Chapter 3. Managing entries in your LDAP directory

Table of Contents

Typical usage scenarios
Users
Personal
Unix
Group of names (LAM Pro)
Shadow
Password self reset (LAM Pro)
Hosts
Samba 3
Windows (Samba 4)
Filesystem quota (lamdaemon)
Filesystem quota (LDAP)
Kolab
Asterisk
EDU person
Password policy (LAM Pro)
FreeRadius
Heimdal Kerberos (LAM Pro)
MIT Kerberos (LAM Pro)
Qmail (LAM Pro)
Mail routing
SSH keys
Authorized services
IMAP mailboxes
Account
Groups
Unix
Unix groups with rfc2307bis schema (LAM Pro)
Samba 3
Windows (Samba 4)
Quota
Hosts
Account
Device (LAM Pro)
Samba 3
Windows (Samba 4)
IP addresses (LAM Pro)
MAC addresses
Puppet
Samba 3 domains
Group of (unique) names (LAM Pro)
Asterisk
Zarafa (LAM Pro)
Configuration
DHCP
Aliases (LAM Pro)
Mail aliases
NIS net groups
NIS objects (LAM Pro)
Automount objects (LAM Pro)
Password policies (LAM Pro)
Custom fields (LAM Pro)
Custom scripts (LAM Pro)
Sudo roles (LAM Pro)
General information
Tree view (LDAP browser)

This chapter will give you instructions how to manage the different LDAP entries in your directory.

Please note that not all account types are manageable with the free LAM release. LAM Pro provides some more account types (e.g. group of names, aliases, ...) and modules (e.g. Zarafa, custom scripts, ...) to support additional LDAP object classes. All LAM Pro features are marked in this manual.

Basic page layout:

After the login LAM will present you its main page. It consists of a header part which is equal for all pages and the content area which covers most the of the page.

The header part includes the links to manage all account types (e.g. users and groups) and open the tree view (LDAP browser). There is also the logout link and a tools entry.

When you login the you will see an account listing in the content area.

Here you can create, delete and modify accounts. Use the action buttons at the left or double click on an entry to edit it.

The suffix selection box allows you to list only the accounts which are located in a subtree of your LDAP directory.

You can change the number of shown entries per page with "Change settings". Depending on the account type there may be additional settings. E.g. the user list can convert group numbers to group names.

When you select to edit an entry then LAM will show all its data on a tabbed view. There is one tab for each functional part of the account. You can set default values by loading an account profile.

Typical usage scenarios

Here is a list of typical usage scenarios and what account types and modules you need to configure.

Address book entries:

Account types:

  • Users (Personal)

Unix accounts:

Account types:

  • Users (Personal + Unix)

  • Groups (Unix (posixGroup))

Suse users may need to use Group (Group of names + Unix (rfc2307bisPosixGroup)) because of Suse's special LDAP schema.

Samba 3 accounts:

Account types:

  • Users (Personal + User + Samba 3)

  • Groups (Unix + Samba 3)

  • Hosts (Account + Unix + Samba 3)

  • Samba domains (Samba domain)

Samba 4:

Account types:

  • Users (Windows)

  • Groups (Windows)

  • Hosts (Windows)

Please note that must change the attributes that are shown in the account lists. Otherwise, the account tables will show empty lines. See the documentation for the Windows user/group/host modules.

For Samba 4 with Zarafa use the following modules:

  • Users (Windows + Zarafa (+ Zarafa contact))

  • Groups (Windows + Zarafa)

  • Hosts (Windows + Zarafa)

  • Zarafa dynamic groups (Zarafa dynamic group)

  • Zarafa address lists (Zarafa address list)

See also the Zarafa section for additional settings (e.g. using Zarafa AD schema).

Asterisk:

Account types:

  • Users (Personal + Asterisk)

  • Asterisk extensions (Asterisk extension)

Zarafa:

Account types:

  • Users (Personal + Unix + Zarafa (+ Zarafa contact))

  • Groups (Unix + Zarafa)

  • Zarafa dynamic groups (Zarafa dynamic group)

  • Zarafa address lists (Zarafa address list)

  • Hosts (Device + Zarafa + IP Address)