Table of Contents
This chapter will give you instructions how to manage the different LDAP entries in your directory.
Please note that not all account types are manageable with the free LAM release. LAM Pro provides some more account types and modules to support additional LDAP object classes.
Additional types:
Group of names
Aliases
NIS objects
Sudo roles
Additional modules:
Group of names (groupOfNames)
Group of unique names (groupOfUniqueNames)
Unix (rfc2307bisPosixGroup)
Alias (aliasEntry)
User name (uidObject)
NIS object (nisObject)
Custom scripts (customScripts)
Sudo role (sudoRole)
Basic page layout:
After the login LAM will present you its main page. It consists of a header part which is equal for all pages and the content area which covers most the of the page.
The header part includes the links to manage all account types (e.g. users and groups) and open the tree view (LDAP browser). There is also the logout link and a tools entry.
When you login the you will see an account listing in the content area.
Here you can create, delete and modify accounts. Use the action buttons at the left or double click on an entry to edit it.
The suffix selection box allows you to list only the accounts which are located in a subtree of your LDAP directory.
You can change the number of shown entries per page with "Change settings". Depending on the account type there may be additional settings. E.g. the user list can convert group numbers to group names.
When you select to edit an entry then LAM will show all its data on a tabbed view. There is one tab for each functional part of the account. You can set default values by loading an account profile.
This module is the most common basis for user accounts in LAM. You can use it stand-alone to manage address book entries or in combination with Unix, Samba or other modules.
The Personal module provides support for managing various personal data of your users including mail addresses and telephone numbers. You can also add photos of your users. If you do not need to manage all attributes then you can deactivate them in your server profile.
You can specify a list of valid host names where the user may login. If you add the value "*" then the user may login to any host. This can be further restricted by adding explicit deny entries which are prefixed with "!" (e.g. "!hr_server").
Please note that your PAM settings need to support host restrictions.
This module supports to manage Kolab accounts with LAM. E.g. you can set the user's mail quota and define invitation policies.
Please enter an email address at the Personal page and set a Unix password first. Both are required that Kolab accepts the accounts.
Kolab users should not be directly deleted with LAM. You can mark an account for deletion which then is done by the Kolab server itself. This makes sure that the mailbox etc. is also deleted.
LAM supports Asterisk accounts, too. See the Asterisk section for details.
EDU person accounts are mainly used in university networks. You can specify the principal name, nick names and much more.
OpenLDAP supports the ppolicy overlay to manage password policies for LDAP entries. LAM Pro supports managing the policies and assigning them to user accounts.
Please add the account type "Password policies" to your LAM server profile and activate the "Password policy" module for the user type.
You can assign any password policy which is found in the LDAP suffix of the "Password policies" type. When you set the policy to "default" then OpenLDAP will use the default policy as defined in your slapd.conf file.
LAM supports to manage mail routing for user accounts. You can specify a routing address, the mail server and a number of local addresses to route. This feature can be activated by adding the "Mail routing" module to the user account type in your server profile.
You can manage your public keys for SSH in LAM if you installed the LPK patch for SSH. Activate the "SSH public key" module for users in the server profile and you can add keys to your user entries.