1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Custom scripts (LAM Pro)</title><link rel="stylesheet" type="text/css" href="style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="LDAP Account Manager - Manual"><link rel="up" href="ch03.html" title="Chapter�3.�Managing entries in your LDAP directory"><link rel="prev" href="ch03s15.html" title="Custom fields (LAM Pro)"><link rel="next" href="ch03s17.html" title="Sudo roles (LAM Pro)"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Custom scripts (LAM Pro)</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch03s15.html">Prev</a>�</td><th width="60%" align="center">Chapter�3.�Managing entries in your LDAP directory</th><td width="20%" align="right">�<a accesskey="n" href="ch03s17.html">Next</a></td></tr></table><hr></div><div class="section" title="Custom scripts (LAM Pro)"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp6018032"></a>Custom scripts (LAM Pro)</h2></div></div></div><p>LAM Pro allows you to execute scripts whenever an account is
2
created, modified or deleted. This can be useful to automate processes
3
which needed manual work afterwards (e.g. sending your user a welcome
4
mail or register a mailbox). Additionally, you can specify manual scipts
5
that can be executed from within LAM Pro.</p><p>To activate this feature please add the "Custom scripts" module to
6
all needed account types on the configuration pages.</p><p>You can specify multiple scripts for each action type (e.g.
7
modify) and account type (e.g. user). The scripts need to be located on
8
the filesystem of your webserver and will be executed in its user
9
environment. E.g. if you webserver runs as user www-data with the group
10
www-data then the custom scripts will be run under this user with his
11
rights. The output of the scripts will be shown in LAM.</p><p>You can specify the scripts on the LAM configuration pages.</p><div class="screenshot"><div class="mediaobject"><img src="images/customScripts.png"></div></div><p><span class="bold"><strong>Syntax:</strong></span></p><p>Please enter one script per line. Each line has the following
12
format: <account type> <action> <script></p><p>E.g.: user preModify /usr/bin/myCustomScript -u $uid$</p><p><span class="bold"><strong>Account types:</strong></span></p><p>You can setup scripts for all available account types (e.g. user,
13
group, host, ...). Please see the help on the configuration page about
14
your current active account types.</p><p><span class="bold"><strong>Actions:</strong></span></p><div class="table"><a name="idp6026576"></a><p class="title"><b>Table�3.2.�Action types</b></p><div class="table-contents"><table summary="Action types" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="bold"><strong>Action name</strong></span></td><td><span class="bold"><strong>Description</strong></span></td></tr><tr><td>preCreate</td><td>executed before creating a new account (cancels operation
15
if a script returns an exit code > 0, not available for file
16
upload)</td></tr><tr><td>postCreate</td><td>executed after creating a new account</td></tr><tr><td>preModify</td><td>executed before the account is modified (cancels
17
operation if a script returns an exit code > 0)</td></tr><tr><td>postModify</td><td>executed after an account was modified</td></tr><tr><td>preDelete</td><td>executed before an account was modified (cancels
18
operation if a script returns an exit code > 0)</td></tr><tr><td>postDelete</td><td>executed after an account was modified</td></tr><tr><td>manual</td><td>can be run manually on account page</td></tr></tbody></table></div></div><br class="table-break"><p><span class="bold"><strong>Script:</strong></span></p><p>You can execute any script which is located on the filesystem of
19
your webserver. The path may be absolute or relative to the
20
PATH-variable of the environment of your webserver process. It is also
21
possible to add commandline arguments to your scripts. Additionally, LAM
22
will resolve wildcards to LDAP attributes. If your script includes an
23
wildcard in the format $ATTRIBUTE$ then LAM will replace it with the
24
attribute value of the current LDAP entry. The values of multi-value
25
attributes are separated by commas. E.g. if you create an account with
26
the attribute "uid" and value "steve" then LAM will resolve "$uid$" to
27
"steve".</p><p>Please note that manual scripts can only use the current LDAP
28
attribute values of the account. Any modifications done that are not
29
saved will not be available. Manual scripts are also not available for
30
new accounts that are not yet saved to LDAP.</p><p>You can switch LAM's logging to debug mode if you are unsure which
31
attributes with which values are available.</p><p>The following special wildcards are available for automatical
32
scripts:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><span class="bold"><strong>$INFO.userPasswordClearText$:</strong></span>
33
cleartext password when Unix password is changed (e.g. useful for
34
external password synchronisation) for new/modified accounts</p></li><li class="listitem"><p><span class="bold"><strong>$INFO.userPasswordStatusChange$:</strong></span> provides
35
additional information if the password locking status was changed,
36
possible values: locked, unlocked, unchanged</p></li><li class="listitem"><p><span class="bold"><strong>$INFO.passwordSelfResetAnswerClearText$</strong></span>:
37
cleartext answer to security question</p></li><li class="listitem"><p><span class="bold"><strong>$NEW.<attribute>$:</strong></span> the
38
value of a new attribute (e.g. $NEW.telephoneNumber$) for modified
39
accounts</p></li><li class="listitem"><p><span class="bold"><strong>$DEL.<attribute>$:</strong></span> the
40
value of a deleted attribute (e.g. $DEL.telephoneNumber$) for
41
modified accounts</p></li><li class="listitem"><p><span class="bold"><strong>$MOD.<attribute>$:</strong></span> the
42
new value of a modified attribute (e.g. $MOD.telephoneNumber$) for
43
modified accounts</p></li><li class="listitem"><p><span class="bold"><strong>$ORIG.<attribute>$:</strong></span> the
44
original value of an attribute (e.g. $ORIG.telephoneNumber$) for
45
modified accounts</p></li></ul></div><p><span class="bold"><strong>Output may contain HTML:</strong></span> If your
46
scripts generate HTML output then activate this option.</p><p><span class="bold"><strong>Hide command in messages:</strong></span> You may
47
want to prevent that your users see the executed commands. In this case
48
activating this option will only show the command output but not the
49
command itself.</p><p></p><p>You can see a preview of the commands which will be automatically
50
executed on the "Custom scripts" tab. Here you can also run the manual
51
scripts.</p><div class="screenshot"><div class="mediaobject"><img src="images/customScripts2.png"></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch03s15.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="ch03.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="ch03s17.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Custom fields (LAM Pro)�</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">�Sudo roles (LAM Pro)</td></tr></table></div></body></html>
1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Custom fields (LAM Pro)</title><link rel="stylesheet" type="text/css" href="style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="LDAP Account Manager - Manual"><link rel="up" href="ch03.html" title="Chapter�3.�Managing entries in your LDAP directory"><link rel="prev" href="ch03s15.html" title="Password policies (LAM Pro)"><link rel="next" href="ch03s17.html" title="Custom scripts (LAM Pro)"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Custom fields (LAM Pro)</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch03s15.html">Prev</a>�</td><th width="60%" align="center">Chapter�3.�Managing entries in your LDAP directory</th><td width="20%" align="right">�<a accesskey="n" href="ch03s17.html">Next</a></td></tr></table><hr></div><div class="section" title="Custom fields (LAM Pro)"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp6036016"></a>Custom fields (LAM Pro)</h2></div></div></div><p>This module allows you to manage LDAP attributes that are not
2
covered by the other LAM modules (e.g. if you use custom LDAP schemas).
3
You can fully define how your input fields look like:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Label</p></li><li class="listitem"><p>LDAP attribute name</p></li><li class="listitem"><p>Unique name for field</p></li><li class="listitem"><p>Read-only display</p></li><li class="listitem"><p>Field type: text, password, text area, checkbox, radio
4
buttons, select list</p></li><li class="listitem"><p>Validation via regular expression</p></li><li class="listitem"><p>Error message if validation fails</p></li></ul></div><p>Limitations:</p><p>Custom fields cannot manage</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>structural object classes</p></li><li class="listitem"><p>(binary) attributes that require file uploads</p></li><li class="listitem"><p>multi-value attributes</p></li><li class="listitem"><p>attributes that require validation rules across multiple
5
attributes or cannot be described by a simple regular
6
expression</p></li></ul></div><p><span class="bold"><strong>Activating the custom fields
7
module:</strong></span></p><p>You may specify custom fields for all of your account types.
8
Please enter tab "Modules" in your server profile. Now activate the
9
"Custom fields (customFields)" module for all needed account
10
types.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields14.png"></div></div><p><span class="bold"><strong>Defining groups:</strong></span></p><p>All input fields are devided into groups. A group may contain one
11
or more object classes and allows you to add/remove a certain set of
12
input fields.</p><p>E.g. you may define two groups - "My application A" and "My
13
application B" - that manage different LDAP attributes and object
14
classes. This way you will be able to control both attribute sets
15
independently.</p><p>To create a group please edit your server profile and switch to
16
tab "Module settings". You will see the section "Custom fields" which
17
allows you to add new groups. Now select your account type (e.g. Users)
18
and specify an alias for your group. This alias will be printed as group
19
header when you later edit an account in the admin interface.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields15.png"></div></div><p>After you created your new group you can setup the managed object
20
classes. If you specify any object classes then you will later be able
21
to add/remove a complete set of attributes including their object
22
classes.</p><p>Skipping the object classes field is only useful if you want to
23
manage some attributes that are not yet supported by LAM but there is
24
already a LAM module that manages the object class.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields16.png"></div></div><p>The group may look like when you edit a user.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields19.png"></div></div><div class="screenshot"><div class="mediaobject"><img src="images/customFields20.png"></div></div><p><span class="bold"><strong>Adding fields:</strong></span></p><p>Now you can add a new field that manages an LDAP attribute. Simply
25
fill the fields and press on "Add".</p><p>Please note that the field name cannot be changed later. It is the
26
unique ID for this field.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields17.png"></div></div><p>Examples for fields and their representation:</p><p><span class="bold"><strong>Text field:</strong></span></p><p>Text fields allow to specify a <a class="link" href="ch03s16.html#customFields_validation_expressions_admin">validation
27
expression</a> and error message.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields2.png"></div></div><p>Presentation:</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields3.png"></div></div><p><span class="bold"><strong>Password field:</strong></span></p><p>You can also manage custom password fields. LAM Pro will display
28
two fields where the user must enter the same password. You can hash the
29
password if needed.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields4.png"></div></div><p>Presentation:</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields5.png"></div></div><p><span class="bold"><strong>Text area:</strong></span></p><p>This adds a multi-line field. The options are similar to text
30
fields. Additionally, you can set the size with the number of columns
31
and rows.</p><p>Please note that the <a class="link" href="ch03s16.html#customFields_validation_expressions_admin">validation
32
expression</a> should be set to multi-line. This is done by adding
33
"m" at the end.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields6.png"></div></div><p>Presentation:</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields7.png"></div></div><p><span class="bold"><strong>Checkbox:</strong></span></p><p>Sometimes you may want to allow only yes/no values for your LDAP
34
attributes. This can be represented by a checkbox. You can specify the
35
values for checked and unchecked. The default value is set if the LDAP
36
attribute has no value.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields8.png"></div></div><p>Presentation:</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields9.png"></div></div><p><span class="bold"><strong>Radio buttons:</strong></span></p><p>This displays a list of radio buttons where the user can select
37
one value.</p><p>You can specify a mapping of LDAP attribute values and their
38
display (label) on the Self Service page. To add more mapping fields
39
please press "Add more mapping fields".</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields10.png"></div></div><p>Presentation:</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields11.png"></div></div><p><span class="bold"><strong>Select list:</strong></span></p><p>Select lists allow the user to select a value in a large list of
40
options. The definition of the possible values and their display is
41
similar to radio buttons.</p><p>You can also allow multiple values.</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields12.png"></div></div><p>Presentation:</p><div class="screenshot"><div class="mediaobject"><img src="images/customFields13.png"></div></div><div class="screenshot"><div class="mediaobject"><img src="images/customFields18.png"></div></div><p><a name="customFields_validation_expressions_admin"></a><span class="bold"><strong>Validation expressions:</strong></span></p><p>The validation expressions follow the standard of <a class="ulink" href="http://perldoc.perl.org/perlre.html" target="_top">Perl regular
42
expressions</a>. They start and end with a "/". The beginning of a
43
line is specified by "^" and the end by "$".</p><p>Examples:</p><p>/^[a-z0-9]+$/ allows small letters and numbers. The value must not
44
be empty ("+").</p><p>/^[a-z0-9]+$/i allows small and capital letters ("i" at the end
45
means ignore case) and numbers. The value must not be empty
46
("+").</p><p>Special characters that must be escaped with "\": "\", ".", "(",
47
")"</p><p>E.g. /^[a-z0-9\.]$/i</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch03s15.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="ch03.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="ch03s17.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Password policies (LAM Pro)�</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">�Custom scripts (LAM Pro)</td></tr></table></div></body></html>