100101 Firefox/19.0"

http:
1.0.1.228 - - [28/Mar/2013:16:15:37 -0500] "GET /templates/login.php
HTTP/1.1" 200 6506 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0)
Gecko/20100101 Firefox/19.0"

I ran tcpdumps on the lam server and saw that it looks like it is trying
to inject a cookie into the http connection, but not the https connection:

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2013 20:43:35 GMT
Server: Apache/2.2.15 (Oracle)
X-Powered-By: PHP/5.3.3
Set-Cookie: PHPSESSID=6fiq68v0o995e101me7lnfspf4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=cs0pqsh29i3uvafbv2g24tuq77; path=/
Set-Cookie: PHPSESSID=885i50ptibr1p0inm9428vah20; path=/
Content-Length: 6506
Connection: close
Content-Type: text/html; charset=UTF-8

no cookie on the https connection:
HTTP/1.1 200 OK
Date: Thu, 28 Mar 2013 20:41:40 GMT
Server: Apache/2.2.15 (Oracle)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Can anyone explain to me why one connection is sending a cookie but the
other one isn't, and/or why it would send a 0 byte page back?

thanks -

EJ

------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2

Base modules

I am trying to set up lam 4.0.1 and having a problem with base modules.
Our current ldap accounts have both Account (account)(*) and Personal
(inetOrgPerson(*) properties, but if I try to configure this using the lam
config page it says that these are both base modules and that I can't have
more than one.  Is there any way to override this? Can I manually add both
to the conf file?

from jexplorer, I can see that users that are already in our ldap have
these classes assigned:

top
person
organizationalPerson
inetOrgPerson
posixAccount
shadowAccount
account

If I don't include the account(*) module then I don't have any hosts field
for the users I create and I have to have that. If I use the account(*)
field but don't use inetOrgPerson then our password management page
doesn't work for those users.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

LAM celebrates its 10th anniversary

Hi all,

this year LAM celebrates its 10th anniversary. It was an exciting
journey from the beginnings till now. :)

The past:

The project was founded in 2003 as web GUI for Samba (Samba 2!) accounts
in an OpenLDAP database. Over the years LAM developed
to one of the standard tools for LDAP account management. It is used by
people all over the world and translated to 16 languages. While the
first release only supported users, groups and hosts the current LAM
release supports 16 different account types. In 2006 the LAM Pro version
was introduced. It provides additional features for enterprise usage and
is the financial basis for LAM's development.

Highlights of the last 10 years:

* 2003: Project initiation and first stable release (0.4.1)
* 2004: First user contributed translations (French, Hungarian and Japanese)
* 2005: New plugin architecture, integration of tree view and schema
browser from phpLDAPadmin
* 2006: Release of LAM 1.0, first LAM Pro release with user self service
* 2007: New plugins: group of (unique) names; large GUI enhancements
* 2008: DHCP support and security levels
* 2009: New plugins: custom scripts, Asterisk, alias management, NIS
netgroups + objects, EDU person
* 2010: New plugins: Zarafa, Asterisk voicemail, PPolicy, ipHost, sudo
* 2011: Password self reset, new plugins: IMAP, automount, FreeRadius,
authorized services
* 2012: User self registration, new plugins: MIT+Heimdal Kerberos,
custom fields, QMail, Puppet

Many thanks to all who contributed to LAM by e.g. donating code,
maintaining translations and reporting feature requests or bugs.

The present:

>From Asterisk over Samba to Zarafa, at the moment there exist 60 plugins
for all sorts of LDAP-enabled applications.
Using the custom fields module LAM can also support your own company
schema. Next to LAM's interface for admin users there is the self
service that helps your users to manage their own data.

The future:

LAM will continue to provide support for additional applications. The
next big milestone will be Samba 4 support. Of course, in the end you -
the users of LAM - decide. Please post your ideas, comments and wishes
to LAM's mailinglist or the feature request tracker.

See the application evolution on our gource video on YouTube:
http://www.youtube.com/watch?v=G5AAn2bUkdk

Best regards

Roland

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev

SudoRunAs Attribute Issue

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb

_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public

Re: Cannot display users with search limit greater than 10000

Hi Jeff,

On 20.02.2013 22:39, Gefter Mbi - NOAA Affiliate wrote:
> I am testing LAM Pro 4.0.1 and have a 30 day license. When I set
> the LDAP search limit to any value greater than 10000, users are
> not displayed, but groups are. With values below 10000, both users
> and groups are displayed. Anybody experienced this? Is there any
> configuration setting that I should be changing ?

there are two settings in php.ini that need to be increased when
manageing large directories: memory_limit and max_execution_time
Depending on the number of users you may need to increase the memory
limit up to 256M.
Check you Apache logs for any error messages about out of memory or
execution timeout.

If your user count is about 100.000 or more then you should think
about dividing the LDAP tree into organizational units. You can then
setup one LAM server profile for each unit.
The background is that LAM may be very slow with this number of accounts.

Additionally, you can set the LDAP search limit in the server profile.
This will result in a limited set of users in the list. But you can
then use the filter boxes to search for users. The filters use LDAP
filters so the LDAP server does not need to return all users.

--

-- 

Best regards

Roland

LDAP Account Manager
http://www.ldap-account-manager.org/

Want more? Get LDAP Account Manager Pro!
https://www.ldap-account-manager.org/lamcms/lamPro