Hi. I have trouble with language switch. It simply don't switch anything. No matter what language I choose. I've tried login and logout, change default locale in profile settings - language is still english.

OS Ubuntu 18.04 LTS
ldap-account-manager/now 7.4-1 all [installed,local] webfrontend for managing accounts in an LDAP directory

Can you point me what am I doing wrong?

Hi,

I have justed started lam using docker, and I get an error 404 after URL rewrited to /lam

I jumped into the container and noticed /etc/ldap-acount-mamager/apache.conf is missing

I cannot find this configuration file in the tar.bz2 archive...

I don't know if it only appears on kubernetes, but when the container starts it crashes with this message:

apache2: Syntax error on line 222 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/conf-enabled/ldap-account-manager.conf: No such file or directory

Maybe the path is incorrect?

There is a problem with the TreeView with PHP 7.3. I haven't tested any other PHP Version but from the mailing list it seems that PHP 7.2 works fine.

The problem is in the AJAXTree.php file from PLA.
The tree will show the "alt" +- Text instead of an expand/collapse icon as the code for the icons does not work and since the code relies on the displayed icon name to decide on further action, no action will be carried out since no icon was loaded.

>/usr/share/ldap-account-manager/templates/3rdParty/pla/lib#` diff AJAXTree.php.old AJAXTree.php
> 68,69c65,66
<               $imgs['expand'] = array('tree_expand.png','tree_expand.png','tree_expand_corner.png',
<                       ($level > 0) ? 'tree_expand_corner.png' : 'tree_expand_corner_first.png');
---
>               $imgs['expand'] = array('tree_expand.png','tree_expand.png','tree_expand_corner.png');
>               $imgs['expand'][3] = ($level > 0) ? 'tree_expand_corner.png' : 'tree_expand_corner_first.png';
71,72c68,69
<               $imgs['collapse'] = array('tree_collapse.png','tree_collapse.png','tree_collapse_corner.png',
<                       ($level > 0) ? 'tree_collapse_corner.png' : 'tree_collapse_corner_first.png');
---
>               $imgs['collapse'] = array('tree_collapse.png','tree_collapse.png','tree_collapse_corner.png');
>               $imgs['collapse'][3] = ($level > 0) ? 'tree_collapse_corner.png' : tree_collapse_corner_first.png';

The issue is that code with inline-conditioning the $level variable results not in an Array but returns UNKNOWN.
I'm no expert on PHP7, so my local quick fix was to just build the array with the three static entries and add the fourth value with the condition.

Now an array will be successfully build and the tree can be expanded/collapsed.

Settings for custom fields of account type "Groups" are not saved and cannot be deleted.

To reproduce do the following:
Under LAM Login > LAM configuration > Edit server profiles > Modules
Add "Custom fields" module

Under "Module settings" select "Create new group"
Account type: Groups
Alias: Foobar

Under Foobar group "Add new field"
Name: Foobar
Label: Foobar
Attribute name: Foobar
Type: Checkbox

Then click on the x to delete the field Foobar and see that it doesn't get deleted.

Then enter the following info for field Foobar:
Value for "checked": 1
Value for "unchecked": 0
Click the Save button at the bottom of the page
Message "Your settings were successfully saved" is displayed
Return to field Foobar and see that settings for checked/unchecked where not saved.
Settings are also not saved for other field types such as "Text field".

When I use docker to install lam, I find it has the following problem.

Then I have noticed the similar issues, #95 and #83 , So I tried to run the instance without volumes and copy the config folder to the shared folder, but it still failed. In fact, the config is exist.

docker run -p 40011:80 -it -d --name lam --volume /home/wwwroot/lam.xx.cn/data/config:/var/lib/ldap-account-manager/config --volume /home/wwwroot/lam.xx.cn/data/etc:/etc/ldap-account-manager --env LAM_SKIP_PRECONFIGURE=true ldapaccountmanager/lam:stable

It can be seen that the config and etc folders both have config.cfg.

Hello,
i write a own schema:

attributetype ( 1.3.6.1.4.1.xxxxx.1.1.1.1
NAME 'sapuser'
DESC 'SAP Benutzer'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.xxxxx.1.1.1.2
NAME 'saplizenz'
DESC 'SAP Lizenz'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.xxxxx.2.1.1.1
NAME 'sap'
DESC 'SAP Daten'
SUP top
AUXILIARY
MAY (
sapuser $ saplizenz )
)

but how can i add this new ObjectClass to new and all existing users?
Manual everything works: i add the new ObjectClass to a user and with the LAM Modul "Custom Fields" i can write in this fields, but ONLY on users there have the new ObjectClass "sap".

Any ideas?

Hi, when i use tree view, LAM give me blow error!

Error
Unrecognized error number: 8192: Function mcrypt_encrypt() is deprecated
PHP Debug Backtrace
File /data/www/lam/templates/3rdParty/pla/lib/functions.php (161)
Function error (a:5:{i:0;s:72:"Unrecognized error number: 8192: Fu...)
File /data/www/lam/lib/security.inc (591)
Function app_error_handler (a:5:{i:0;i:8192;i:1;s:39:"Function mcrypt_encrypt(...)
File /data/www/lam/lib/modules.inc (2209)
Function lamEncrypt (a:1:{i:0;s:2:"N;";})
File /data/www/lam/lib/modules.inc ()
Function __sleep (a:0:{})

I get the following error in docker logs when I run the container

starting container failed: oci runtime error: container_linux.go:265: starting container process caused "chdir to cwd (\"/var/lib/ldap-account-manager/config\") set in config.json failed: no such file or directory"

Here is a stripped version of my compose configuration

  ldapaccountmanager:
    image: ldapaccountmanager/lam:stable
    volumes:
      - ${SHARED_FOLDER}/ldap/lam/etc:/etc/ldap-account-manager
      - ${SHARED_FOLDER}/ldap/lam/var:/var/lib/ldap-account-manager
    environment:
      - LDAP_DOMAIN=mydomain.com
      - LDAP_SERVER=ldap://ldap:389
      - LDAP_USER=cn=admin,dc=mydomain,dc=com
      - LAM_PASSWORD=password
      - LDAP_ORGANISATION=myOrg
      - LDAP_ADMIN_PASSWORD=mypass

I can reproduce the same issue if I mount the subfolders config and sess directly

    volumes:
      - ${SHARED_FOLDER}/ldap/lam/etc/:/etc/ldap-account-manager
      - ${SHARED_FOLDER}/ldap/lam/config/:/var/lib/ldap-account-manager/config
      - ${SHARED_FOLDER}/ldap/lam/session/:/var/lib/ldap-account-manager/sess

reprodution workflow:

• spawn the container on docker swarm with the volumes mounted to file system. (choose one of the configs provided above. SHARED_FOLDER can be an environment variable that targets any directory of your choosing)
• with docker service ps and docker service logs commands, diagnose the file config.cfg must be created

sed: can't read /etc/ldap-account-manager/config.cfg: No such file or directory

• use docker run and docker cp command to get the file from a fresh container that has no volume mounted. Put the file at ${SHARED_FOLDER}/ldap/lam/etc/config.cfg
• diagnose the error from docker service logs

sed: can't read /var/lib/ldap-account-manager/config/lam.conf: No such file or director

• use docker run and docker cp command to get the file from a fresh container that has no volume mounted. put the file at ${SHARED_FOLDER}/ldap/lam/config/lam.conf
• run the container again. notice with docker service logs that the container is running.
• try to access the container without success
• check docker logs to notice the error

starting container failed: oci runtime error: container_linux.go:265: starting container process caused "chdir to cwd (\"/var/lib/ldap-account-manager/config\") set in config.json failed: no such file or directory"

I noticed another user got a similar issue: #83

I'm attempting to run LAM in a k8s deployment. It was very easy to get going (nice work!). One thing that doesn't work well in this situation is configuration. It's standard in k8s to use ConfigMaps to configure applications however these must be mounted read-only. LAM seems to insist that it's config files be read/write which does not work well in the world of immutable infrastructure. Please consider redesigning this.

tired installing diff vers through rpm in centos and not sure if any dependence i need to install further
getting this below error and site shows bank:
[Mon Nov 30 08:27:31.467765 2020] [:error] [pid 22886] [client 10.250.1.241:35004] PHP Parse error: syntax error, unexpected 'class' (T_CLASS), expecting identifier (T_STRING) or variable (T_VARIABLE) or '{' or '$' in /usr/share/ldap-account-manager/lib/selfService.inc on line 538
any help will be grateful.. Thanks all!!

Hello,

is it possible to change the password using the PASSMOD operation instead of a MOD operation? I am using smbkrb5pwd (https://github.com/opinsys/smbkrb5pwd) to keep passwords between LDAP and Kerberos in sync, this LDAP overlay executes after a PASSMOD operation to change the password in Kerberos. This works well with ldapscripts as well as executing passwd for a logged in user, but LDAP Account Manager is the only tool I use that does not use that operation and instead modifies just the userPassword attribute.

Here is the difference I can see in the log entries if I change a passrod in LAM and using passwd, respectively:

Mar 6 13:20:48 ldapserver slapd[3250]: conn=2235 op=3 MOD attr=userPassword

Mar 6 13:25:13 ldapserver slapd[3250]: conn=2242 op=1 PASSMOD id="cn=testuser,ou=People,dc=my,dc=domain" new

Thank you

Hi,

When trying to use TLS to connect to a OpenLDAP server, I always get:

openldap    | 5ecac663 conn=1000 fd=12 ACCEPT from IP=172.30.0.3:56698 (IP=0.0.0.0:389)
openldap    | 5ecac663 conn=1000 op=0 EXT oid=1.3.6.1.4.1.1466.20037
openldap    | 5ecac663 conn=1000 op=0 STARTTLS
openldap    | 5ecac663 conn=1000 op=0 RESULT oid= err=0 text=
openldap    | 5ecac663 conn=1000 fd=12 TLS established tls_ssf=256 ssf=256
lam         | [Sun May 24 19:09:23.049602 2020] [php7:warn] [pid 17] [client 81.240.4.190:51074] PHP Warning:  ldap_start_tls(): Unable to start TLS: Connect error in /usr/share/ldap-account-manager/lib/account.inc on line 733, referer: http://13.94.145.182/lam/templates/login.php
openldap    | 5ecac663 conn=1000 fd=12 closed (connection lost)

After some research, I found that your docker built is missing a parameter in /etc/ldap.conf. To resolve this,

• I just added a link to the /etc/ldap/ldap.conf file.
• And added a line to this file: TLS_REQCERT never.

Then, it works fine. Is it possible to add this to your Dockerfile and your docker image?

RUN ln -s /etc/ldap/ldap.conf /etc/ldap.conf
RUN echo "TLS_REQCERT never >> /etc/ldap/ldap.conf

Regards,

Vincent

Hi,
I got some feedback from my users that the password's font in the generated pdf can be hard to read. Especially combinations of i,I,l,o,O,0 can be hard to distinguish because of the sans serif font.

I changed the lamPDF.inc and pdf.inc file to use a second font (I chose InconsolataLGCMarkup, which is open source and optimized for distinguishing different symbols). It would be nice if this could be implemented in the next version. I added my code but I'm not sure if this is the best way to implement it.

pdf.zip

I give this error message.

Notice: Undefined index: account in /opt/ldap-account-manager-5.6.RC1/templates/account/edit.php on line 120

Fatal error: Call to a member function continue_main() on a non-object in /opt/ldap-account-manager-5.6.RC1/templates/account/edit.php on line 120

We run LAM Pro 7.2 (on Solaris 11.4 SRU 21, PHP 7.3.15 and OpenLDAP 2.4.48) and are currently in the process of testing a migration path from pure posixGroups to RFC2307bis-02 groups in order to have the "memberOf" overlay which more and more web tools need.

We plan to use groups having the "groupOfMembers" as a structural object class and "posixGroup" as an auxiliary object class.

We came across the following bug (or missing feature?):

Activating "posixGroup_autoSyncGon" in the profile's module settings is only possible when the type of groups which are used are

• groupOfNames
• groupOfUniqueNames

When using the "groupOfMembers" variant (according to RFC2307bis-02 from 2009), the option of doing an enforced auto-synchronization between the posixGroup and the groupOfMembers records does not seem to be available in LAM Pro.

Trying to configure lamdaemon.pl and it fails to properly connect over SSH.
It seems lib/remote.inc might not be getting setup properly.

Our environment: LAM is running on an Ubuntu 18.04 server, 'webfrontend.local', and NFS is running on a CentOS7 (SELinux permissive) server, 'nfs.local'

Followed instructions to setup lamdaemon.pl:
[ https://www.ldap-account-manager.org/static/doc/manual/apds02.html ]

But while verifying setup with Tools>Tests>lamdaemon test, it seems not to connect properly over SSH:
[ https://webfrontend.local/lam/templates/tests/lamdaemonTest.php ]

Confirmed components work properly:
SSH: from shell webfrontend.local >> [email protected] with using both password and publickey
SUDO: [email protected] is set to NOT require_tty and NOT reset_env , also NOPASSWORD
LAM: from shell lamdaemon.pl works when used directly
-locally on [email protected]: % sudo /usr/share/ldap-account-manager/lib/lamdaemon.pl +###x##y##x###test###x##y##x###quota
-remotely over SSH from webfrontend.local: % ssh [email protected] "sudo /usr/share/ldap-account-manager/lib/lamdaemon.pl +###x##y##x###test###x##y##x###quota"

Problem:
LAM allows one to either connect with using password or publickey. however both fail with different errors from webfrontend.local:
password: error >> "sudo: no tty present and no askpass program specified"
(I did manage to dig into lib/remote.inc and this will execute properly, if 'exec' does NOT use sudo)
publickey: fails to connect at all;
(Documentation is NOT clear on even where to put the SSH private key so that webserver can even reach it)

   I can't seem to tickle out any logging what is  incorrectly configured. 
   Please let me know if I can provide any further details.
   
   Appreciate you looking into this issue. 

I'm attempting to run LAM in a k8s deployment. It was very easy to get going (nice work!). One thing that doesn't work well in this situation is logging. Is it possible to configure the application logger to write to stderr/stdout so that k8s can more easily capture the output? I tried to set the log file to /dev/stdout, but that didn't seem to work.

I copied docker-compose.yml and .env from lam-packing/docker and change volumns to use local mapping one, so that I can store data inside the folder where docker-compose.yml located. It just couldn't work.

here's the major error : " sed: can't read /etc/ldap-account-manager/config.cfg: No such file or directory "

I would like a demo that can be up with docker-compose itself, without the need to change folder privileges or group, etc.

here's the docker-compose.yml. Can you guys share a docker-compose.yml file that can work?

version: '3.5'
services:
  ldap-account-manager:
#    build:
#      context: .
    image: ldapaccountmanager/lam:7.3
    restart: unless-stopped
    ports:
      - "8080:80"
    volumes:
      - ./lametc/:/etc/ldap-account-manager
      - ./lamconfig/:/var/lib/ldap-account-manager/config
      - ./lamsession/:/var/lib/ldap-account-manager/sess
    environment:
      - LAM_PASSWORD=${LAM_PASSWORD}
      - LAM_LANG=en_US
      - LDAP_SERVER=${LDAP_SERVER}
      - LDAP_DOMAIN=${LDAP_DOMAIN}
      - LDAP_BASE_DN=${LDAP_BASE_DN}
      - ADMIN_USER=cn=admin,${LDAP_BASE_DN}
      - DEBUG=true
  ldap:
    image: osixia/openldap:latest
    restart: unless-stopped
    environment:
      - LDAP_ORGANISATION=${LDAP_ORGANISATION}
      - LDAP_DOMAIN=${LDAP_DOMAIN}
      - LDAP_BASE_DN=${LDAP_BASE_DN}
      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
      - LDAP_READONLY_USER=true
      - LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
    command: "--loglevel info --copy-service"
    volumes:
      - ./ldap:/var/lib/ldap
      - ./slapd:/etc/ldap/slapd.d

Docker image constantly restart in case if no license

Configuring LAM
+ LAM_LANG=en_US
+ export LAM_PASSWORD=lam
+ LAM_PASSWORD=lam
++ php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";'
PHP Notice:  A non well formed numeric value encountered in Command line code on line 1
+ LAM_PASSWORD_SSHA='{SSHA}vpGllUu49PsGPuQ37rAkmwSFTOw= iudqNA=='
+ LDAP_SERVER=ldap://ldap:389
+ LDAP_DOMAIN=my-domain.com
+ LDAP_BASE_DN=dc=my-domain,dc=com
+ LDAP_USERS_DN=dc=my-domain,dc=com
+ LDAP_GROUPS_DN=dc=my-domain,dc=com
+ LDAP_ADMIN_USER=cn=admin,dc=my-domain,dc=com
+ sed -i -f- /etc/ldap-account-manager/config.cfg
/usr/local/bin/start.sh: line 53: LAM_LICENSE: unbound variable
+ '[' '' == true ']'
+ sed -i -f- /etc/php/7.3/apache2/php.ini
+ LAM_SKIP_PRECONFIGURE=false
Configuring LAM
+ '[' false '!=' true ']'
+ echo 'Configuring LAM'
+ LAM_LANG=en_US
+ export LAM_PASSWORD=lam
+ LAM_PASSWORD=lam
++ php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";'
PHP Notice:  A non well formed numeric value encountered in Command line code on line 1
+ LAM_PASSWORD_SSHA='{SSHA}vJdXEaGwtV2sC3dgX/iMwFJ81pk= ibIhVQ=='
+ LDAP_SERVER=ldap://ldap:389
+ LDAP_DOMAIN=my-domain.com
+ LDAP_BASE_DN=dc=my-domain,dc=com
+ LDAP_USERS_DN=dc=my-domain,dc=com
+ LDAP_GROUPS_DN=dc=my-domain,dc=com
+ LDAP_ADMIN_USER=cn=admin,dc=my-domain,dc=com
+ sed -i -f- /etc/ldap-account-manager/config.cfg
/usr/local/bin/start.sh: line 53: LAM_LICENSE: unbound variable

Setup a openldap server by following https://www.certdepot.net/rhel7-configure-ldap-directory-service-user-connection/.

And setup apache+php environment, then setup LAM, but it fails and report the following error when I login as manager.

LDAP error, server says:
(-1) Can't contact LDAP server

The ldap client work ok by search the Manager user in ldap:

# ldapsearch -x -h localhost -b cn=Manager,dc=example,dc=com

It returns:

# extended LDIF
#
# LDAPv3
# base <cn=Manager,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Manager, example.com
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

So how to fix it?

Hello, I have a blank AWS Simple AD setup, I have installed LAM and am able to login (after which I pressed the create button for some missing stuff in the directory).

When I try and create a user I get the following:

Was unable to create DN: cn=test,OU=group,DC=xxx,DC=yyy,DC=zzz.
LDAP error, server says: Server is unwilling to perform - Failed to find a structural class for CN=test,OU=group,DC=xxx,DC=yyy,DC=zzz

Any ideas? I am not that knowledgable on directory services. Thanks!

This could potentially be done via multi-arch images:
https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
https://www.docker.com/blog/multi-arch-build-what-about-circleci/

Moin,

The SF platform is untrusted and dead - it would be nice to see LAM migrating its bugtracker towards GitHub too.

Hi there,

I'm running LDAP Account Manager 6.3 with Nginx and PHP-FPM 7.2

LAM itself works fine, but clicking on 'Tree View' results in a brief flash of the following error message, followed by an immediate logout:

Deprecated: __autoload() is deprecated, use spl_autoload_register() instead in /var/www/ldap-account-manager/templates/3rdParty/pla/lib/functions.php on line 54

Warning: session_save_path(): Cannot change save path when headers already sent in /var/www/ldap-account-manager/lib/security.inc on line 67

Warning: session_set_cookie_params(): Cannot change session cookie parameters when headers already sent in /var/www/ldap-account-manager/lib/security.inc on line 50

Warning: session_start(): Cannot start session when headers already sent in /var/www/ldap-account-manager/lib/security.inc on line 51

Your session expired, click here to go back to the login page.

As suggested in the PHP doc, spl_autoload_register() can be used:
https://secure.php.net/manual/en/function.autoload.php

After I setup LAM then i am not able to update the config. The page is stuck in a loop.
I have attached the screenshot of before and after below.

I'm in the process of migrating from LAM 5.x to LAM 6.0 on PHP 7/ Apache / CentOS 7. The previously working .conf is not taken into account or not parsed correctly in LAM 6.x. I can select the profile but the username and ldap url remain blank at the login screen. When trying to log in, I get an LDAP login error. The log files show that a blank user tried to log in... I tried increasing the debug level but nothing new shows up.

I tried 6.0.1 thinking that this bug was solved as the issue fixed in changelog looked a lot like my current problem... sadly the result is the same as 6.0.

I event uninstalled and reinstalled the package to revert the entire configuration and doing them again... still the same bug happens. I'm running out of ideas... is there something else I can do to solve this issue?

To force a Unix password change, shadowLastChange has to be set to 0.
However, when clicking Force Password Change, this is not the case. Instead, shadowLastChange is set to 18499 at the moment.

It appears the relevant piece of code is this:

if (isset($_POST['form_subpage_shadowAccount_attributes_expirePassword']) && isset($this->attributes['shadowMax'][0]) && ($this->attributes['shadowMax'][0] != 0)) {
  $this->attributes['shadowLastChange'][0] = intval(time()/3600/24) - $this->attributes['shadowMax'][0] - 1;
}

This should just be set to 0, I believe.

edit: Hmm. I edited the sources and shadowLastChange is now set to 0, but Debian 10 still doesn't prompt for a password change. So disregard last message. Password change is still not working for me, but the above description is not the actual problem. My bad.

edit: The above message was for version 7.2. I have since tried the latest clone and debian package (both), 7.3, which both give a white page on main.php, server-error 500 with nothing in the logs. Tried increasing php logging verbosity to no avail.

We run LAM Pro 7.2 (on Solaris 11.4 SRU 21, PHP 7.3.15, and OpenLDAP 2.4.48) and are currently in the process of migrating from pure posixGroups to RFC2307bis-02 groups. Our users have accounts of the type posixAccount. We have had a setup where a user's primary group record (gidNumber) automatically leads to a memberUid entry in the related group object for many years and we plan to continue with this setting. To achieve this, we have been using the option posixAccount_primaryGroupAsSecondary in LAM.

Now when migrating from posixGroups to groupOfMembers (the same goes for groupOfNames, so I don't see a relation to issue #98), we found that posixAccount_primaryGroupAsSecondary in combination with posixGroup_autoSyncGon will lead to inconsistencies. While it still synchronizes successfully from the user's primaryGroup property to the memberUid in the (secondary) group, LAM does not seem to touch the "member" attribute of the group, neither when using groupOfNames nor groupOfMembers.

For this reason, the groups are getting into an unsynchronized state which we would like to avoid.

Expected behavior: I'd suggest that when propagating the primaryGroup setting from the user's posixAccount record to the group, something like the posixGroup_autoSyncGon feature should be called to ensure a fully synchronized directory.

Maybe it can make sense to activate/deactivate this behavior in the configuration settings of the posixAccount, because maybe not everybody wants to have this behavior.

Hello,
I've just installed ldap account manager.
I did initial setup within "Edit Server Profiles" section. Connection goes via ldap on port 389 with TLS.
Testing in a shell with ldapwhoami -H ldap://my-domain -x -v -ZZ response is proper, openldap with TLS looks fine.
The same SSL (provided by letsencrypt) is used
On the List of valid users there is admin, the same as asking slapcat command in a shell.
When I try to login with the admin I got a blank page.
In syslog there is a message successfully logged in.
Also:
Sep 2 09:13:47 spree-ldap1 php: LDAP Account Manager (7v71av5ispi29lalquc9ovdd0i - 151.252.225.9 - cn=admin,dc=my-domain) - WARNING: Unable to set locale, check if 'locale -a' returns en_GB.utf8
(last looks as a warning, not a fatal error).
The next line says (apache output):

spree-ldap1.sonnen.de:443 151.252.225.9 - - [02/Sep/2020:08:52:37 +0200] "GET /lam/templates/main.php HTTP/1.1" 500 946 "https://my-domain/lam/templates/login.php?configSaveOk=1&configSaveFile=lam" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0" 

So, error 500. Enabling in php.ini error_reporting = E_ALL doesn't give any report on the screen.
Tried to disable TLS, same result.
On the browser - developer tools, there is a message related to error 500 (URI templates/main.php):

	receiveMessage/<
resource:///actors/BrowserTabChild.jsm:102:26
wrapHandlingUserInput
resource://gre/modules/E10SUtils.jsm:1009:7
receiveMessage
resource:///actors/BrowserTabChild.jsm:99:21

There was some additional error in apache log that I can't repeat:

[Wed Sep 02 08:35:38.894596 2020] [php7:error] [pid 149660] [client 151.252.225.9:63984] PHP Fatal error:  Uncaught Error: Class 'locking389ds' not found in /usr/share/ldap-account-manager/templates/main.php:57\nStack trace:\n#0 {main}\n  thrown in /usr/share/ldap-account-manager/templates/main.php on line 57, referer: https://my-domain/lam/templates/login.php?configSaveOk=1&configSaveFile=lam
[Wed Sep 02 08:39:39.731991 2020] [php7:warn] [pid 149814] [client 151.252.225.9:63998] PHP Warning:  ldap_start_tls(): Unable to start TLS: Connect error in /usr/share/ldap-account-manager/lib/account.inc on line 733, referer: https://spree-ldap1.sonnen.de/lam/templates/login.php?configSaveOk=1&configSaveFile=lam

(BTW, a FQDN has been actually used instead of my-domain)
Apache config is default as provided by ldap account manager.

• PHP version: 7.4.3
• Apache version 2.4.41 (Ubuntu)

Also, is there anyway or need to disable CSRF checking as I want to have haproxy on different domain in front of this apache?

Thanks in advance.

Fresh install on PHP 7.1 CentOS 7.4

See following error:

PHP Fatal error: Uncaught TypeError: Argument 1 passed to LAM\LOGIN\display_LoginPage() must be an instance of LAMConfig, null given, called in /var/www/vhosts/ldap/templates/login.php on line 609 and defined in /var/www/vhosts/ldap/templates/login.php:178\nStack trace:\n#0 /var/www/vhosts/ldap/templates/login.php(609): LAM\LOGIN\display_LoginPage(NULL, Object(LAMCfgMain), NULL, 'No default prof...')\n#1 {main}\n thrown in /var/www/vhosts/ldap/templates/login.php on line 178

...

When i use nginx proxy docker lam with https, in most case, css js resources cannot be loaded, like this:

Just use http, everything works fine.

run lam with docker
when i swicth language to zh_CN on login page
but it is not working

think should be replaced by:
for ($i = 0; $i < 64; $i++) {

OS: Centos 7.4
httpd-2.4.6-67.el7.centos.6.x86_64
php-5.4.16-43.el7_4.x86_64

tail default_error.log

[Wed Feb 28 17:17:49.207451 2018] [:error] [pid 59255] [client 10.73.9.151:49668] PHP Fatal error: Can't use method return value in write context in /usr/share/ldap-account-manager/templates/login.php on line 504, referer: http://xxxx/lam/

Hello.
Is there any way to set default list options (show account status, max list rows and GID to group name)?

Object class violation - object class 'mailUser' requires attribute 'mail'

1.start container
docker run -p 8080:80 -it -d --rm --volume /dockerData/config/ldap/config.cfg:/etc/ldap-account-manager/config.cfg --volume /dockerData/config/ldap/lam.conf:/var/lib/ldap-account-manager/config/lam.conf ldapaccountmanager/lam:stable
2.then container start fail
root@default:~# docker logs a479558654e3 PHP Notice: A non well formed numeric value encountered in Command line code on line 1 sed: cannot rename /etc/ldap-account-manager/sedL2QjK7: Device or resource busy
3.so,how to start lam container with the Mount Configuration Files from Outside

Hello.
On Debian 10 the installation with Docker does not work

"The main config file (config.cfg) does not exist"

I extract the tarball as specified in the documentation (https://hub.docker.com/r/ldapaccountmanager/lam) but it does not work.

docker run -p 8080:80 -it -d --volume /export/docker/lam/data/config:/var/lib/ldap-account-manager/config --env LAM_SKIP_PRECONFIGURE=true ldapaccountmanager/lam:stable

If I run like that it works :
docker run -p 8080:80 -it -d ldapaccountmanager/lam:stable

Then If I copy from docker to outside the container then, I restart with mounting the volume it does not work .
If I mount /etc/ldap-account-manager and /var/lib/ldap-account-manager it does not work
If I replace the config.php symlink by the real file it does not work too...

So what I can do ??
Have you tested the image ?

Best regards

The scrip to setup docker container does not create /var/lib/ldap-account-manager/lam.conf and /etc/ldap-account-manager/config.cfg.

Errors

1. lam.conf not created- sed: can't read /var/lib/ldap-account-manager/config/lam.conf: No such file or directory
2. config.cfg not created- sed: can't read /etc/ldap-account-manager/config.cfg: No such file or directory

Suggested Solution
Create these files manually for the script to write content into them. This can be added to the script to allow it to create:

1. config director- Create this directory if does not exists
2. lam.conf - create this file if does not exist
3. config.cfg - create this file if it does not exist.

It looks like Argon2 is not supported.

I'm willing to add support for this in LAM. What do I need to do in order to add its support?

Hello,

i use Lam Pro 5.4. Is it possible, to export Telefon Lists as pdf, for example:

Max Mustermann 00000000000000
Klaus Mustermann 111111111111
Sabine Musterfrau 33333333333

I think i can just export one user per pdf?

To select a Account (has telefonnumber) i can create a new group.

I execute the configuration directory of docker mount Lam, unable to mount.

command：
docker run -it --name ldapweb --rm -p 8080:80 --volume /data/lam/config:/var/lib/ldap-account-manager/config ldapaccountmanager/lam:7.4

Switched language to German, but the "forgotten password?" link is still in english.

Hello,

the "number of users" is wrong:

but in the tree view:

Any ideas?

Hello,

I'm currently using LAM 6.2-1 on Ubuntu 18.04 (installed via official ubuntu repo).

With the imapAccess module i had the following error :
TLS/SSL failure for <my_imap_server>: SSL negotiation failed
when i tried to connect to the IMAP server.

The IMAP server is running cyrus 2.5.
I had to modify the parameter tls_versions in /etc/imapd.conf from
tls_versions: tls1_2 to
tls_versions: tls1_0 tls1_1 tls1_2
to make the imapAccess work, which is less secure now.

Is there a way I can make LAM use TLS 1.2 and not TLS 1.0 ?

Thanks

When using LAM with the new LDAP_EXOP password management operation, it doesn't react on exop rejects.

We tried to set an old/known password using the WebUI. The LDAP Server rejected it

Mar  5 13:50:49 ldap1 slapd[1251]: conn=14775 op=6 EXT oid=1.3.6.1.4.1.4203.1.11.1
Mar  5 13:50:49 ldap1 slapd[1251]: conn=14775 op=6 PASSMOD id="uid=testuser,ou=Users,dc=example,dc=net" new
Mar  5 13:50:49 ldap1 slapd[1251]: conn=14775 op=6 RESULT oid= err=19 text=Password is in history of old passwords

But the WebUI tells us:

• (3x) Invalid/Missing Message type. Please report this error to the Bug-Tracker at LDAP Account Manager Developement Team. Thank you
• LDAP Operation was successful

Sorry for cross posting @ SF ... found this afterwords

It would be nice if we can map a volume to de config data to persist all the settings.

I setup a new openldap server using [osixia/docker-openldap] with self-sign certification by openssl

docker run -d -p 1636:636 --name openldap-ssl --restart=always \
--env LDAP_ORGANISATION="example" \
--env LDAP_DOMAIN="example.com" \
--env LDAP_ADMIN_PASSWORD="1qaz@WSX" \
--env LDAP_CONFIG_PASSWORD="1qaz@WSX" \
--volume /data/app/openldap-TLS/server/data:/var/lib/ldap \
--volume /data/app/openldap-TLS/server/config:/etc/ldap/slapd.d \
--volume /data/app/openldap-TLS/server/crts:/container/service/slapd/assets/certs \
--env LDAP_TLS=true \
--env LDAP_TLS_CRT_FILENAME=server.crt \
--env LDAP_TLS_KEY_FILENAME=server.key \
--env LDAP_TLS_CA_CRT_FILENAME=ca.crt \
--env LDAP_TLS_VERIFY_CLIENT=try \
--hostname opendlap-ssl \
--detach osixia/openldap:latest

LAM start script:

docker run -d --restart=always \
--name lam-ssl \
 -p 20880:80 \
--link openldap-ssl:openldap-ssl \
--env LDAP_DOMAIN=example.com \
--env LDAP_SERVER=ldaps://openldap-ssl:636 \
--env LAM_PASSWORD=1qaz@WSX \
--detach ldapaccountmanager/lam:latest

Upload the CA certification file on web ui and restart lam-ssl container.

when login with openldap admin user, some error happend:
Can't contact LDAP server - (unknown error code)

Using docker logs to check out what happened but nothing unusual