Appendix E. Setup password self reset schema (LAM Pro)

New installation

Please see here if you want to upgrade an existing schema version.

Schema installation

Please install the schema that comes with LAM Pro. The schema files are located in:

  • tar.bz2: docs/schema

  • DEB: /usr/share/doc/ldap-account-manager/docs/schema

  • RPM: /usr/share/doc/ldap-account-manager-{VERSION}/schema

OpenLDAP with slapd.conf configuration

For a configuration with slapd.conf-file copy passwordSelfReset.schema to /etc/ldap/schema/ and add this line to slapd.conf:

  include         /etc/ldap/schema/passwordSelfReset.schema

OpenLDAP with slapd.d configuration

For slapd.d configurations you need to upload the schema file passwordSelfReset.ldif via ldapadd command:

ldapadd -x -W -H ldap://localhost -D "cn=admin,o=test,c=de" -f passwordSelfReset.ldif

Please replace "localhost" with your LDAP server and "cn=admin,o=test,c=de" with your LDAP admin user (usually starts with cn=admin or cn=manager).

In some cases you might need to import directly on the OpenLDAP server as root:

ldapadd -Y EXTERNAL -H ldapi:/// -f passwordSelfReset.ldif

389 server

Please replace INSTANCE with installation ID, e.g. slapd-389ds.

  cp passwordSelfReset-389server.ldif /etc/dirsrv/INSTANCE/schema/70pwdreset.ldif
  systemctl restart

Samba 4

The schema files are passwordSelfReset-Samba4-attributes.ldif and passwordSelfReset-Samba4-objectClass.ldif.

First, you need to edit them and replace "DOMAIN_TOP_DN" with your LDAP suffix (e.g. dc=samba4,dc=test).

Then install the attribute and afterwards the object class schema file:

  ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
  ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true


The schema file is passwordSelfReset-Windows.ldif.

First, you need to edit it and replace "DOMAIN_TOP_DN" with your LDAP suffix (e.g. dc=windows,dc=test).

Then install the schema file as administrator on a command line:

  ldifde -v -i -f passwordSelfReset-Windows.ldif

This allows to set a security question + answer for each account.