1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter3.Managing entries in your LDAP directory</title><link rel="stylesheet" type="text/css" href="style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="LDAP Account Manager - Manual"><link rel="up" href="index.html" title="LDAP Account Manager - Manual"><link rel="prev" href="ch02s02.html" title="Server profiles"><link rel="next" href="ch03s02.html" title="Groups"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter3.Managing entries in your LDAP directory</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch02s02.html">Prev</a></td><th width="60%" align="center"></th><td width="20%" align="right"><a accesskey="n" href="ch03s02.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter3.Managing entries in your LDAP directory"><div class="titlepage"><div><div><h2 class="title"><a name="idp5468800"></a>Chapter3.Managing entries in your LDAP directory</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="ch03.html#idp5492224">Users</a></span></dt><dd><dl><dt><span class="section"><a href="ch03.html#idp5493120">Personal</a></span></dt><dt><span class="section"><a href="ch03.html#idp5535440">Unix</a></span></dt><dt><span class="section"><a href="ch03.html#idp5542000">Shadow</a></span></dt><dt><span class="section"><a href="ch03.html#idp5545008">Password self reset (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03.html#idp5556976">Hosts</a></span></dt><dt><span class="section"><a href="ch03.html#idp5562112">Samba 3</a></span></dt><dt><span class="section"><a href="ch03.html#idp5568320">Filesystem quota (lamdaemon)</a></span></dt><dt><span class="section"><a href="ch03.html#idp5573072">Filesystem quota (LDAP)</a></span></dt><dt><span class="section"><a href="ch03.html#idp5577760">Kolab</a></span></dt><dt><span class="section"><a href="ch03.html#idp5581856">Asterisk</a></span></dt><dt><span class="section"><a href="ch03.html#idp5583632">EDU person</a></span></dt><dt><span class="section"><a href="ch03.html#idp5586576">Password policy (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03.html#idp5591904">FreeRadius</a></span></dt><dt><span class="section"><a href="ch03.html#idp5599728">Heimdal Kerberos (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03.html#idp5608576">Mail routing</a></span></dt><dt><span class="section"><a href="ch03.html#idp5611680">SSH keys</a></span></dt><dt><span class="section"><a href="ch03.html#idp5615344">Authorized services</a></span></dt><dt><span class="section"><a href="ch03.html#idp5620400">IMAP mailboxes</a></span></dt><dt><span class="section"><a href="ch03.html#s_account">Account</a></span></dt></dl></dd><dt><span class="section"><a href="ch03s02.html">Groups</a></span></dt><dd><dl><dt><span class="section"><a href="ch03s02.html#idp5634864">Unix</a></span></dt><dt><span class="section"><a href="ch03s02.html#idp5637888">Unix groups with rfc2307bis schema (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s02.html#idp5644880">Samba 3</a></span></dt><dt><span class="section"><a href="ch03s02.html#idp5647840">Quota</a></span></dt></dl></dd><dt><span class="section"><a href="ch03s03.html">Hosts</a></span></dt><dd><dl><dt><span class="section"><a href="ch03s03.html#idp5652256">Account</a></span></dt><dt><span class="section"><a href="ch03s03.html#idp5654032">Device (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s03.html#idp5657120">Samba 3</a></span></dt><dt><span class="section"><a href="ch03s03.html#idp5661680">IP addresses (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s03.html#idp5667792">MAC addresses</a></span></dt></dl></dd><dt><span class="section"><a href="ch03s04.html">Samba 3 domains</a></span></dt><dt><span class="section"><a href="ch03s05.html">Group of (unique) names (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s06.html">Asterisk</a></span></dt><dt><span class="section"><a href="ch03s07.html">Zarafa (LAM Pro)</a></span></dt><dd><dl><dt><span class="section"><a href="ch03s07.html#idp5699056">Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="ch03s08.html">DHCP</a></span></dt><dt><span class="section"><a href="ch03s09.html">Aliases (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s10.html">Mail aliases</a></span></dt><dt><span class="section"><a href="ch03s11.html">NIS net groups</a></span></dt><dt><span class="section"><a href="ch03s12.html">NIS objects (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s13.html">Automount objects (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s14.html">Password policies (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s15.html">Custom scripts (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s16.html">Sudo roles (LAM Pro)</a></span></dt><dt><span class="section"><a href="ch03s17.html">General information</a></span></dt><dt><span class="section"><a href="ch03s18.html">Tree view (LDAP browser)</a></span></dt><dt><span class="section"><a href="ch03s19.html">Typical usage scenarios</a></span></dt></dl></div><p>This chapter will give you instructions how to manage the different
LDAP entries in your directory.</p><p>Please note that not all account types are manageable with the free
LAM release. LAM Pro provides some more account types and modules to
support additional LDAP object classes.</p><p><span class="bold"><strong>Additional types:</strong></span></p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Group of names</p></li><li class="listitem"><p>Aliases</p></li><li class="listitem"><p>NIS objects</p></li><li class="listitem"><p>Sudo roles</p></li></ul></div><p><span class="bold"><strong>Additional modules:</strong></span></p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Group of names (groupOfNames)</p></li><li class="listitem"><p>Group of unique names (groupOfUniqueNames)</p></li><li class="listitem"><p>Unix (rfc2307bisPosixGroup)</p></li><li class="listitem"><p>Alias (aliasEntry)</p></li><li class="listitem"><p>User name (uidObject)</p></li><li class="listitem"><p>NIS object (nisObject)</p></li><li class="listitem"><p>Custom scripts (customScripts)</p></li><li class="listitem"><p>Sudo role (sudoRole)</p></li></ul></div><p><span class="bold"><strong>Basic page layout:</strong></span></p><p>After the login LAM will present you its main page. It consists of a
header part which is equal for all pages and the content area which covers
most the of the page.</p><p>The header part includes the links to manage all account types (e.g.
users and groups) and open the tree view (LDAP browser). There is also the
logout link and a tools entry.</p><p>When you login the you will see an account listing in the content
area.</p><div class="screenshot"><div class="mediaobject"><img src="images/mainpage.png"></div></div><p>Here you can create, delete and modify accounts. Use the action
buttons at the left or double click on an entry to edit it.</p><p>The suffix selection box allows you to list only the accounts which
are located in a subtree of your LDAP directory.</p><div class="screenshot"><div class="mediaobject"><img src="images/listConfig.png"></div></div><p>You can change the number of shown entries per page with "Change
settings". Depending on the account type there may be additional settings.
E.g. the user list can convert group numbers to group names.</p><p>When you select to edit an entry then LAM will show all its data on
a tabbed view. There is one tab for each functional part of the account.
You can set default values by loading an <a class="link" href="ch04.html#a_accountProfile" title="Profile editor">account profile</a>.</p><div class="screenshot"><div class="mediaobject"><img src="images/editView.png"></div></div><div class="section" title="Users"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp5492224"></a>Users</h2></div></div></div><p></p><div class="section" title="Personal"><div class="titlepage"><div><div><h3 class="title"><a name="idp5493120"></a>Personal</h3></div></div></div><p>This module is the most common basis for user accounts in LAM.
You can use it stand-alone to manage address book entries or in
combination with Unix, Samba or other modules.</p><p>The Personal module provides support for managing various
personal data of your users including mail addresses and telephone
numbers. You can also add photos of your users. If you do not need to
manage all attributes then you can deactivate them in your server
profile.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_personal.png"></div></div><p></p><div class="table"><a name="idp5496960"></a><p class="title"><b>Table3.1.LDAP attribute mappings</b></p><div class="table-contents"><table summary="LDAP attribute mappings" border="1"><colgroup><col><col></colgroup><thead><tr><th align="center">Attribute name</th><th align="center">Name inside LAM</th></tr></thead><tbody><tr><td>businessCategory</td><td>Business category</td></tr><tr><td>carLicense</td><td>Car license</td></tr><tr><td>cn/commonName</td><td>Common name</td></tr><tr><td>departmentNumber</td><td>Department(s)</td></tr><tr><td>description</td><td>Description</td></tr><tr><td>employeeNumber</td><td>Employee number</td></tr><tr><td>employeeType</td><td>Employee type</td></tr><tr><td>facsimileTelephoneNumber/fax</td><td>Fax number</td></tr><tr><td>givenName/gn</td><td>First name</td></tr><tr><td>homePhone</td><td>Home telephone number</td></tr><tr><td>initials</td><td>Initials</td></tr><tr><td>jpegPhoto</td><td>Photo</td></tr><tr><td>l</td><td>Location</td></tr><tr><td>mail/rfc822Mailbox</td><td>Email address</td></tr><tr><td>manager</td><td>Manager</td></tr><tr><td>mobile/mobileTelephoneNumber</td><td>Mobile number</td></tr><tr><td>organizationName/o</td><td>Organisation</td></tr><tr><td>physicalDeliveryOfficeName</td><td>Office name</td></tr><tr><td>postalAddress</td><td>Postal address</td></tr><tr><td>postalCode</td><td>Postal code</td></tr><tr><td>postOfficeBox</td><td>Post office box</td></tr><tr><td>registeredAddress</td><td>Registered address</td></tr><tr><td>roomNumber</td><td>Room number</td></tr><tr><td>sn/surname</td><td>Last name</td></tr><tr><td>st</td><td>State</td></tr><tr><td>street/streetAddress</td><td>Street</td></tr><tr><td>telephoneNumber</td><td>Telephone number</td></tr><tr><td>title</td><td>Job title</td></tr><tr><td>uid/userid</td><td>User name</td></tr><tr><td>userPassword</td><td>Password</td></tr></tbody></table></div></div><br class="table-break"></div><div class="section" title="Unix"><div class="titlepage"><div><div><h3 class="title"><a name="idp5535440"></a>Unix</h3></div></div></div><p>The Unix module manages Unix user accounts including group
memberships.</p><p></p><div class="screenshot"><div class="mediaobject"><img src="images/mod_unixUser.png"></div></div><p>You can also create home directories for your users if you setup
<a class="link" href="apd.html" title="AppendixD.Setup for home directory and quota management">lamdaemon</a>. This allows you to
create the directories on the local or remote servers.</p><p>It is also possible to check the status of the user's home
directories. If needed the directories can be created or removed at
any time.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_unixUserHomedir.png"></div></div></div><div class="section" title="Shadow"><div class="titlepage"><div><div><h3 class="title"><a name="idp5542000"></a>Shadow</h3></div></div></div><p>LAM supports the management of the LDAP substitution of
/etc/shadow. Here you can setup password policies for your Unix
accounts and also view the last password change of a user.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_shadow.png"></div></div></div><div class="section" title="Password self reset (LAM Pro)"><div class="titlepage"><div><div><h3 class="title"><a name="idp5545008"></a>Password self reset (LAM Pro)</h3></div></div></div><p>LAM Pro allows your users to reset their passwords by answering
a security question. The reset link is displayed on the <a class="link" href="ch06s03.html#PasswordSelfReset" title="Password self reset">self service page</a>. Additionally,
you can set question + answer in the admin interface.</p><p><span class="bold"><strong>Schema</strong></span></p><p>Please install the schema that comes with LAM Pro:
docs/schema/passwordSelfReset.schema or
docs/schema/passwordSelfReset.ldif</p><p>This allows to set a security question + answer for each
account.</p><p><span class="bold"><strong>Activate password self reset
module</strong></span></p><p>Please activate the password self reset module in your LAM Pro
server profile.</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset7.png"></div></div><p>Now select the tab "Module settings" and specify the list of
possible security questions. Only these questions will be selectable
when you later edit accounts.</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset8.png"></div></div><p><span class="bold"><strong>Edit users</strong></span></p><p>After everything is setup please login to LAM Pro and edit your
users. You will see a new tab called "Password self reset". Here you
can activate/remove the password self reset function for each user.
You can also change the security question and answer.</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset9.png"></div></div></div><div class="section" title="Hosts"><div class="titlepage"><div><div><h3 class="title"><a name="idp5556976"></a>Hosts</h3></div></div></div><p>You can specify a list of valid host names where the user may
login. If you add the value "*" then the user may login to any host.
This can be further restricted by adding explicit deny entries which
are prefixed with "!" (e.g. "!hr_server").</p><p>Please note that your PAM settings need to support host
restrictions. This feature is enabled by setting <span class="bold"><strong>pam_check_host_attr yes</strong></span> in your <span class="bold"><strong>/etc/pam_ldap.conf</strong></span>. When it is enabled then the
account facility of pam_ldap will perform the checks and return an
error when no proper host attribute is present. Please note that users
without host attribute cannot login to such a configured
server.</p><div class="screenshot"><div class="mediaobject"><img src="images/hostObject.png"></div></div></div><div class="section" title="Samba 3"><div class="titlepage"><div><div><h3 class="title"><a name="idp5562112"></a>Samba 3</h3></div></div></div><p>LAM supports full Samba 3 user management including logon hours
and terminal server options.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_samba3User1.png"></div></div><div class="screenshot"><div class="mediaobject"><img src="images/mod_samba3User2.png"></div></div><div class="screenshot"><div class="mediaobject"><img src="images/mod_samba3User3.png"></div></div></div><div class="section" title="Filesystem quota (lamdaemon)"><div class="titlepage"><div><div><h3 class="title"><a name="idp5568320"></a>Filesystem quota (lamdaemon)</h3></div></div></div><p>You can manage file system quotas with LAM. This requires to
setup <a class="link" href="apd.html" title="AppendixD.Setup for home directory and quota management">lamdaemon</a>. LAM connects to
your server via SSH and manages the disk filesystem quotas. The quotas
are stored directly on the filesystem. This is the default mechanism
to store quotas for most systems.</p><p>Please add the module "Quota (quota)" for users to your LAM
server profile to enable this feature.</p><p>If you store the quota information directly inside LDAP please
see the next section.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_quotaUser.png"></div></div></div><div class="section" title="Filesystem quota (LDAP)"><div class="titlepage"><div><div><h3 class="title"><a name="idp5573072"></a>Filesystem quota (LDAP)</h3></div></div></div><p>You can store your filesystem quotas directly in LDAP. See
<a class="ulink" href="http://sourceforge.net/projects/linuxquota/" target="_top">Linux
DiskQuota</a> for details since it requires quota tools that
support LDAP. You will need to install the quota LDAP schema to manage
the object class "systemQuotas".</p><p>Please add the module "Quota (systemQuotas)" for users to your
LAM server profile to enable this feature.</p><p>If you store the quota information on the filesystem please see
the previous section.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_systemQuotas.png"></div></div></div><div class="section" title="Kolab"><div class="titlepage"><div><div><h3 class="title"><a name="idp5577760"></a>Kolab</h3></div></div></div><p>This module supports to manage Kolab accounts with LAM. E.g. you
can set the user's mail quota and define invitation policies.</p><p>Please enter an email address at the Personal page and set a
Unix password first. Both are required that Kolab accepts the
accounts.</p><p>Kolab users should not be directly deleted with LAM. You can
mark an account for deletion which then is done by the Kolab server
itself. This makes sure that the mailbox etc. is also deleted.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_kolab.png"></div></div></div><div class="section" title="Asterisk"><div class="titlepage"><div><div><h3 class="title"><a name="idp5581856"></a>Asterisk</h3></div></div></div><p>LAM supports Asterisk accounts, too. See the <a class="link" href="ch03s06.html" title="Asterisk">Asterisk</a> section for details.</p></div><div class="section" title="EDU person"><div class="titlepage"><div><div><h3 class="title"><a name="idp5583632"></a>EDU person</h3></div></div></div><p>EDU person accounts are mainly used in university networks. You
can specify the principal name, nick names and much more.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_eduPerson.png"></div></div></div><div class="section" title="Password policy (LAM Pro)"><div class="titlepage"><div><div><h3 class="title"><a name="idp5586576"></a>Password policy (LAM Pro)</h3></div></div></div><p>OpenLDAP supports the <a class="ulink" href="http://linux.die.net/man/5/slapo-ppolicy" target="_top">ppolicy</a> overlay
to manage password policies for LDAP entries. LAM Pro supports <a class="link" href="ch03s14.html" title="Password policies (LAM Pro)">managing the policies</a> and assigning them to
user accounts.</p><p>Please add the account type "Password policies" to your LAM
server profile and activate the "Password policy" module for the user
type.</p><div class="screenshot"><div class="mediaobject"><img src="images/ppolicyUser.png"></div></div><p>You can assign any password policy which is found in the LDAP
suffix of the "Password policies" type. When you set the policy to
"default" then OpenLDAP will use the default policy as defined in your
slapd.conf file.</p></div><div class="section" title="FreeRadius"><div class="titlepage"><div><div><h3 class="title"><a name="idp5591904"></a>FreeRadius</h3></div></div></div><p>FreeRadius is a software that implements the RADIUS
authentication protocol. LAM allows you to mange several of the
FreeRadius attributes.</p><p>To activate the FreeRadius plugin please activate the FreeRadius
user module in your server profile:</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_freeRadius1.png"></div></div><p>You can disable unneeded fields on the tab "Module
settings":</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_freeRadius2.png"></div></div><p>Now you will see the tab "FreeRadius" when editing users. The
extension can be (de)activated for each user. You can setup e.g.
realm, IP and expiration date.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_freeRadius3.png"></div></div></div><div class="section" title="Heimdal Kerberos (LAM Pro)"><div class="titlepage"><div><div><h3 class="title"><a name="idp5599728"></a>Heimdal Kerberos (LAM Pro)</h3></div></div></div><p>You can manage your Heimdal Kerberos accounts with LAM Pro.
Please add the user module "Heimdal Kerberos" to activate this
feature.</p><p><span class="bold"><strong>Setup password changing</strong></span></p><p>LAM Pro cannot generate the password hashes itself because
Heimdal uses a propietary format for them. Therefore, LAM Pro needs to
call e.g. kadmin to set the password.</p><p>The wildcards @@password@@ and @@principal@@ are replaced with
password and principal name. Please use keytab authentication for this
command since it must run without any interaction.</p><p>Example to create a keytab: ktutil -k /root/lam.keytab add -p
lam@LAM.LOCAL -e aes256-cts-hmac-sha1-96 -V 1</p><p>Security hint: Please secure your LAM Pro server since the new
passwords will be visible for a short term in the process list during
password change.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_kerberos2.png"></div></div><p><span class="bold"><strong>User management</strong></span></p><p>You can specify the principal/user name, ticket lifetimes and
expiration dates.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_kerberos1.png"></div></div></div><div class="section" title="Mail routing"><div class="titlepage"><div><div><h3 class="title"><a name="idp5608576"></a>Mail routing</h3></div></div></div><p>LAM supports to manage mail routing for user accounts. You can
specify a routing address, the mail server and a number of local
addresses to route. This feature can be activated by adding the "Mail
routing" module to the user account type in your server
profile.</p><div class="screenshot"><div class="mediaobject"><img src="images/mailRouting.png"></div></div></div><div class="section" title="SSH keys"><div class="titlepage"><div><div><h3 class="title"><a name="idp5611680"></a>SSH keys</h3></div></div></div><p>You can manage your public keys for SSH in LAM if you installed
the <a class="ulink" href="http://code.google.com/p/openssh-lpk/" target="_top">LPK patch for
SSH</a>. Activate the "SSH public key" module for users in the
server profile and you can add keys to your user entries.</p><div class="screenshot"><div class="mediaobject"><img src="images/ldapPublicKey.png"></div></div></div><div class="section" title="Authorized services"><div class="titlepage"><div><div><h3 class="title"><a name="idp5615344"></a>Authorized services</h3></div></div></div><p>You can setup PAM to check if a user is allowed to run a
specific service (e.g. sshd) by reading the LDAP attribute
"authorizedService". This way you can manage all allowed services via
LAM.</p><p></p><p>To activate this PAM feature please setup your <span class="bold"><strong>/etc/libnss-ldap.conf</strong></span> and set
"pam_check_service_attr" to "yes".</p><p></p><p>Inside LAM you can now set the allowed services. You may also
setup default services in your account profiles.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_authorizedServices.png"></div></div></div><div class="section" title="IMAP mailboxes"><div class="titlepage"><div><div><h3 class="title"><a name="idp5620400"></a>IMAP mailboxes</h3></div></div></div><p>LAM may create and delete mailboxes on an IMAP server for your
user accounts. You will need an IMAP server that supports either SSL
or TLS for this feature.</p><p>To activate the mailbox management module please add the
"Mailbox (imapAccess)" module for the type user in your LAM server
profile:</p><div class="screenshot"><div class="mediaobject"><img src="images/imapAccess1.png"></div></div><p>Now configure the module on the tab "Module settings". Here you
can specify the IMAP server name, encryption options, the
authentication for the IMAP connection and the valid mail domains. LAM
can use either your LAM login password for the IMAP connection or
display a dialog where you need to enter the password. The mail
domains specify for which accounts mailboxes may be created/deleted.
E.g. if you enter "lam-demo.org" then mailboxes can be managed for
"user@lam-demo.org" but not for "user@example.com".</p><p>You need to install the SSL certificate of the CA that signed
your server certificate. This is usually done by installing the
certificate in /etc/ssl/certs. Different Linux distributions may offer
different ways to do this. For Debian please copy the certificate in
"/usr/local/share/ca-certificates" and run "update-ca-certificates" as
root.</p><p>It is not recommended to disable the validation of IMAP server
certificates.</p><div class="screenshot"><div class="mediaobject"><img src="images/imapAccess2.png"></div></div><p>When you edit an user account then you will now see the tab
"Mailbox". Here you can create/delete the mailbox for this
user.</p><div class="screenshot"><div class="mediaobject"><img src="images/imapAccess3.png"></div></div></div><div class="section" title="Account"><div class="titlepage"><div><div><h3 class="title"><a name="s_account"></a>Account</h3></div></div></div><p>This is a very simple module to manage accounts based on the
object class "account". Usually, this is used for host accounts only.
Please pay attention that users based on the "account" object class
cannot have contact information (e.g. telephone number) as with
"inetOrgPerson".</p><p>You can enter a user/host name and a description for your
accounts.</p><div class="screenshot"><div class="mediaobject"><img src="images/mod_account.png"></div></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch02s02.html">Prev</a></td><td width="20%" align="center"></td><td width="40%" align="right"><a accesskey="n" href="ch03s02.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Server profiles</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">Groups</td></tr></table></div></body></html>
|
