File: ch06s03.html

package info (click to toggle)
ldap-account-manager 3.7-2
  • links: PTS
  • area: main
  • in suites: wheezy
  • size: 34,660 kB
  • sloc: php: 49,813; perl: 305; makefile: 169; sh: 156; pascal: 132; xml: 111
file content (62 lines) | stat: -rw-r--r-- 9,494 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Edit your new profile</title><link rel="stylesheet" type="text/css" href="style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="LDAP Account Manager - Manual"><link rel="up" href="ch06.html" title="Chapter6.Self service (LAM Pro)"><link rel="prev" href="ch06s02.html" title="Creating a self service profile"><link rel="next" href="ch06s04.html" title="Adapt the self service to your corporate design"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Edit your new profile</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch06s02.html">Prev</a></td><th width="60%" align="center">Chapter6.Self service (LAM Pro)</th><td width="20%" align="right"><a accesskey="n" href="ch06s04.html">Next</a></td></tr></table><hr></div><div class="section" title="Edit your new profile"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp5970272"></a>Edit your new profile</h2></div></div></div><div class="section" title="Basic settings"><div class="titlepage"><div><div><h3 class="title"><a name="idp5970912"></a>Basic settings</h3></div></div></div><p>On top of the page you see the link to the user login page. Copy
        this link address and give it to your users.</p><p>Below the link you can specify several options.</p><div class="screenshot"><div class="mediaobject"><img src="images/conf4.jpg"></div></div><div class="table"><a name="idp5974096"></a><p class="title"><b>Table6.1.General options</b></p><div class="table-contents"><table summary="General options" border="1"><colgroup><col><col></colgroup><tbody><tr><td>Server address</td><td>The address of your LDAP server</td></tr><tr><td>LDAP suffix</td><td>The part of the LDAP tree where LAM should search for
                users</td></tr><tr><td>LDAP user + password</td><td>The DN and password which is used to search for users
                in the LDAP database. It is sufficient if this DN has only
                read rights. If you leave these fields empty LAM will try to
                connect anonymously.</td></tr><tr><td>LDAP search attribute</td><td>Here you can specify if your users can login with user
                name + password, email + password or other attributes.</td></tr><tr><td>HTTP authentication</td><td>You can enable HTTP authentication for your users. This
                way the web server is responsible to authenticate your users.
                LAM will use the given user name + password for the LDAP
                login. To setup HTTP authentication in Apache please see this
                <a class="ulink" href="http://httpd.apache.org/docs/2.2/howto/auth.html" target="_top">link</a>.</td></tr><tr><td>Login attribute label</td><td>This is the description for the LDAP search attribute.
                Set it to something which your users are familiar
                with.</td></tr><tr><td>Login caption</td><td>This text is displayed at the login page. You can input
                HTML, too.</td></tr><tr><td>Main page caption</td><td>This text is displayed at self service main page where
                your users change their data. You can input HTML, too.</td></tr><tr><td>Page header</td><td>This HTML code will be placed on top of all self
                service pages. E.g. you can use this to place your custom
                logo. Any HTML code is permitted.</td></tr><tr><td>Additional CSS links</td><td>Here you can specify additional CSS links to change the
                layout of the self service pages. This is useful to adapt them
                to your corporate design. Please enter one link per
                line.</td></tr></tbody></table></div></div><br class="table-break"></div><div class="section" title="Page layout"><div class="titlepage"><div><div><h3 class="title"><a name="idp5989792"></a>Page layout</h3></div></div></div><p>On the bottom you can specify what input fields your users can
        see. It is also possible to group several input fields.</p><div class="screenshot"><div class="mediaobject"><img src="images/conf5.jpg"></div></div></div><div class="section" title="Password self reset"><div class="titlepage"><div><div><h3 class="title"><a name="PasswordSelfReset"></a>Password self reset</h3></div></div></div><p><span class="bold"><strong>Settings</strong></span></p><p>You can allow your users to reset their passwords themselves.
        This will reduce your administrative costs for cases where users
        forget their passwords.</p><p>To enable this feature please activate the checkbox "Enable
        password self reset link":</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset1.png"></div></div><p>You can now configure the minimum answer length for password
        reset answers. This is checked when you allow you users to specify
        their answers via the self service. Additionally, you can specify the
        text of the password reset link (default: "Forgot password?"). The
        link is displayed below the password field on the self service login
        page.</p><p>Next, please enter the DN and password of an LDAP entry that is
        allowed to reset the passwords. This entry needs write access to the
        attributes shadowLastChange, pwdAccountLockedTime and userPassword. It
        also needs read access to uid, mail, passwordSelfResetQuestion and
        passwordSelfResetAnswer. Please note that LAM Pro saves the password
        on your server file system. Therefore, it is required to protect your
        server against unauthorised access.</p><p>Please also specify the list of password reset questions that
        the user can choose.</p><div class="literallayout"><p></p></div><p>You can inform your users via mail about their password change.
        The mail can include the new password by using the special wildcard
        "@@newPassword@@". Additionally, you may want to insert other
        wildcards that are replaced by the corresponding LDAP attributes. E.g.
        "@@uid@@" will be replaced by the user name.</p><div class="literallayout"><p></p></div><p>LAM Pro can send your users an email with a confirmation link to
        validate their email address. Of course, this should only be used if
        the email account is independent from the user password (e.g. at
        external provider). The mail must include the confirmation link by
        using the special wildcard "@@resetLink@@". Additionally, you may want
        to insert other wildcards that are replaced by the corresponding LDAP
        attributes. E.g. "@@uid@@" will be replaced by the user name.</p><p>There is also an option to skip the security question at all if
        email verification is enabled. In this case the password can be reset
        directly after clicking on the confirmation link. Please handle with
        care since anybody with access to the user's mail account can reset
        the password.</p><p><span class="bold"><strong>New fields for self service
        page</strong></span></p><p>There are two new fields that you may put on the self service
        page for your users. These fields allow them to change the reset
        question and its answer.</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset2.png"></div></div><p>This is an example how can be presented to your users on the
        self service page:</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset3.png"></div></div><p><span class="bold"><strong>Password reset link</strong></span></p><p>After activating the password self reset feature there will be a
        new link on the self service login page. The text can be configured as
        described above (default: "Forgot password?").</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset4.png"></div></div><p>When a user clicks on the link then he will be asked for
        identification with his user name and email address.</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset5.png"></div></div><p>LAM Pro will use this information to find the correct LDAP entry
        of this user. It then displays the user's security question and input
        fields for his new password. If the answer is correct then the new
        password will be set. Additionally, pwdAccountLockedTime will be
        removed and shadowLastChange updated to the current time if
        existing.</p><div class="screenshot"><div class="mediaobject"><img src="images/passwordSelfReset6.png"></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch06s02.html">Prev</a></td><td width="20%" align="center"><a accesskey="u" href="ch06.html">Up</a></td><td width="40%" align="right"><a accesskey="n" href="ch06s04.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Creating a self service profile</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">Adapt the self service to your corporate design</td></tr></table></div></body></html>