refactoring

2025-10-03 09:49:16 +02:00 · 2025-10-02 21:55:55 +02:00 · 2025-10-02 21:17:50 +02:00 · 2025-10-02 21:01:58 +02:00 · 2025-10-02 20:31:39 +02:00 · 2025-09-25 20:34:47 +02:00
3465 changed files with 370047 additions and 269187 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -19,7 +19,7 @@ jobs:
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/autobuild to send a status report
    name: Analyse
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
    steps:
    - name: Harden Runner
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@ -14,7 +14,7 @@ permissions:
 jobs:
  dependency-review:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@ -15,7 +15,7 @@ jobs:
    permissions:
      contents: read  # for actions/checkout to fetch code
      pull-requests: read  # for sonarsource/sonarcloud-github-action to determine which PR to decorate
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted
    steps:
    - name: Harden Runner
@ -29,14 +29,14 @@ jobs:
      uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2
      with:
        php-version: '8.1'
-        extensions: ldap, xdebug, gd, json, xml, curl, zip, mbstring
+        extensions: ldap, xdebug, gd, json, xml, curl, zip, mbstring, imagick, pdo_sqlite
    - name: Validate composer.json and composer.lock
      run: composer validate --strict
    - name: Cache Composer packages
      id: composer-cache
-      uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
      with:
        path: vendor
        key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
--- a/.github/workflows/quality.yml
+++ b/.github/workflows/quality.yml
@ -12,7 +12,7 @@ permissions:
 jobs:
  build:
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted
    steps:
    - name: Harden Runner
@ -26,28 +26,28 @@ jobs:
      uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2
      with:
        php-version: '8.1'
-        extensions: ldap, xdebug, gd, json, xml, curl, zip, mbstring
+        extensions: ldap, xdebug, gd, json, xml, curl, zip, mbstring, imagick, pdo_sqlite
    - name: Validate composer.json and composer.lock
      run: composer validate --strict
    - name: Cache Composer packages
      id: composer-cache
-      uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
      with:
        path: vendor
-        key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+        key: ${{ runner.os }}-quality-${{ hashFiles('**/composer.lock') }}
        restore-keys: |
-          ${{ runner.os }}-php-
+          ${{ runner.os }}-quality-
    - name: PHP Version
      run: php --version
    - name: Install dependencies
-      run: composer install --prefer-dist --no-progress
+      run: composer install --no-progress
    - name: Install CodeSpell
-      run: pip install --user codespell
+      run: pipx install codespell
    - name: CodeSpell
      run: ./codespell.sh
@ -56,7 +56,7 @@ jobs:
      run: ./vendor/bin/phpstan -V
    - name: PHPStan
-      run: ./vendor/bin/phpstan --xdebug
+      run: ./vendor/bin/phpstan
    - name: Rector
      run: ./vendor/bin/rector process --dry-run
--- a/Readme.md
+++ b/Readme.md
@ -25,4 +25,4 @@ There are two modules. Usually, you only need the files inside "lam".
 LAM is published under the GNU General Public License.
 The complete list of licenses can be found in the copyright file.
-Copyright (C) 2003 - 2024 Roland Gruber <post@rolandgruber.de>
+Copyright (C) 2003 - 2025 Roland Gruber <post@rolandgruber.de>
--- a/codespell.sh
+++ b/codespell.sh
@ -1,3 +1,3 @@
 #!/bin/bash
-~/.local/bin/codespell --skip '*3rdParty*,*/jodit/*,*/po/*,*/locale/*,tmp,sess,config,graphics,*/style/images/*,*/style/*.gif,*/style/*.png,*/docs/manual-onePage/*,*/docs/manual-sources/images/*,*/templates/lib/*jquery*,*/templates/lib/*popper*,*/templates/lib/*tippy*,*/templates/lib/*flatpickr*,*/templates/lib/*Sortable*,*/templates/lib/*cropper*,*~,*/docs/phpdoc/*,*/docs/manual/*,*/docs/devel/images/*,*/docs/manual-pdf/*,*.sh,*/cropper.js,*/lib/extra/*,lam/.phpdoc,lam/composer.*' --ignore-words-list "tim,te,pres,files'" lam
+~/.local/bin/codespell --skip '*3rdParty*,*/jodit/*,*/po/*,*/locale/*,tmp,sess,config,graphics,*/style/images/*,*/style/*.gif,*/style/*.png,*/docs/manual-onePage/*,*/docs/manual-sources/images/*,*/templates/lib/*jquery*,*/templates/lib/*popper*,*/templates/lib/*tippy*,*/templates/lib/*flatpickr*,*/templates/lib/*Sortable*,*/templates/lib/*cropper*,*~,*/docs/phpdoc/*,*/docs/manual/*,*/docs/devel/images/*,*/docs/manual-pdf/*,*.sh,*/cropper.js,*/templates/lib/*sweetalert*,*/lib/extra/*,lam/.phpdoc,lam/composer.*' --ignore-words-list "tim,te,pres,files'" lam
--- a/composer.json
+++ b/composer.json
@ -3,9 +3,8 @@
  "description": "LDAP Account Manager",
  "require-dev" : {
    "phpunit/phpunit" : "9.5.21",
-    "squizlabs/php_codesniffer" : "3.4.0",
+    "phpstan/phpstan": "^2",
-    "phpstan/phpstan": "^1.10",
+    "rector/rector": "^2",
    "rector/rector": "^1",
    "cyclonedx/cyclonedx-php-composer": "^5.0"
  },
  "require": {
@ -13,7 +12,14 @@
    "ext-json": "*",
    "ext-pdo": "*",
    "ext-xmlreader": "*",
-    "ext-zip": "*"
+    "ext-zip": "*",
    "ext-gd": "*",
    "ext-imagick": "*",
    "ext-gettext": "*",
    "ext-curl": "*",
    "ext-openssl": "*",
    "ext-xmlwriter": "*",
    "ext-iconv": "*"
  },
  "scripts": {
    "test": "vendor/bin/phpunit"
--- a/lam-packaging/RPM/ldap-account-manager.spec
+++ b/lam-packaging/RPM/ldap-account-manager.spec
@ -112,11 +112,6 @@ if [ ! -f /var/lib/%{lam_dir}/config/config.cfg ]; then
 	cp /var/lib/%{lam_dir}/config/config.cfg.sample /var/lib/%{lam_dir}/config/config.cfg
 	chmod 600 /var/lib/%{lam_dir}/config/config.cfg
 	chown %{lam_uid}:%{lam_gid} /var/lib/%{lam_dir}/config/config.cfg
 	if [ ! -f /var/lib/%{lam_dir}/config/lam.conf ]; then
 		cp /var/lib/%{lam_dir}/config/unix.sample.conf /var/lib/%{lam_dir}/config/lam.conf
 		chmod 600 /var/lib/%{lam_dir}/config/lam.conf
 		chown %{lam_uid}:%{lam_gid} /var/lib/%{lam_dir}/config/lam.conf
 	fi
 fi
 for server in apache2 httpd nginx; do
    if [ `which systemctl 2< /dev/null` ]; then
--- a/lam-packaging/buildPackages
+++ b/lam-packaging/buildPackages
@ -30,7 +30,7 @@ function minify {
 	for file in $files; do
 		jsFiles="$jsFiles $file"
 	done
-	uglifyjs -o $outFile $jsFiles
+	terser $jsFiles -o $outFile
 	rm $files
 	# add final new line to supress Debian warnings
 	echo "" >> $outFile
--- a/lam-packaging/debian/README.Debian
+++ b/lam-packaging/debian/README.Debian
@ -14,10 +14,16 @@ Configuration:
  All settings can be edited via the webfrontend. Please
  point your browser to the LAM start page and then select
  "LAM configuration".
  The default password for the configuration is "lam".
 Lamdaemon:
 If you want to use the lamdaemon you need to install the
 package ldap-account-manager-lamdaemon on the target machine.
 Packaging:
 The Debian's orig.tar.bz2 file differs from the tar.bz2 files that are provided upstream.
 While the upstream files contain minified CSS and JS files, the Debian orig.tar.bz2 file
 contains the sources and minifies during Debian package build.
--- a/lam-packaging/debian/changelog
+++ b/lam-packaging/debian/changelog
@ -1,8 +1,32 @@
-ldap-account-manager (9.0.RC1-1) unstable; urgency=medium
+ldap-account-manager (9.3-1) unstable; urgency=medium
  * new upstream release
- -- Roland Gruber <post@rolandgruber.de>  Wed, 04 Dec 2024 07:23:11 +0200
+ -- Roland Gruber <post@rolandgruber.de>  Mon, 15 Sep 2025 07:11:26 +0200
 ldap-account-manager (9.2-1) unstable; urgency=medium
  * new upstream release
  * Fix "Please upgrade to upstream release >= 9.1" by packaging
      new version (Closes: #1100719)
 -- Roland Gruber <post@rolandgruber.de>  Fri, 06 Jun 2025 07:41:13 +0200
 ldap-account-manager (9.1-1) unstable; urgency=medium
  * new upstream release
 -- Roland Gruber <post@rolandgruber.de>  Thu, 13 Mar 2025 07:36:27 +0200
 ldap-account-manager (9.0-1) unstable; urgency=medium
  * new upstream release
  * Fix "ldap-account-manager: CVE-2024-52792" by using
      new file format (Closes: #1090934)
  * Fix "Please allow recent php-monolog (>= 3)" by using
      different dependencies (Closes: #1076835)
 -- Roland Gruber <post@rolandgruber.de>  Tue, 17 Dec 2024 19:23:11 +0200
 ldap-account-manager (8.9-1) unstable; urgency=medium
--- a/lam-packaging/debian/control
+++ b/lam-packaging/debian/control
@ -2,8 +2,8 @@ Source: ldap-account-manager
 Maintainer: Roland Gruber <post@rolandgruber.de>
 Section: web
 Priority: optional
-Standards-Version: 4.7.0
+Standards-Version: 4.7.2
-Build-Depends: debhelper (>= 12), debhelper-compat (= 12), po-debconf, cleancss (>= 5.2), uglifyjs (>= 3.12)
+Build-Depends: debhelper (>= 12), debhelper-compat (= 12), po-debconf, cleancss (>= 5.2), terser (>= 5.0)
 Homepage: https://www.ldap-account-manager.org/
 Rules-Requires-Root: binary-targets
@ -11,16 +11,15 @@ Package: ldap-account-manager
 Architecture: all
 Depends: php (>= 8.1), php-ldap,
 php-gd | php-imagick,
- php-json, php-curl,
+ php-json, php-curl, php-sqlite3, php-mysql,
 php-zip, php-xml, php-gmp, php-mbstring,
 libapache2-mod-php | libapache2-mod-fcgid | php-fpm,
 apache2 (>= 2.4.0) | httpd,
 gettext, fonts-dejavu,
 libjs-jquery-jstree (>= 3.3.0),
 php-phpseclib3, php-monolog,
- php-voku-portable-ascii (<< 3.0), libphp-phpmailer (<< 7.0),
+ libphp-phpmailer (<< 7.0),
 debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
-Recommends: php-opcache
+Recommends: php-opcache, php-apcu
 Suggests: ldap-server, php-mcrypt, ldap-account-manager-lamdaemon, perl
 Conflicts: libapache2-mod-php5, php5, php5-fpm
 Description: webfrontend for managing accounts in an LDAP directory
--- a/lam-packaging/debian/copyright
+++ b/lam-packaging/debian/copyright
@ -1,4 +1,4 @@
-This software is copyright (c) 2003 - 2024 by Roland Gruber
+This software is copyright (c) 2003 - 2025 by Roland Gruber
 If you purchased a copy of LDAP Account Manager Pro then the following
 files are licensed under the conditions which you accepted at purchase
@ -17,6 +17,8 @@ time.
 * lib/modules/automount.inc
 * lib/modules/bindDLZ.inc
 * lib/modules/bindDLZXfr.inc
 * lib/modules/bindDyndbRecord.inc
 * lib/modules/bindDyndbZone.inc
 * lib/modules/customBaseType.inc
 * lib/modules/customFields.inc
 * lib/modules/customScripts.inc
@ -56,6 +58,7 @@ time.
 * lib/modules/rfc2307bisAutomount.inc
 * lib/modules/rfc2307bisPosixGroup.inc
 * lib/modules/selfRegistration.inc
 * lib/modules/simpleSecurityObject.inc
 * lib/modules/sudoRole.inc
 * lib/modules/uidObject.inc
 * lib/modules/webauthn.inc
@ -64,6 +67,7 @@ time.
 * lib/types/alias.inc
 * lib/types/automountType.inc
 * lib/types/bind.inc
 * lib/types/bindDyndbType.inc
 * lib/types/customType.inc
 * lib/types/gon.inc
 * lib/types/kopanoAddressListType.inc
@ -94,7 +98,7 @@ All other files are licensed under the conditions below.
 The complete license can be found in the file COPYING or in
-/usr/share/common-licenses/GPL-3.
+/usr/share/common-licenses/GPL-3 (Debian/Ubuntu).
 Some parts of this package have other, compatible licences. These are:
@ -408,33 +412,6 @@ D:
 E:
  Duo
  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions
  are met:
  1. Redistributions of source code must retain the above copyright
     notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright
     notice, this list of conditions and the following disclaimer in the
     documentation and/or other materials provided with the distribution.
  3. The name of the author may not be used to endorse or promote products
     derived from this software without specific prior written permission.
  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 F:
  3-Clause BSD License
  Redistribution and use in source and binary forms, with or without
@ -463,7 +440,7 @@ F:
  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-G:
+F:
  2-Clause BSD License
  Redistribution and use in source and binary forms, with or without modification,
@ -487,38 +464,8 @@ G:
  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  POSSIBILITY OF SUCH DAMAGE.
 H:
  3-Clause BSD License
-Redistribution and use in source and binary forms, with or without
+G:
 modification, are permitted provided that the following conditions are met:
    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above
      copyright notice, this list of conditions and the following
      disclaimer in the documentation and/or other materials provided
      with the distribution.
    * Neither the name of the copyright holder nor the names of its
      contributors may be used to endorse or promote products derived
      from this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 I:
                  GNU LESSER GENERAL PUBLIC LICENSE
                       Version 2.1, February 1999
@ -973,217 +920,199 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
-J:
+H:
-Apache 2.0
+  Apache License 2.0
 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-1. Definitions.
+## 1. Definitions.
-"License" shall mean the terms and conditions for use, reproduction, and
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1
-distribution as defined by Sections 1 through 9 of this document.
+through 9 of this document.
-"Licensor" shall mean the copyright owner or entity authorized by the copyright
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the
-owner that is granting the License.
+License.
-"Legal Entity" shall mean the union of the acting entity and all other entities
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled
-that control, are controlled by, or are under common control with that entity.
+by, or are under common control with that entity. For the purposes of this definition, "control" means
-For the purposes of this definition, "control" means (i) the power, direct or
+(i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract
-indirect, to cause the direction or management of such entity, whether by
+or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
-contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ownership of such entity.
 outstanding shares, or (iii) beneficial ownership of such entity.
-You" (or "Your") shall mean an individual or Legal Entity exercising
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
 permissions granted by this License.
-"Source" form shall mean the preferred form for making modifications, including
+"Source" form shall mean the preferred form for making modifications, including but not limited to software
-but not limited to software source code, documentation source, and
+source code, documentation source, and configuration files.
 configuration files.
-"Object" form shall mean any form resulting from mechanical transformation or
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form,
-translation of a Source form, including but not limited to compiled object
+including but not limited to compiled object code, generated documentation, and conversions to other media
-code, generated documentation, and conversions to other media types.
+types.
-"Work" shall mean the work of authorship, whether in Source or Object form,
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License,
-made available under the License, as indicated by a copyright notice that is
+as indicated by a copyright notice that is included in or attached to the work (an example is provided in the
-included in or attached to the work (an example is provided in the Appendix
+Appendix below).
 below).
-"Derivative Works" shall mean any work, whether in Source or Object form, that
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from)
-is based on (or derived from) the Work and for which the editorial revisions,
+the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent,
-annotations, elaborations, or other modifications represent, as a whole, an
+as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not
-original work of authorship. For the purposes of this License, Derivative Works
+include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work
-shall not include works that remain separable from, or merely link (or bind by
+and Derivative Works thereof.
 name) to the interfaces of, the Work and Derivative Works thereof.
-"Contribution" shall mean any work of authorship, including the original
+"Contribution" shall mean any work of authorship, including the original version of the Work and any
-version of the Work and any modifications or additions to that Work or
+modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to
-Derivative Works thereof, that is intentionally submitted to Licensor for
+Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to
-inclusion in the Work by the copyright owner or by an individual or Legal
+submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of
-Entity authorized to submit on behalf of the copyright owner. For the purposes
+electronic, verbal, or written communication sent to the Licensor or its representatives, including but not
-of this definition, "submitted" means any form of electronic, verbal, or
+limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
-written communication sent to the Licensor or its representatives, including
+that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but
-but not limited to communication on electronic mailing lists, source code
+excluding communication that is conspicuously marked or otherwise designated in writing by the copyright
-control systems, and issue tracking systems that are managed by, or on behalf
+owner as "Not a Contribution."
 of, the Licensor for the purpose of discussing and improving the Work, but
 excluding communication that is conspicuously marked or otherwise designated in
 writing by the copyright owner as "Not a Contribution."
-"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been
-of whom a Contribution has been received by Licensor and subsequently
+received by Licensor and subsequently incorporated within the Work.
 incorporated within the Work.
 2. Grant of Copyright License. Subject to the terms and conditions of this
 License, each Contributor hereby grants to You a perpetual, worldwide,
 non-exclusive, no-charge, royalty-free, irrevocable copyright license to
 reproduce, prepare Derivative Works of, publicly display, publicly perform,
 sublicense, and distribute the Work and such Derivative Works in Source or
 Object form.
-3. Grant of Patent License. Subject to the terms and conditions of this
+## 2. Grant of Copyright License.
 License, each Contributor hereby grants to You a perpetual, worldwide,
 non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this
 section) patent license to make, have made, use, offer to sell, sell, import,
 and otherwise transfer the Work, where such license applies only to those
 patent claims licensable by such Contributor that are necessarily infringed by
 their Contribution(s) alone or by combination of their Contribution(s) with the
 Work to which such Contribution(s) was submitted. If You institute patent
 litigation against any entity (including a cross-claim or counterclaim in a
 lawsuit) alleging that the Work or a Contribution incorporated within the Work
 constitutes direct or contributory patent infringement, then any patent
 licenses granted to You under this License for that Work shall terminate as of
 the date such litigation is filed.
-4. Redistribution. You may reproduce and distribute copies of the Work or
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
-Derivative Works thereof in any medium, with or without modifications, and in
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
-Source or Object form, provided that You meet the following conditions:
+Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such
 Derivative Works in Source or Object form.
-(a) You must give any other recipients of the Work or Derivative Works a copy
+## 3. Grant of Patent License.
 of this License; and
-(b) You must cause any modified files to carry prominent notices stating that
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
-You changed the files; and
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent
 license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
 license applies only to those patent claims licensable by such Contributor that are necessarily infringed by
 their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such
 Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim
 or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
 constitutes direct or contributory patent infringement, then any patent licenses granted to You under this
 License for that Work shall terminate as of the date such litigation is filed.
-(c) You must retain, in the Source form of any Derivative Works that You
+## 4. Redistribution.
 distribute, all copyright, patent, trademark, and attribution notices from the
 Source form of the Work, excluding those notices that do not pertain to any
 part of the Derivative Works; and
-(d) If the Work includes a "NOTICE" text file as part of its distribution, then
+You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without
-any Derivative Works that You distribute must include a readable copy of the
+modifications, and in Source or Object form, provided that You meet the following conditions:
 attribution notices contained within such NOTICE file, excluding those notices
 that do not pertain to any part of the Derivative Works, in at least one of the
 following places: within a NOTICE text file distributed as part of the
 Derivative Works; within the Source form or documentation, if provided along
 with the Derivative Works; or, within a display generated by the Derivative
 Works, if and wherever such third-party notices normally appear. The contents
 of the NOTICE file are for informational purposes only and do not modify the
 License. You may add Your own attribution notices within Derivative Works that
 You distribute, alongside or as an addendum to the NOTICE text from the Work,
 provided that such additional attribution notices cannot be construed as
 modifying the License.
-You may add Your own copyright statement to Your modifications and may provide
+   1. You must give any other recipients of the Work or Derivative Works a copy of this License; and
 additional or different license terms and conditions for use, reproduction, or
 distribution of Your modifications, or for any such Derivative Works as a
 whole, provided Your use, reproduction, and distribution of the Work otherwise
 complies with the conditions stated in this License.
-5. Submission of Contributions. Unless You explicitly state otherwise, any
+   2. You must cause any modified files to carry prominent notices stating that You changed the files; and
 Contribution intentionally submitted for inclusion in the Work by You to the
 Licensor shall be under the terms and conditions of this License, without any
 additional terms or conditions. Notwithstanding the above, nothing herein shall
 supersede or modify the terms of any separate license agreement you may have
 executed with Licensor regarding such Contributions.
-6. Trademarks. This License does not grant permission to use the trade names,
+   3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent,
-trademarks, service marks, or product names of the Licensor, except as required
+	  trademark, and attribution notices from the Source form of the Work, excluding those notices that do
-for reasonable and customary use in describing the origin of the Work and
+	  not pertain to any part of the Derivative Works; and
   4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that
 	  You distribute must include a readable copy of the attribution notices contained within such NOTICE
 	  file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one
 	  of the following places: within a NOTICE text file distributed as part of the Derivative Works; within
 	  the Source form or documentation, if provided along with the Derivative Works; or, within a display
 	  generated by the Derivative Works, if and wherever such third-party notices normally appear. The
 	  contents of the NOTICE file are for informational purposes only and do not modify the License. You may
 	  add Your own attribution notices within Derivative Works that You distribute, alongside or as an
 	  addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be
 	  construed as modifying the License.
 You may add Your own copyright statement to Your modifications and may provide additional or different license
 terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative
 Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the
 conditions stated in this License.
 ## 5. Submission of Contributions.
 Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by
 You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
 conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate
 license agreement you may have executed with Licensor regarding such Contributions.
 ## 6. Trademarks.
 This License does not grant permission to use the trade names, trademarks, service marks, or product names of
 the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
 reproducing the content of the NOTICE file.
-7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
+## 7. Disclaimer of Warranty.
 writing, Licensor provides the Work (and each Contributor provides its
 Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 KIND, either express or implied, including, without limitation, any warranties
 or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
 PARTICULAR PURPOSE. You are solely responsible for determining the
 appropriateness of using or redistributing the Work and assume any risks
 associated with Your exercise of permissions under this License.
-8. Limitation of Liability. In no event and under no legal theory, whether in
+Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor
-tort (including negligence), contract, or otherwise, unless required by
+provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-applicable law (such as deliberate and grossly negligent acts) or agreed to in
+or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
-writing, shall any Contributor be liable to You for damages, including any
+MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
-direct, indirect, special, incidental, or consequential damages of any
+appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of
-character arising as a result of this License or out of the use or inability to
+permissions under this License.
 use the Work (including but not limited to damages for loss of goodwill, work
 stoppage, computer failure or malfunction, or any and all other commercial
 damages or losses), even if such Contributor has been advised of the
 possibility of such damages.
-9. Accepting Warranty or Additional Liability. While redistributing the Work or
+## 8. Limitation of Liability.
 Derivative Works thereof, You may choose to offer, and charge a fee for,
 acceptance of support, warranty, indemnity, or other liability obligations
 and/or rights consistent with this License. However, in accepting such
 obligations, You may act only on Your own behalf and on Your sole
 responsibility, not on behalf of any other Contributor, and only if You agree
 to indemnify, defend, and hold each Contributor harmless for any liability
 incurred by, or claims asserted against, such Contributor by reason of your
 accepting any such warranty or additional liability.
 In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless
 required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any
 Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential
 damages of any character arising as a result of this License or out of the use or inability to use the Work
 (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or
 any and all other commercial damages or losses), even if such Contributor has been advised of the possibility
 of such damages.
 ## 9. Accepting Warranty or Additional Liability.
 While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for,
 acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this
 License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole
 responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold
 each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason
 of your accepting any such warranty or additional liability.
 END OF TERMS AND CONDITIONS
 Programs and licenses with other licenses and/or authors than the
 main license and authors:
-graphics/webauthn.svg                                                F  2017  Duo Security, Inc.
+graphics/webauthn.svg                                                E  2017  Duo Security, Inc.                             https://github.com/duo-labs/webauthn.io
-lib/3rdParty/composer/beberlei                                       G  2013  Benjamin Eberlei
+lib/3rdParty/composer/aws                                            H        Amazon Web Services                            https://github.com/aws/aws-sdk-php, https://github.com/awslabs/aws-crt-php
-lib/3rdParty/composer/brick                                          B        Benjamin Morel
+lib/3rdParty/composer/brick                                          B        Benjamin Morel                                 https://github.com/brick/math
-lib/3rdParty/composer/carbonphp                                      B  2023  Carbon
+lib/3rdParty/composer/carbonphp                                      B  2023  Carbon                                         https://github.com/CarbonPHP/carbon-doctrine-types
-lib/3rdParty/composer/christian-riesen                               B        Christian Riesen
+lib/3rdParty/composer/christian-riesen                               B        Christian Riesen                               https://github.com/ChristianRiesen/base32
-lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano
+lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano                  https://github.com/composer/composer
-lib/3rdParty/composer/doctrine                                       B        Doctrine Project
+lib/3rdParty/composer/doctrine                                       B        Doctrine Project                               https://github.com/doctrine
-lib/3rdParty/composer/duo                                            E        Cisco Systems, Inc. and/or its affiliates
+lib/3rdParty/composer/duosecurity                                    E        Cisco Systems, Inc. and/or its affiliates      https://github.com/duosecurity/duo_universal_php
-lib/3rdParty/composer/facile-it                                      B        Thomas Vargiu
+lib/3rdParty/composer/facile-it                                      B        Thomas Vargiu                                  https://github.com/facile-it
-lib/3rdParty/composer/fgrosse                                        B  2015  Friedrich Große
+lib/3rdParty/composer/firebase                                       E  2011  Neuman Vong                                    https://github.com/firebase/php-jwt
-lib/3rdParty/composer/firebase                                       F  2011  Neuman Vong
+lib/3rdParty/composer/guzzlehttp                                     B  2015  Michael Dowling                                https://github.com/guzzle/psr7
-lib/3rdParty/composer/guzzlehttp                                     B  2015  Michael Dowling
+lib/3rdParty/composer/http-interop                                   B  2016  Woody Gilk                                     https://github.com/http-interop/http-factory-guzzle
-lib/3rdParty/composer/http-interop                                   B  2016  Woody Gilk
+lib/3rdParty/composer/illuminate                                     B        Taylor Otwell                                  https://github.com/illuminate
-lib/3rdParty/composer/illuminate                                     B        Taylor Otwell
+lib/3rdParty/composer/lcobucci                                       B  2017  Luís Cobucci                                   https://github.com/lcobucci/clock
-lib/3rdParty/composer/nesbot                                         B        Brian Nesbitt
+lib/3rdParty/composer/monolog                                        B  2011  Jordi Boggiano                                 https://github.com/Seldaek/monolog
-lib/3rdParty/composer/monolog                                        B  2011  Jordi Boggiano
+lib/3rdParty/composer/mtdowling                                      B  2014  Michael Dowling                                https://github.com/jmespath/jmespath.php
-lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises
+lib/3rdParty/composer/nesbot                                         B        Brian Nesbitt                                  https://github.com/CarbonPHP/carbon
-lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team
+lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises                 https://github.com/paragonie
-lib/3rdParty/composer/phpmailer                                      I
+lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team                                  https://github.com/php-http/discovery
-lib/3rdParty/composer/phpseclib                                      B  2019  TerraFrost and other contributors
+lib/3rdParty/composer/phpmailer                                      G                                                       https://github.com/PHPMailer/PHPMailer
-lib/3rdParty/composer/psr                                            B        PHP Framework Interoperability Group
+lib/3rdParty/composer/phpseclib                                      B  2019  TerraFrost and other contributors              https://github.com/phpseclib/phpseclib
-lib/3rdParty/composer/ralouphie                                      B  2014  Ralph Khattar
+lib/3rdParty/composer/psr                                            B        PHP Framework Interoperability Group           https://github.com/php-fig
-lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs
+lib/3rdParty/composer/ralouphie                                      B  2014  Ralph Khattar                                  https://github.com/ralouphie/getallheaders
-lib/3rdParty/composer/symfony                                        B  2022  Fabien Potencier
+lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs                                    https://github.com/Spomky-Labs
-lib/3rdParty/composer/thecodingmachine                               B        TheCodingMachine
+lib/3rdParty/composer/symfony                                        B  2022  Fabien Potencier                               https://github.com/symfony
-lib/3rdParty/composer/voku                                           B  2019 Lars Moelleken
+lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs                                    https://github.com/web-auth
-lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs
+lib/3rdParty/composer/web-token                                      B        Florent Morselli                               https://github.com/web-token
-lib/3rdParty/composer/web-token                                      B        Florent Morselli
+lib/3rdParty/composer/webklex                                        B  2016  Webklex                                        https://github.com/Webklex/php-imap
-lib/3rdParty/composer/webklex                                        B  2016  Webklex
+lib/3rdParty/tcpdf                                                   D  2022  Nicola Asuni - Tecnick.com LTD                 https://github.com/tecnickcom/TCPDF
-lib/3rdParty/tcpdf                                                   D  2022  Nicola Asuni - Tecnick.com LTD
+lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah   https://github.com/dejavu-fonts/dejavu-fonts
-lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah
+lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB                                      https://github.com/Yubico/php-yubico
-lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB
+style/010_normalize.css                                              B        Nicolas Gallagher and Jonathan Neal            https://github.com/csstools/normalize.css
-style/010_normalize.css                                              B        Nicolas Gallagher and Jonathan Neal
+style/050_grid.css                                                   B                                                       https://foundation.zurb.com/sites/docs/v/5.5.3/components/grid.html
-style/050_grid.css                                                   B
+templates/lib/*popper*.js                                            B                                                       https://github.com/floating-ui/floating-ui
-templates/lib/*jquery*.js                                            B  2018  jQuery Foundation and other contributors
+templates/lib/*tippy*.js                                             B  2021  atomiks                                        https://github.com/atomiks/tippyjs
-templates/lib/*popper*.js                                            B
+templates/lib/*flatpickr*.js                                         B  2017  Gregory Petrosyan                              https://github.com/flatpickr/flatpickr
-templates/lib/*tippy*.js                                             B  2021  atomiks
+style/600_flatpickr.css                                              B  2017  Gregory Petrosyan                              https://github.com/flatpickr/flatpickr
-templates/lib/*flatpickr*.js                                         B  2017  Gregory Petrosyan
+templates/lib/*sweetalert2*.js                                       B                                                       https://github.com/sweetalert2/sweetalert2
-style/600_flatpickr.css                                              B  2017  Gregory Petrosyan
+style/*sweetalert2*.css                                              B                                                       https://github.com/sweetalert2/sweetalert2
-templates/lib/*sweetalert2*.js                                       B
+templates/lib/410_cropper*.js                                        B  2018  Chen Fengyuan                                  https://github.com/fengyuanchen/cropperjs
-style/*sweetalert2*.css                                              B
+style/600_cropper*.css                                               B  2018  Chen Fengyuan                                  https://github.com/fengyuanchen/cropperjs
-templates/lib/cropper*.js                                            B  2018  Chen Fengyuan
+templates/lib/extra/jodit                                            B        Chupurnov                                      https://github.com/xdan/jodit/
-style/600_cropper*.css                                               B  2018  Chen Fengyuan
+templates/lib/extra/friendlyCaptcha                                  B                                                       https://github.com/FriendlyCaptcha/friendly-challenge
-templates/lib/extra/jodit                                            B        Chupurnov
+templates/lib/400_Sortable*.js                                       B        RubaXa, owenm                                  https://github.com/SortableJS/Sortable
-templates/lib/extra/friendlyCaptcha                                  B
+templates/lib/extra/qrcode/*                                         B  2009  Kazuhiko Arase                                 https://github.com/kazuhikoarase/qrcode-generator
-templates/lib/400_Sortable*.js                                       B        RubaXa, owenm
+templates/lib/extra/tabulator/*                                      B  2024  Oliver Folkerd                                 https://github.com/olifolkerd/tabulator/
-templates/lib/extra/jstree/*                                         B  2014  Ivan Bozhanov
+style/tabulator/*                                                    B  2024  Oliver Folkerd                                 https://github.com/olifolkerd/tabulator/
-style/jstree/*                                                       B  2014  Ivan Bozhanov
+templates/lib/extra/wunderbaum/*                                     B  2024  Martin Wendt                                   https://github.com/mar10/wunderbaum
-templates/lib/extra/qrcode/*                                         B  2009  Kazuhiko Arase
+style/wunderbaum/*                                                   B  2024  Martin Wendt                                   https://github.com/mar10/wunderbaum
-templates/lib/extra/tabulator/*                                      B  2024  Oliver Folkerd
+style/bootstrap-icons/*                                              B  2024  The Bootstrap Authors                          https://icons.getbootstrap.com/
 style/tabulator/*                                                    B  2024  Oliver Folkerd
--- a/lam-packaging/debian/ldap-account-manager.links
+++ b/lam-packaging/debian/ldap-account-manager.links
@ -0,0 +1,8 @@
 /usr/share/doc/ldap-account-manager/docs /usr/share/ldap-account-manager/docs
 /etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg
 /usr/share/php/phpseclib3 /usr/share/ldap-account-manager/lib/3rdParty/composer/phpseclib/phpseclib/phpseclib
 /usr/share/php/Monolog /usr/share/ldap-account-manager/lib/3rdParty/composer/monolog/monolog/src/Monolog
 /usr/share/php/libphp-phpmailer /usr/share/ldap-account-manager/lib/3rdParty/composer/phpmailer/phpmailer
 /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
 /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
 /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
--- a/lam-packaging/debian/minify
+++ b/lam-packaging/debian/minify
@ -8,7 +8,7 @@ if [ ! -e $outFile ]; then
 	for file in $files; do
 		jsFiles="$jsFiles $file"
 	done
-	uglifyjs -o $outFile $jsFiles
+	terser $jsFiles -o $outFile
 	rm $files
 	# add final new line to supress Debian warnings
 	echo "" >> $outFile
--- a/lam-packaging/debian/postinst
+++ b/lam-packaging/debian/postinst
@ -9,26 +9,6 @@ fi
 . /usr/share/debconf/confmodule
 db_version 2.0 || [ $? -lt 30 ]
 # 3rd party libs
 jsThirdPartyLibs='jstree'
 for jsThirdPartyLib in $jsThirdPartyLibs; do
 	if [ ! -L /usr/share/ldap-account-manager/templates/lib/extra/${jsThirdPartyLib} ] ; then
 		ln -s /usr/share/javascript/${jsThirdPartyLib} /usr/share/ldap-account-manager/templates/lib/extra/${jsThirdPartyLib}
 	fi
 done
 if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/composer/phpseclib/phpseclib/phpseclib ] ; then
 	ln -s /usr/share/php/phpseclib3 /usr/share/ldap-account-manager/lib/3rdParty/composer/phpseclib/phpseclib/phpseclib
 fi
 if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/composer/monolog/monolog/src/Monolog ] ; then
 	ln -s /usr/share/php/Monolog /usr/share/ldap-account-manager/lib/3rdParty/composer/monolog/monolog/src/Monolog
 fi
 if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/composer/voku/portable-ascii/src/voku ] ; then
 	ln -s /usr/share/php/voku /usr/share/ldap-account-manager/lib/3rdParty/composer/voku/portable-ascii/src/voku
 fi
 if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/composer/phpmailer/phpmailer ] ; then
 	ln -s /usr/share/php/libphp-phpmailer /usr/share/ldap-account-manager/lib/3rdParty/composer/phpmailer/phpmailer
 fi
 cd /usr/share/ldap-account-manager/config-samples/profiles
 files=`ls -a default.*`
 for file in $files; do
@ -51,15 +31,7 @@ for file in $files; do
 	cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
 	chown www-data /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
 done
-if [ ! -h /usr/share/ldap-account-manager/config ]; then
+
  ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
 fi
 if [ ! -h /usr/share/ldap-account-manager/sess ]; then
  ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
 fi
 if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
  ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
 fi
 chmod 700 /var/lib/ldap-account-manager/config
 chmod 700 /var/lib/ldap-account-manager/tmp
 chmod 700 /var/lib/ldap-account-manager/sess
--- a/lam-packaging/debian/rules
+++ b/lam-packaging/debian/rules
@ -51,7 +51,6 @@ install:
 	cp -r lib/3rdParty/composer debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
 	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/composer/phpseclib/phpseclib/phpseclib
 	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/composer/monolog/monolog/src/Monolog
 	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/composer/voku/portable-ascii/src/voku
 	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/composer/phpmailer/phpmailer
 	cp -r lib/3rdParty/yubico debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
 	cp -r lib/3rdParty/tcpdf debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
@ -60,7 +59,6 @@ install:
 	install -D --mode=644 sess/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/sess/.htaccess
 	cp -r style debian/ldap-account-manager/usr/share/ldap-account-manager/
 	cp -r templates debian/ldap-account-manager/usr/share/ldap-account-manager/
 	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/templates/lib/extra/jstree
 	install -D --mode=755 lib/lamdaemon.pl debian/ldap-account-manager-lamdaemon/usr/share/ldap-account-manager/lib/lamdaemon.pl
 	install -D --mode=755 debian/README-lamdaemon.Debian debian/ldap-account-manager-lamdaemon/usr/share/doc/ldap-account-manager-lamdaemon/README.Debian
@ -77,12 +75,11 @@ binary-indep: build install
 	dh_install
 	dh_compress
 	dh_fixperms
 	dh_link /usr/share/doc/ldap-account-manager/docs /usr/share/ldap-account-manager/docs
 	install -D --mode=644 debian/lam.apache.conf debian/ldap-account-manager/etc/ldap-account-manager/apache.conf
 	install -D --mode=644 debian/lam.nginx.conf debian/ldap-account-manager/etc/ldap-account-manager/nginx.conf
 	install -D --mode=644 config/config.cfg.sample debian/ldap-account-manager/etc/ldap-account-manager/config.cfg
 	dh_link
 	chown www-data debian/ldap-account-manager/etc/ldap-account-manager/config.cfg
 	dh_link /etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg
 	chown www-data debian/ldap-account-manager/etc/ldap-account-manager/config.cfg
 	chown -R www-data debian/ldap-account-manager/var/lib/ldap-account-manager/config
 	chown www-data debian/ldap-account-manager/var/lib/ldap-account-manager/tmp
--- a/lam-packaging/docker/.env
+++ b/lam-packaging/docker/.env
@ -15,10 +15,12 @@ LDAP_GROUPS_DN=ou=groups,dc=my-domain,dc=com
 # LDAP server URL
 LDAP_SERVER=ldap://ldap:389
 # LDAP admin user (set as login user for LAM)
 # Use LDAP_USER_FILE to read the value from a file (e.g. for Docker swarm: docker service create --secret LDAP_USER -e LDAP_USER_FILE=/run/secrets/LDAP_USER ...)
 LDAP_USER=cn=admin,dc=my-domain,dc=com
 # default language, e.g. en_US, de_DE, fr_FR, ...
 LAM_LANG=en_US
 # LAM configuration master password and password for server profile "lam"
 # Use LAM_PASSWORD_FILE to read the value from a file (e.g. for Docker swarm: docker service create --secret LAM_PASSWORD -e LAM_PASSWORD_FILE=/run/secrets/LAM_PASSWORD ...)
 LAM_PASSWORD=lam
 # run cron jobs (LAM Pro)
 LAM_CONFIGURE_CRON=false
@ -32,11 +34,13 @@ LAM_CONFIGURATION_PORT=
 # MySQL user name if database is mysql
 LAM_CONFIGURATION_USER=
 # MySQL password if database is mysql
 # Use LAM_CONFIGURATION_PASSWORD_FILE to read the value from a file (e.g. for Docker swarm: docker service create --secret LAM_CONFIGURATION_PASSWORD -e LAM_CONFIGURATION_PASSWORD_FILE=/run/secrets/LAM_CONFIGURATION_PASSWORD ...)
 LAM_CONFIGURATION_PASSWORD=
 # MySQL database name if database is mysql
 LAM_CONFIGURATION_DATABASE_NAME=
 # LAM Pro license (line breaks can be removed)
 # Use LAM_LICENSE_FILE to read the value from a file (e.g. for Docker swarm: docker service create --secret LAM_LICENSE -e LAM_LICENSE_FILE=/run/secrets/LAM_LICENSE ...)
 LAM_LICENSE=
 # deactivate TLS certificate checks, activate for development only
--- a/lam-packaging/docker/Dockerfile
+++ b/lam-packaging/docker/Dockerfile
@ -2,7 +2,7 @@
 #  Docker image for LDAP Account Manager
 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-#  Copyright (C) 2019 - 2024  Roland Gruber
+#  Copyright (C) 2019 - 2025  Roland Gruber
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -29,7 +29,7 @@
 FROM debian:bookworm-slim
 LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
-ARG LAM_RELEASE=9.0.RC1
+ARG LAM_RELEASE=9.3
 EXPOSE 80
 ENV \
@ -44,6 +44,7 @@ RUN apt-get install -y locales
 RUN sed -i 's/^# *\(ca_ES.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(cz_CZ.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(de_DE.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(el_GR.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(en_GB.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(es_ES.UTF-8\)/\1/' /etc/locale.gen && \
@ -82,12 +83,12 @@ RUN apt-get install --no-install-recommends -y \
        php-mysql \
        php-sqlite3 \
        php-mbstring \
        php-opcache \
        php-apcu \
        wget \
        libldap-common \
        gettext \
        libjs-jquery-jstree \
        php-phpseclib3 \
        php-voku-portable-ascii \
        libphp-phpmailer \
        cron \
    && \
--- a/lam-packaging/docker/docker-compose.yml
+++ b/lam-packaging/docker/docker-compose.yml
@ -3,7 +3,7 @@ services:
  ldap-account-manager:
    build:
      context: .
-    image: ldapaccountmanager/lam:9.0.RC1
+    image: ldapaccountmanager/lam:9.3
    restart: unless-stopped
    ports:
      - "8080:80"
--- a/lam-packaging/docker/start.sh
+++ b/lam-packaging/docker/start.sh
@ -4,7 +4,7 @@
 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 #  Copyright (C) 2019        Felix Bartels
-#                2019 - 2024 Roland Gruber
+#                2019 - 2025 Roland Gruber
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -42,14 +42,13 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
  echo "Configuring LAM"
  LAM_LANG="${LAM_LANG:-en_US}"
-  export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
+  LAM_PASSWORD="${LAM_PASSWORD:-lam}"
  LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
  LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
  LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
  LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
  LDAP_USERS_DN="${LDAP_USERS_DN:-${LDAP_BASE_DN}}"
  LDAP_GROUPS_DN="${LDAP_GROUPS_DN:-${LDAP_BASE_DN}}"
-  LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
+  LDAP_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
  LAM_LICENSE="${LAM_LICENSE:-}"
  LAM_CONFIGURATION_DATABASE="${LAM_CONFIGURATION_DATABASE:-files}"
  LAM_CONFIGURATION_HOST="${LAM_CONFIGURATION_HOST:-}"
@ -58,8 +57,32 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
  LAM_CONFIGURATION_USER="${LAM_CONFIGURATION_USER:-}"
  LAM_CONFIGURATION_PASSWORD="${LAM_CONFIGURATION_PASSWORD:-}"
  # Set an environment variable with the _FILE suffix to override the non-suffixed environment variable with the contents of the specified file
  fileVariables=(
    LDAP_USER
    LAM_PASSWORD
    LAM_CONFIGURATION_PASSWORD
    LAM_LICENSE
  )
  for envVar in "${fileVariables[@]}"; do
      fileEnvVar="${envVar}_FILE"
      if [[ -n "${!fileEnvVar:-}" ]]; then
          if [[ -r "${!fileEnvVar:-}" ]]; then
              export "${envVar}=$(< "${!fileEnvVar}")"
              unset "${fileEnvVar}"
          else
              warn "Skipping export of '${envVar}'. '${!fileEnvVar:-}' is not readable."
          fi
      fi
  done
  unset fileVariables
  export LAM_PASSWORD
  LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
  unset LAM_PASSWORD
  sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
    s|"password": "[^"]*"|"password": "${LAM_PASSWORD_SSHA}"|;
    s|"license": "[^"]*"|"license": "${LAM_LICENSE}"|;
    s|"configDatabaseType": "[^"]*"|"configDatabaseType": "${LAM_CONFIGURATION_DATABASE}"|;
    s|"configDatabaseServer": "[^"]*"|"configDatabaseServer": "${LAM_CONFIGURATION_HOST}"|;
@ -68,7 +91,11 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
    s|"configDatabaseUser": "[^"]*"|"configDatabaseUser": "${LAM_CONFIGURATION_USER}"|;
    s|"configDatabasePassword": "[^"]*"|"configDatabasePassword": "${LAM_CONFIGURATION_PASSWORD}"|;
 EOF
-  unset LAM_PASSWORD
+  if ! grep -e '"password":' /etc/ldap-account-manager/config.cfg > /dev/null; then
    sed -i "2i\ \ \"password\": \"${LAM_PASSWORD_SSHA}\"," /etc/ldap-account-manager/config.cfg
  else
    sed -i "s|\"password\": .*|\"password\": \"${LAM_PASSWORD_SSHA}\",|" /etc/ldap-account-manager/config.cfg
  fi
  set +e
  ls -l /var/lib/ldap-account-manager/config/lam.conf
@ -81,13 +108,17 @@ EOF
  sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
    s|"ServerURL": "[^"]*"|"ServerURL": "${LDAP_SERVER}"|;
-    s|"Admins": "[^"]*"|"Admins": "${LDAP_ADMIN_USER}"|;
+    s|"Admins": "[^"]*"|"Admins": "${LDAP_USER}"|;
    s|"Passwd": "[^"]*"|"Passwd": "${LAM_PASSWORD_SSHA}"|;
    s|"treeViewSuffix": "[^"]*"|"treeViewSuffix": "${LDAP_BASE_DN}"|;
    s|"defaultLanguage": "[^"]*"|"defaultLanguage": "${LAM_LANG}.utf8"|;
    s|"suffix_user": "[^"]*"|"suffix_user": "${LDAP_USERS_DN}"|;
    s|"suffix_group": "[^"]*"|"suffix_group": "${LDAP_GROUPS_DN}"|;
 EOF
  if ! grep -e '"Passwd":' /var/lib/ldap-account-manager/config/lam.conf > /dev/null; then
    sed -i "2i\ \ \"Passwd\": \"${LAM_PASSWORD_SSHA}\"," /var/lib/ldap-account-manager/config/lam.conf
  else
    sed -i "s|\"Passwd\": .*|\"Passwd\": \"${LAM_PASSWORD_SSHA}\",|" /var/lib/ldap-account-manager/config/lam.conf
  fi
 fi
--- a/lam/HISTORY
+++ b/lam/HISTORY
@ -1,6 +1,56 @@
-December 2024 9.0
+December 2025 9.4
 - Main configuration and server profiles require latest file format (introduced in 9.0) (389)
 - LAM Pro:
  -> SMS sending can be done with email2SMS providers (465)
 16.09.2025 9.3
 - New translation: Greek
 - Tree view: added comparison feature (440)
 - Windows: added logon hours (457)
 - Lamdaemon: run /usr/sbin/userdel.local before (and no longer after) home directory is deleted (443)
 - LAM Pro:
  -> SMS support for password sending and password self-reset (441)
  -> Self-Service: clear PPolicy "pwdReset" on password change if needed (448)
 - Fixed bugs:
  -> WebAuthn: 2-factor verification failed: Unable to load the data (453)
  -> Random password generator does not respect server profile rules (458)
  -> XSS in profile editor (low, CVE-2025-58174)
 06.06.2025 9.2
 - PHP 8.4 compatibility
 - TAK support added
 - Active Directory: allow to restore deleted entries in tree view (415)
 - Multi-edit tool: change operations are combined by DN to allow e.g. adding object classes with required attributes (408)
 - Windows users: support thumbnail images (needs to be activated in server profile) (431)
 - Tree view: better editing of olcAccess (420)
 - LAM Pro:
  -> Custom scripts: split config by account type (409)
 - Fixed bugs:
  -> Unix: profile editor for users not working (418)
  -> Custom fields: problems with deleting facsimileTelephoneNumber (419)
  -> Cannot add user (windowsUser) to group (windowsGroup) (444)
 13.03.2025 9.1
 - Usability improvements (347, 348, 360, 403)
 - Active Directory: deleted entries in "CN=Deleted Objects" can be shown (option in server profile, advanced settings)
 - Security: LAM no longer ships with any default passwords, main configuration password is requested on login if not yet set (390)
 - Docker: support to read e.g. configuration password from file to support Docker swarm
 - LAM Pro:
  -> Added support to manage DNS entries of bind-dyndb-ldap (361)
  -> Unix users: support to create a group with same name for rfc2307bis (404)
 - Fixed bugs:
  -> Ambiguous tooltip on profile editor for Shadow users (394)
  -> Self service photo file enhancements (396)
  -> Tree view: delete does not work in French (406)
  -> Cron job mails: show all values for multi-value attribute wildcards (411)
 17.12.2024 9.0
 - New configuration file format for main configuration and server profiles (applied on save, old format can still be read)
- - Unix users: allow to create group with same name via account profile (#332)
+ - Unix users: allow to create group with same name via account profile (332)
 - Group of (unique) names, organisational roles: added member/owner count to PDF fields
 - Windows: display password expiration date
 - Usability improvements (342, 350, 372)
@ -13,6 +63,7 @@ December 2024 9.0
  -> Docker: added option to run cron jobs (346)
  -> Windows: use msDS-UserPasswordExpiryTimeComputed for password expiration job (387)
 - Fixed bugs:
  -> Security fix: Set arbitrary config values due to improper input validation for config values (GHSA-6cp9-j5r7-xhcc, CVE-2024-52792)
  -> Windows: show more than 1000 LDAP entries when paged results is activated in server profile
  -> WebAuthn: support DNs larger than 64 bytes (358)
  -> Wildcard replacements do not work without switching to the module tab (379)
@ -26,7 +77,7 @@ December 2024 9.0
  -> Self registration: added option to generate password
  -> Request access: allow to define an expiration time for memberships/ownerships (284)
  -> Request access: support additional group next to owners (300)
-  -> Request access: auto-refresh views (#324)
+  -> Request access: auto-refresh views (324)
 - Fixed bugs:
  -> Unix users: error log messages on file upload
@ -247,8 +298,8 @@ December 2024 9.0
  - PHP 8.0 compatibility (except tree view)
  - Support copying LDAP entries from account list
  - Account/PDF profiles: management of global templates and logos
-  - Group of names: allow filter by member/owner (#151)
+  - Group of names: allow filter by member/owner (151)
-  - General information: link to groups (#152)
+  - General information: link to groups (152)
  - LAM Pro:
   -> Self registration: support binary attributes (e.g. for jpegPhoto)
   -> Self registration: support custom mail attributes and mail from constant value (149)
@ -260,7 +311,7 @@ December 2024 9.0
 06.12.2020 7.4
-  - Argond2id support for password hashes (requires PHP 7.3) (#113)
+  - Argond2id support for password hashes (requires PHP 7.3) (113)
  - 2-factor authentication:
   -> Support for Okta
   -> WebAuthn devices can be named in Self Service and WebAuthn tool
@ -386,7 +437,7 @@ December 2024 9.0
  - LAM Pro:
   -> Auto deletion of entries with dynamic directory services support (requires PHP 7.2)
  - Fixed bugs:
-   -> Issue when changing key case of uid (#197)
+   -> Issue when changing key case of uid (197)
 20.06.2018 6.4
--- a/lam/README
+++ b/lam/README
@ -15,9 +15,6 @@ LAM - Readme
  Installation and documentation:
    Please see the LAM manual in docs/manual/index.html.
  Default password:
    The default password to edit the configuration options is "lam".
  Download:
    You can get the newest version at https://www.ldap-account-manager.org/.
@ -25,4 +22,4 @@ LAM - Readme
    LAM is published under the GNU General Public License.
    The complete list of licenses can be found in the copyright file.
-  Copyright (C) 2003 - 2024 Roland Gruber <post@rolandgruber.de>
+  Copyright (C) 2003 - 2025 Roland Gruber <post@rolandgruber.de>
--- a/lam/VERSION
+++ b/lam/VERSION
@ -1 +1 @@
-9.0.RC1
+9.3
--- a/lam/composer.json
+++ b/lam/composer.json
@ -1,6 +1,6 @@
 {
  "name": "ldap-account-manager/ldap-account-manager",
-  "version": "9.0",
+  "version": "9.3",
  "config": {
    "vendor-dir": "lib/3rdParty/composer",
    "platform": {
@ -13,19 +13,31 @@
  "require": {
    "web-auth/webauthn-lib": "^4",
    "web-auth/cose-lib": "^v4",
    "web-auth/metadata-service": "^4",
    "symfony/psr-http-message-bridge": "^6",
    "symfony/http-foundation": "^6.0",
    "symfony/http-client": "^6",
    "http-interop/http-factory-guzzle": "^1.2",
-    "webklex/php-imap" : "^5.5",
+    "webklex/php-imap": "^6",
    "phpmailer/phpmailer": "~6.5",
    "guzzlehttp/psr7": "^2",
    "paragonie/random_compat": "^2.0",
    "phpseclib/phpseclib": "^3.0",
    "christian-riesen/base32": "^1.6",
    "facile-it/php-openid-client": "^0",
    "spomky-labs/aes-key-wrap": "^7",
    "monolog/monolog": "^3",
-    "duosecurity/duo_universal_php": "^1.0"
+    "duosecurity/duo_universal_php": "^1.0",
    "aws/aws-sdk-php": "^3"
  },
  "scripts": {
    "pre-autoload-dump": "Aws\\Script\\Composer\\Composer::removeUnusedServices"
  },
  "extra": {
    "aws/aws-sdk-php": [
      "Sns"
    ]
  }
 }
--- a/lam/composer.lock
+++ b/lam/composer.lock
--- a/lam/config/addressbook.sample.conf
+++ b/lam/config/addressbook.sample.conf
@ -3,7 +3,6 @@
  "useTLS": "yes",
  "followReferrals": "false",
  "pagedResults": "false",
  "Passwd": "{CRYPT-SHA512}$6$ZJcXwaxHP0GQH0Rd$Ggkn8Wz\/8ntCM9v0TywomjkgSvV.3BoayFwnc9QP3MV.b7HWaqLOA8urP2e7HyEmU\/JmC8xR7jTqrXCHC4kFr. WkpjWHdheEhQMEdRSDBSZA==",
  "Admins": "cn=Manager,dc=my-domain,dc=com",
  "defaultLanguage": "en_GB.utf8",
  "scriptPath": "",
--- a/lam/config/config.cfg.sample
+++ b/lam/config/config.cfg.sample
@ -1,5 +1,4 @@
 {
  "password": "{CRYPT-SHA512}$6$WheNHdlVwDoL4s.x$DrZ10TpIGQa5wd0jbvtm8eaTleJCf1nec3ihOaNwMdPUKVFCphXwtnTSmFFXjhGa45RlrSEWhDVyjLCMiV\/.c. V2hlTkhkbFZ3RG9MNHMueA==",
  "default": "lam",
  "sessionTimeout": "30",
  "hideLoginErrorDetails": "false",
--- a/lam/config/language
+++ b/lam/config/language
@ -26,6 +26,9 @@ es_ES.utf8:UTF-8:Español (España)
 # French
 fr_FR.utf8:UTF-8:Français (France)
 # Greek
 el_GR.utf8:UTF-8:Ελληνικά (Ελλάδα)
 # Italian
 it_IT.utf8:UTF-8:Italiano (Italia)
--- a/lam/config/samba3.sample.conf
+++ b/lam/config/samba3.sample.conf
@ -3,7 +3,6 @@
  "useTLS": "yes",
  "followReferrals": "false",
  "pagedResults": "false",
  "Passwd": "{CRYPT-SHA512}$6$MUWJEkvtUY7G5sFA$QS6voQCksH9gNbbbQpjDKt65iez9bgKQI2x60DAffCK5.LO\/\/QfYTetQ6V2PlUR32CTkuhlSXSGXnH9scD\/zb0 TVVXSkVrdnRVWTdHNXNGQQ==",
  "Admins": "cn=Manager,dc=my-domain,dc=com",
  "defaultLanguage": "en_GB.utf8",
  "scriptPath": "",
--- a/lam/config/templates/pdf/default.bindDyndbType.xml
+++ b/lam/config/templates/pdf/default.bindDyndbType.xml
@ -0,0 +1,18 @@
 <pdf filename="printLogo.jpg" headline="DNS information" foldingmarks="no">
 	<section name="_bindDyndbZone_idnsname">
 		<entry name="bindDyndbZone_idnssoaexpire"/>
 		<entry name="bindDyndbZone_idnssoarefresh"/>
 		<entry name="bindDyndbZone_idnssoaminimum"/>
 		<entry name="bindDyndbZone_idnssoaretry"/>
 		<entry name="bindDyndbZone_idnssoamname"/>
 		<entry name="bindDyndbZone_idnssoarname"/>
 		<entry name="bindDyndbZone_idnssoaserial"/>
 		<entry name="bindDyndbZone_dnsdefaultttl"/>
 		<entry name="bindDyndbZone_idnszoneactive"/>
 		<entry name="bindDyndbZone_nsrecord"/>
 		<entry name="bindDyndbZone_mxrecord"/>
 		<entry name="bindDyndbZone_arecord"/>
 		<entry name="bindDyndbZone_aaaarecord"/>
 		<entry name="bindDyndbZone_txtrecord"/>
 	</section>
 </pdf>
--- a/lam/config/templates/profiles/default.bindDyndbType
+++ b/lam/config/templates/profiles/default.bindDyndbType
@ -0,0 +1,6 @@
 ldap_suffix: -
 ldap_rdn: idnsname
 bindDyndbZone_idnssoaexpire: 604800
 bindDyndbZone_idnssoaminimum: 86400
 bindDyndbZone_idnssoarefresh: 2800
 bindDyndbZone_idnssoaretry: 7200
--- a/lam/config/unix.sample.conf
+++ b/lam/config/unix.sample.conf
@ -3,7 +3,6 @@
  "useTLS": "no",
  "followReferrals": "false",
  "pagedResults": "false",
  "Passwd": "{CRYPT-SHA512}$6$zvb8WVEHSAKEGtGO$573kA9Us8LtGLLm5Gu87P\/vIiF\/2Ol\/DauzPmUpvC4eCL\/t0WWiwBaY19Rx5G3wzbeZWWlE1kp2fikrpZTZ51\/ enZiOFdWRUhTQUtFR3RHTw==",
  "Admins": "cn=Manager,dc=my-domain,dc=com",
  "defaultLanguage": "en_GB.utf8",
  "scriptPath": "",
--- a/lam/config/windows_samba4.sample.conf
+++ b/lam/config/windows_samba4.sample.conf
@ -3,7 +3,6 @@
  "useTLS": "no",
  "followReferrals": "false",
  "pagedResults": "false",
  "Passwd": "{CRYPT-SHA512}$6$9IWWua4lbp7uiLCC$AHPgST1YAm3yUAWKGeNZ5f9GCo1wBGyVo3MGvAt6.UOtQ9dYxs4WeQ4mlzjR30rD6cRayMNRBWqYFuBLvzn9T0 OUlXV3VhNGxicDd1aUxDQw==",
  "Admins": "cn=Administrator,cn=users,dc=my-domain,dc=com",
  "defaultLanguage": "en_GB.utf8",
  "scriptPath": "",
--- a/lam/copyright
+++ b/lam/copyright
@ -1,4 +1,4 @@
-This software is copyright (c) 2003 - 2024 by Roland Gruber
+This software is copyright (c) 2003 - 2025 by Roland Gruber
 If you purchased a copy of LDAP Account Manager Pro then the following
 files are licensed under the conditions which you accepted at purchase
@ -17,6 +17,8 @@ time.
 * lib/modules/automount.inc
 * lib/modules/bindDLZ.inc
 * lib/modules/bindDLZXfr.inc
 * lib/modules/bindDyndbRecord.inc
 * lib/modules/bindDyndbZone.inc
 * lib/modules/customBaseType.inc
 * lib/modules/customFields.inc
 * lib/modules/customScripts.inc
@ -56,6 +58,7 @@ time.
 * lib/modules/rfc2307bisAutomount.inc
 * lib/modules/rfc2307bisPosixGroup.inc
 * lib/modules/selfRegistration.inc
 * lib/modules/simpleSecurityObject.inc
 * lib/modules/sudoRole.inc
 * lib/modules/uidObject.inc
 * lib/modules/webauthn.inc
@ -64,6 +67,7 @@ time.
 * lib/types/alias.inc
 * lib/types/automountType.inc
 * lib/types/bind.inc
 * lib/types/bindDyndbType.inc
 * lib/types/customType.inc
 * lib/types/gon.inc
 * lib/types/kopanoAddressListType.inc
@ -93,7 +97,8 @@ All other files are licensed under the conditions below.
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-The complete license can be found in the file COPYING.
+The complete license can be found in the file COPYING or in
 /usr/share/common-licenses/GPL-3 (Debian/Ubuntu).
 Some parts of this package have other, compatible licences. These are:
@ -407,33 +412,6 @@ D:
 E:
  Duo
  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions
  are met:
  1. Redistributions of source code must retain the above copyright
     notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright
     notice, this list of conditions and the following disclaimer in the
     documentation and/or other materials provided with the distribution.
  3. The name of the author may not be used to endorse or promote products
     derived from this software without specific prior written permission.
  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 F:  
  3-Clause BSD License
  Redistribution and use in source and binary forms, with or without
@ -462,7 +440,7 @@ F:
  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-G:
+F:
  2-Clause BSD License
  Redistribution and use in source and binary forms, with or without modification,
@ -486,38 +464,8 @@ G:
  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  POSSIBILITY OF SUCH DAMAGE.
 H:
  3-Clause BSD License
-Redistribution and use in source and binary forms, with or without
+G:
 modification, are permitted provided that the following conditions are met:
    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above
      copyright notice, this list of conditions and the following
      disclaimer in the documentation and/or other materials provided
      with the distribution.
    * Neither the name of the copyright holder nor the names of its
      contributors may be used to endorse or promote products derived
      from this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 I:
                  GNU LESSER GENERAL PUBLIC LICENSE
                       Version 2.1, February 1999
@ -972,217 +920,199 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
-J:
+H:
-Apache 2.0
+  Apache License 2.0
 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-1. Definitions.
+## 1. Definitions.
-"License" shall mean the terms and conditions for use, reproduction, and
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1
-distribution as defined by Sections 1 through 9 of this document.
+through 9 of this document.
-"Licensor" shall mean the copyright owner or entity authorized by the copyright
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the
-owner that is granting the License.
+License.
-"Legal Entity" shall mean the union of the acting entity and all other entities
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled
-that control, are controlled by, or are under common control with that entity.
+by, or are under common control with that entity. For the purposes of this definition, "control" means
-For the purposes of this definition, "control" means (i) the power, direct or
+(i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract
-indirect, to cause the direction or management of such entity, whether by
+or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
-contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ownership of such entity.
 outstanding shares, or (iii) beneficial ownership of such entity.
-You" (or "Your") shall mean an individual or Legal Entity exercising
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
 permissions granted by this License.
-"Source" form shall mean the preferred form for making modifications, including
+"Source" form shall mean the preferred form for making modifications, including but not limited to software
-but not limited to software source code, documentation source, and
+source code, documentation source, and configuration files.
 configuration files.
-"Object" form shall mean any form resulting from mechanical transformation or
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form,
-translation of a Source form, including but not limited to compiled object
+including but not limited to compiled object code, generated documentation, and conversions to other media
-code, generated documentation, and conversions to other media types.
+types.
-"Work" shall mean the work of authorship, whether in Source or Object form,
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License,
-made available under the License, as indicated by a copyright notice that is
+as indicated by a copyright notice that is included in or attached to the work (an example is provided in the
-included in or attached to the work (an example is provided in the Appendix
+Appendix below).
 below).
-"Derivative Works" shall mean any work, whether in Source or Object form, that
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from)
-is based on (or derived from) the Work and for which the editorial revisions,
+the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent,
-annotations, elaborations, or other modifications represent, as a whole, an
+as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not
-original work of authorship. For the purposes of this License, Derivative Works
+include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work
-shall not include works that remain separable from, or merely link (or bind by
+and Derivative Works thereof.
 name) to the interfaces of, the Work and Derivative Works thereof.
-"Contribution" shall mean any work of authorship, including the original
+"Contribution" shall mean any work of authorship, including the original version of the Work and any
-version of the Work and any modifications or additions to that Work or
+modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to
-Derivative Works thereof, that is intentionally submitted to Licensor for
+Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to
-inclusion in the Work by the copyright owner or by an individual or Legal
+submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of
-Entity authorized to submit on behalf of the copyright owner. For the purposes
+electronic, verbal, or written communication sent to the Licensor or its representatives, including but not
-of this definition, "submitted" means any form of electronic, verbal, or
+limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
-written communication sent to the Licensor or its representatives, including
+that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but
-but not limited to communication on electronic mailing lists, source code
+excluding communication that is conspicuously marked or otherwise designated in writing by the copyright
-control systems, and issue tracking systems that are managed by, or on behalf
+owner as "Not a Contribution."
 of, the Licensor for the purpose of discussing and improving the Work, but
 excluding communication that is conspicuously marked or otherwise designated in
 writing by the copyright owner as "Not a Contribution."
-"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been
-of whom a Contribution has been received by Licensor and subsequently
+received by Licensor and subsequently incorporated within the Work.
 incorporated within the Work.
 2. Grant of Copyright License. Subject to the terms and conditions of this
 License, each Contributor hereby grants to You a perpetual, worldwide,
 non-exclusive, no-charge, royalty-free, irrevocable copyright license to
 reproduce, prepare Derivative Works of, publicly display, publicly perform,
 sublicense, and distribute the Work and such Derivative Works in Source or
 Object form.
-3. Grant of Patent License. Subject to the terms and conditions of this
+## 2. Grant of Copyright License.
 License, each Contributor hereby grants to You a perpetual, worldwide,
 non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this
 section) patent license to make, have made, use, offer to sell, sell, import,
 and otherwise transfer the Work, where such license applies only to those
 patent claims licensable by such Contributor that are necessarily infringed by
 their Contribution(s) alone or by combination of their Contribution(s) with the
 Work to which such Contribution(s) was submitted. If You institute patent
 litigation against any entity (including a cross-claim or counterclaim in a
 lawsuit) alleging that the Work or a Contribution incorporated within the Work
 constitutes direct or contributory patent infringement, then any patent
 licenses granted to You under this License for that Work shall terminate as of
 the date such litigation is filed.
-4. Redistribution. You may reproduce and distribute copies of the Work or
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
-Derivative Works thereof in any medium, with or without modifications, and in
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
-Source or Object form, provided that You meet the following conditions:
+Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such
 Derivative Works in Source or Object form.
-(a) You must give any other recipients of the Work or Derivative Works a copy
+## 3. Grant of Patent License.
 of this License; and
-(b) You must cause any modified files to carry prominent notices stating that
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
-You changed the files; and
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent
 license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
 license applies only to those patent claims licensable by such Contributor that are necessarily infringed by
 their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such
 Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim
 or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
 constitutes direct or contributory patent infringement, then any patent licenses granted to You under this
 License for that Work shall terminate as of the date such litigation is filed.
-(c) You must retain, in the Source form of any Derivative Works that You
+## 4. Redistribution.
 distribute, all copyright, patent, trademark, and attribution notices from the
 Source form of the Work, excluding those notices that do not pertain to any
 part of the Derivative Works; and
-(d) If the Work includes a "NOTICE" text file as part of its distribution, then
+You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without
-any Derivative Works that You distribute must include a readable copy of the
+modifications, and in Source or Object form, provided that You meet the following conditions:
 attribution notices contained within such NOTICE file, excluding those notices
 that do not pertain to any part of the Derivative Works, in at least one of the
 following places: within a NOTICE text file distributed as part of the
 Derivative Works; within the Source form or documentation, if provided along
 with the Derivative Works; or, within a display generated by the Derivative
 Works, if and wherever such third-party notices normally appear. The contents
 of the NOTICE file are for informational purposes only and do not modify the
 License. You may add Your own attribution notices within Derivative Works that
 You distribute, alongside or as an addendum to the NOTICE text from the Work,
 provided that such additional attribution notices cannot be construed as
 modifying the License.
-You may add Your own copyright statement to Your modifications and may provide
+   1. You must give any other recipients of the Work or Derivative Works a copy of this License; and
 additional or different license terms and conditions for use, reproduction, or
 distribution of Your modifications, or for any such Derivative Works as a
 whole, provided Your use, reproduction, and distribution of the Work otherwise
 complies with the conditions stated in this License.
-5. Submission of Contributions. Unless You explicitly state otherwise, any
+   2. You must cause any modified files to carry prominent notices stating that You changed the files; and
 Contribution intentionally submitted for inclusion in the Work by You to the
 Licensor shall be under the terms and conditions of this License, without any
 additional terms or conditions. Notwithstanding the above, nothing herein shall
 supersede or modify the terms of any separate license agreement you may have
 executed with Licensor regarding such Contributions.
-6. Trademarks. This License does not grant permission to use the trade names,
+   3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent,
-trademarks, service marks, or product names of the Licensor, except as required
+	  trademark, and attribution notices from the Source form of the Work, excluding those notices that do
-for reasonable and customary use in describing the origin of the Work and
+	  not pertain to any part of the Derivative Works; and
   4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that
 	  You distribute must include a readable copy of the attribution notices contained within such NOTICE
 	  file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one
 	  of the following places: within a NOTICE text file distributed as part of the Derivative Works; within
 	  the Source form or documentation, if provided along with the Derivative Works; or, within a display
 	  generated by the Derivative Works, if and wherever such third-party notices normally appear. The
 	  contents of the NOTICE file are for informational purposes only and do not modify the License. You may
 	  add Your own attribution notices within Derivative Works that You distribute, alongside or as an
 	  addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be
 	  construed as modifying the License.
 You may add Your own copyright statement to Your modifications and may provide additional or different license
 terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative
 Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the
 conditions stated in this License.
 ## 5. Submission of Contributions.
 Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by
 You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
 conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate
 license agreement you may have executed with Licensor regarding such Contributions.
 ## 6. Trademarks.
 This License does not grant permission to use the trade names, trademarks, service marks, or product names of
 the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
 reproducing the content of the NOTICE file.
-7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
+## 7. Disclaimer of Warranty.
 writing, Licensor provides the Work (and each Contributor provides its
 Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 KIND, either express or implied, including, without limitation, any warranties
 or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
 PARTICULAR PURPOSE. You are solely responsible for determining the
 appropriateness of using or redistributing the Work and assume any risks
 associated with Your exercise of permissions under this License.
-8. Limitation of Liability. In no event and under no legal theory, whether in
+Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor
-tort (including negligence), contract, or otherwise, unless required by
+provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-applicable law (such as deliberate and grossly negligent acts) or agreed to in
+or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
-writing, shall any Contributor be liable to You for damages, including any
+MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
-direct, indirect, special, incidental, or consequential damages of any
+appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of
-character arising as a result of this License or out of the use or inability to
+permissions under this License.
 use the Work (including but not limited to damages for loss of goodwill, work
 stoppage, computer failure or malfunction, or any and all other commercial
 damages or losses), even if such Contributor has been advised of the
 possibility of such damages.
-9. Accepting Warranty or Additional Liability. While redistributing the Work or
+## 8. Limitation of Liability.
 Derivative Works thereof, You may choose to offer, and charge a fee for,
 acceptance of support, warranty, indemnity, or other liability obligations
 and/or rights consistent with this License. However, in accepting such
 obligations, You may act only on Your own behalf and on Your sole
 responsibility, not on behalf of any other Contributor, and only if You agree
 to indemnify, defend, and hold each Contributor harmless for any liability
 incurred by, or claims asserted against, such Contributor by reason of your
 accepting any such warranty or additional liability.
 In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless
 required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any
 Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential
 damages of any character arising as a result of this License or out of the use or inability to use the Work
 (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or
 any and all other commercial damages or losses), even if such Contributor has been advised of the possibility
 of such damages.
 ## 9. Accepting Warranty or Additional Liability.
 While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for,
 acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this
 License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole
 responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold
 each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason
 of your accepting any such warranty or additional liability.
 END OF TERMS AND CONDITIONS
 Programs and licenses with other licenses and/or authors than the
 main license and authors:
-graphics/webauthn.svg                                                F  2017  Duo Security, Inc.
+graphics/webauthn.svg                                                E  2017  Duo Security, Inc.                             https://github.com/duo-labs/webauthn.io
-lib/3rdParty/composer/beberlei                                       G  2013  Benjamin Eberlei
+lib/3rdParty/composer/aws                                            H        Amazon Web Services                            https://github.com/aws/aws-sdk-php, https://github.com/awslabs/aws-crt-php
-lib/3rdParty/composer/brick                                          B        Benjamin Morel
+lib/3rdParty/composer/brick                                          B        Benjamin Morel                                 https://github.com/brick/math
-lib/3rdParty/composer/carbonphp                                      B  2023  Carbon
+lib/3rdParty/composer/carbonphp                                      B  2023  Carbon                                         https://github.com/CarbonPHP/carbon-doctrine-types
-lib/3rdParty/composer/christian-riesen                               B        Christian Riesen
+lib/3rdParty/composer/christian-riesen                               B        Christian Riesen                               https://github.com/ChristianRiesen/base32
-lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano
+lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano                  https://github.com/composer/composer
-lib/3rdParty/composer/doctrine                                       B        Doctrine Project
+lib/3rdParty/composer/doctrine                                       B        Doctrine Project                               https://github.com/doctrine
-lib/3rdParty/composer/duo                                            E        Cisco Systems, Inc. and/or its affiliates
+lib/3rdParty/composer/duosecurity                                    E        Cisco Systems, Inc. and/or its affiliates      https://github.com/duosecurity/duo_universal_php
-lib/3rdParty/composer/facile-it                                      B        Thomas Vargiu
+lib/3rdParty/composer/facile-it                                      B        Thomas Vargiu                                  https://github.com/facile-it
-lib/3rdParty/composer/fgrosse                                        B  2015  Friedrich Große
+lib/3rdParty/composer/firebase                                       E  2011  Neuman Vong                                    https://github.com/firebase/php-jwt
-lib/3rdParty/composer/firebase                                       F  2011  Neuman Vong
+lib/3rdParty/composer/guzzlehttp                                     B  2015  Michael Dowling                                https://github.com/guzzle/psr7
-lib/3rdParty/composer/guzzlehttp                                     B  2015  Michael Dowling
+lib/3rdParty/composer/http-interop                                   B  2016  Woody Gilk                                     https://github.com/http-interop/http-factory-guzzle
-lib/3rdParty/composer/http-interop                                   B  2016  Woody Gilk
+lib/3rdParty/composer/illuminate                                     B        Taylor Otwell                                  https://github.com/illuminate
-lib/3rdParty/composer/illuminate                                     B        Taylor Otwell
+lib/3rdParty/composer/lcobucci                                       B  2017  Luís Cobucci                                   https://github.com/lcobucci/clock
-lib/3rdParty/composer/nesbot                                         B        Brian Nesbitt
+lib/3rdParty/composer/monolog                                        B  2011  Jordi Boggiano                                 https://github.com/Seldaek/monolog
-lib/3rdParty/composer/monolog                                        B  2011  Jordi Boggiano
+lib/3rdParty/composer/mtdowling                                      B  2014  Michael Dowling                                https://github.com/jmespath/jmespath.php
-lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises
+lib/3rdParty/composer/nesbot                                         B        Brian Nesbitt                                  https://github.com/CarbonPHP/carbon
-lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team
+lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises                 https://github.com/paragonie
-lib/3rdParty/composer/phpmailer                                      I
+lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team                                  https://github.com/php-http/discovery
-lib/3rdParty/composer/phpseclib                                      B  2019  TerraFrost and other contributors
+lib/3rdParty/composer/phpmailer                                      G                                                       https://github.com/PHPMailer/PHPMailer
-lib/3rdParty/composer/psr                                            B        PHP Framework Interoperability Group
+lib/3rdParty/composer/phpseclib                                      B  2019  TerraFrost and other contributors              https://github.com/phpseclib/phpseclib
-lib/3rdParty/composer/ralouphie                                      B  2014  Ralph Khattar
+lib/3rdParty/composer/psr                                            B        PHP Framework Interoperability Group           https://github.com/php-fig
-lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs
+lib/3rdParty/composer/ralouphie                                      B  2014  Ralph Khattar                                  https://github.com/ralouphie/getallheaders
-lib/3rdParty/composer/symfony                                        B  2022  Fabien Potencier
+lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs                                    https://github.com/Spomky-Labs
-lib/3rdParty/composer/thecodingmachine                               B        TheCodingMachine
+lib/3rdParty/composer/symfony                                        B  2022  Fabien Potencier                               https://github.com/symfony
-lib/3rdParty/composer/voku                                           B  2019 Lars Moelleken
+lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs                                    https://github.com/web-auth
-lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs
+lib/3rdParty/composer/web-token                                      B        Florent Morselli                               https://github.com/web-token
-lib/3rdParty/composer/web-token                                      B        Florent Morselli
+lib/3rdParty/composer/webklex                                        B  2016  Webklex                                        https://github.com/Webklex/php-imap
-lib/3rdParty/composer/webklex                                        B  2016  Webklex
+lib/3rdParty/tcpdf                                                   D  2022  Nicola Asuni - Tecnick.com LTD                 https://github.com/tecnickcom/TCPDF
-lib/3rdParty/tcpdf                                                   D  2022  Nicola Asuni - Tecnick.com LTD
+lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah   https://github.com/dejavu-fonts/dejavu-fonts
-lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah
+lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB                                      https://github.com/Yubico/php-yubico
-lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB
+style/010_normalize.css                                              B        Nicolas Gallagher and Jonathan Neal            https://github.com/csstools/normalize.css
-style/010_normalize.css                                              B        Nicolas Gallagher and Jonathan Neal
+style/050_grid.css                                                   B                                                       https://foundation.zurb.com/sites/docs/v/5.5.3/components/grid.html
-style/050_grid.css                                                   B
+templates/lib/*popper*.js                                            B                                                       https://github.com/floating-ui/floating-ui
-templates/lib/*jquery*.js                                            B  2018  jQuery Foundation and other contributors
+templates/lib/*tippy*.js                                             B  2021  atomiks                                        https://github.com/atomiks/tippyjs
-templates/lib/*popper*.js                                            B
+templates/lib/*flatpickr*.js                                         B  2017  Gregory Petrosyan                              https://github.com/flatpickr/flatpickr
-templates/lib/*tippy*.js                                             B  2021  atomiks
+style/600_flatpickr.css                                              B  2017  Gregory Petrosyan                              https://github.com/flatpickr/flatpickr
-templates/lib/*flatpickr*.js                                         B  2017  Gregory Petrosyan
+templates/lib/*sweetalert2*.js                                       B                                                       https://github.com/sweetalert2/sweetalert2
-style/600_flatpickr.css                                              B  2017  Gregory Petrosyan
+style/*sweetalert2*.css                                              B                                                       https://github.com/sweetalert2/sweetalert2
-templates/lib/*sweetalert2*.js                                       B
+templates/lib/410_cropper*.js                                        B  2018  Chen Fengyuan                                  https://github.com/fengyuanchen/cropperjs
-style/*sweetalert2*.css                                              B
+style/600_cropper*.css                                               B  2018  Chen Fengyuan                                  https://github.com/fengyuanchen/cropperjs
-templates/lib/cropper*.js                                            B  2018  Chen Fengyuan
+templates/lib/extra/jodit                                            B        Chupurnov                                      https://github.com/xdan/jodit/
-style/600_cropper*.css                                               B  2018  Chen Fengyuan
+templates/lib/extra/friendlyCaptcha                                  B                                                       https://github.com/FriendlyCaptcha/friendly-challenge
-templates/lib/extra/jodit                                            B        Chupurnov
+templates/lib/400_Sortable*.js                                       B        RubaXa, owenm                                  https://github.com/SortableJS/Sortable
-templates/lib/extra/friendlyCaptcha                                  B
+templates/lib/extra/qrcode/*                                         B  2009  Kazuhiko Arase                                 https://github.com/kazuhikoarase/qrcode-generator
-templates/lib/400_Sortable*.js                                       B        RubaXa, owenm
+templates/lib/extra/tabulator/*                                      B  2024  Oliver Folkerd                                 https://github.com/olifolkerd/tabulator/
-templates/lib/extra/jstree/*                                         B  2014  Ivan Bozhanov
+style/tabulator/*                                                    B  2024  Oliver Folkerd                                 https://github.com/olifolkerd/tabulator/
-style/jstree/*                                                       B  2014  Ivan Bozhanov
+templates/lib/extra/wunderbaum/*                                     B  2024  Martin Wendt                                   https://github.com/mar10/wunderbaum
-templates/lib/extra/qrcode/*                                         B  2009  Kazuhiko Arase
+style/wunderbaum/*                                                   B  2024  Martin Wendt                                   https://github.com/mar10/wunderbaum
-templates/lib/extra/tabulator/*                                      B  2024  Oliver Folkerd
+style/bootstrap-icons/*                                              B  2024  The Bootstrap Authors                          https://icons.getbootstrap.com/
 style/tabulator/*                                                    B  2024  Oliver Folkerd
--- a/lam/docs/devel/upgrade.htm
+++ b/lam/docs/devel/upgrade.htm
@ -60,6 +60,23 @@ This is a list of API changes for all LAM releases.
 <br>
 <h2>9.2 -&gt; 9.3</h2>
 <ul>
  <li>Module/Type API
    <ul>
      <li>Added defined parameter and return types to some methods (e.g. "getTitleBarSubtitle")</li>
      <li>getPasswordQuickChangeOptions(): new parameter $forcePasswordChangeByDefault</li>
    </ul>
  </li>
 </ul>
 <h2>9.0 -&gt; 9.1</h2>
 <ul>
  <li>JavaScript
    <ul>
      <li>jQuery was removed from the project</li>
    </ul>
  </li>
 </ul>
 <h2>8.4 -&gt; 8.5</h2>
 <ul>
  <li>Files in "tmp" directory must be managed via class LamTemporaryFilesManager</li>
--- a/lam/docs/manual-sources/appendix-lamdaemon.xml
+++ b/lam/docs/manual-sources/appendix-lamdaemon.xml
@ -2,22 +2,20 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
 <appendix id="a_lamdaemon">
-    <title>Setup for home directory and quota management</title>
+  <title>Setup lamdaemon for home directory and quota management</title>
-    <para>Lamdaemon.pl is used to modify quota and home directories on a
+  <para>Lamdaemon.pl is used to modify quota and home directories on a remote
-    remote or local host via SSH (even if homedirs are located on
+  or local host via SSH (even if homedirs are located on localhost).</para>
    localhost).</para>
-    <para>If you want wo use it you have to set up the following things to get
+  <para>If you want to use it you have to set up the following things to get
  it to work:</para>
-    <section>
+  <para><emphasis role="bold">Installation</emphasis></para>
      <title>Installation</title>
-      <para>First of all, you need to install lamdaemon.pl on your remote
+  <para>First of all, you need to install lamdaemon.pl on your remote server
-      server where LAM should manage homedirs and/or quota. This is usually a
+  where LAM should manage homedirs and/or quota. This is usually a different
-      different server than the one where LAM is installed. But there is no
+  server than the one where LAM is installed. But there is no problem if it is
-      problem if it is the same.</para>
+  the same.</para>
  <screenshot>
    <mediaobject>
@ -27,29 +25,28 @@
    </mediaobject>
  </screenshot>
-      <para></para>
+  <para/>
-      <para><emphasis role="bold">Debian based (e.g. also
+  <itemizedlist>
-      Ubuntu)</emphasis></para>
+    <listitem>
      <para>Debian based (e.g. also Ubuntu): Please install the lamdaemon DEB
      package on your quota/homedir server.</para>
    </listitem>
-      <para>Please install the lamdaemon DEB package on your quota/homedir
+    <listitem>
-      server.</para>
+      <para>RPM based (Fedora, CentOS, Suse, ...): Please install the
      lamdaemon RPM package on your quota/homedir server.</para>
    </listitem>
-      <para><emphasis role="bold">RPM based (Fedora, CentOS, Suse,
+    <listitem>
-      ...)</emphasis></para>
+      <para>Other: Please copy lib/lamdaemon.pl from the LAM tar.bz2 package
-
+      to your quota/homedir server. The location may be anywhere (e.g. use
      <para>Please install the lamdaemon RPM package on your quota/homedir
      server.</para>
      <para><emphasis role="bold">Other</emphasis></para>
      <para>Please copy lib/lamdaemon.pl from the LAM tar.bz2 package to your
      quota/homedir server. The location may be anywhere (e.g. use
      /opt/lamdaemon). Please make the lamdaemon.pl script executable.</para>
-    </section>
+    </listitem>
  </itemizedlist>
-    <section id="a_lamdaemonConf">
+  <para><emphasis role="bold">LAM server profile
-      <title>LDAP Account Manager configuration</title>
+  configuration</emphasis></para>
  <itemizedlist>
    <listitem>
@ -58,26 +55,25 @@
    </listitem>
    <listitem>
-          <para>Path to lamdaemon.pl, e.g.
+      <para>Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl If
-          /srv/www/htdocs/lam/lib/lamdaemon.pl If you installed a DEB or
+      you installed a DEB or RPM package then the script will be located at
          RPM package then the script will be located at
      /usr/share/ldap-account-manager/lib/lamdaemon.pl.</para>
    </listitem>
    <listitem>
-          <para>Your LAM admin user must be a valid Unix account. It needs to
+      <para id="a_lamdaemonConf">Your LAM admin user must be a valid Unix
-          have the object class "posixAccount" and an attribute "uid". This
+      account. It needs to have the object class "posixAccount" and an
-          account must be accepted by the SSH daemon of your home directory
+      attribute "uid". This account must be accepted by the SSH daemon of your
-          server. Do not create a second local account but change your system
+      home directory server. Do not create a second local account but change
-          to accept LDAP users. You can use LAM to add the Unix account part
+      your system to accept LDAP users. You can use LAM to add the Unix
-          to your admin user or create a new account. Please do not forget to
+      account part to your admin user or create a new account. Please do not
-          setup LDAP write access (<ulink
+      forget to setup LDAP write access (<ulink
      url="http://www.openldap.org/doc/admin24/access-control.html">ACLs</ulink>)
      if you create a new account.</para>
    </listitem>
  </itemizedlist>
-      <para></para>
+  <para/>
  <screenshot>
    <mediaobject>
@ -87,8 +83,8 @@
    </mediaobject>
  </screenshot>
-      <para>Note that the builtin admin/manager entries do not work for
+  <para>Note that the builtin admin/manager entries do not work for lamdaemon.
-      lamdaemon. You need to login with a Unix account.</para>
+  You need to login with a Unix account.</para>
  <screenshot>
    <mediaobject>
@ -98,44 +94,37 @@
    </mediaobject>
  </screenshot>
-      <para><emphasis role="bold">OpenLDAP ACL location:</emphasis></para>
+  <para><emphasis role="bold">OpenLDAP ACL location</emphasis></para>
-      <para>The access rights for OpenLDAP are configured in
+  <para>The access rights for OpenLDAP are configured in /etc/ldap/slapd.conf
-      /etc/ldap/slapd.conf or
+  or /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif.</para>
      /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif.</para>
    </section>
-    <section>
+  <para><emphasis role="bold">Setup sudo</emphasis></para>
      <title>Setup sudo</title>
-      <para>The perl script has to run as root. Therefore we need a wrapper,
+  <para>The perl script has to run as root. Therefore we need a wrapper, sudo.
-      sudo. Edit /etc/sudoers on host where homedirs or quotas should be used
+  Edit /etc/sudoers on host where homedirs or quotas should be used and add
-      and add the following line:</para>
+  the following line:</para>
  <para>$admin All= NOPASSWD: $path_to_lamdaemon *</para>
-      <para><emphasis condition="">$admin</emphasis> is the admin user from
+  <para><emphasis condition="">$admin</emphasis> is the admin user from LAM
-      LAM (must be a valid Unix account) and
+  (must be a valid Unix account) and <emphasis>$path_to_lamdaemon</emphasis>
-      <emphasis>$path_to_lamdaemon</emphasis> is the path to
+  is the path to lamdaemon.pl.</para>
      lamdaemon.pl.</para>
-      <para><emphasis role="bold">Example:</emphasis></para>
+  <para>Example:</para>
-      <para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
+  <para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl *</para>
      *</para>
-      <para>You might need to run the sudo command once manually to init sudo.
+  <para>You might need to run the sudo command once manually to init sudo. The
-      The command "sudo -l" will show all possible sudo commands of the
+  command "sudo -l" will show all possible sudo commands of the current
-      current user.</para>
+  user.</para>
  <para><emphasis role="bold">Attention:</emphasis> Please do not use the
  options "Defaults requiretty" and "Defaults env_reset" in /etc/sudoers.
-      Otherwise you might get errors like "you must have a tty to run sudo" or
+  Otherwise you might get errors like "you must have a tty to run sudo" or "no
-      "no tty present and no askpass program specified".</para>
+  tty present and no askpass program specified".</para>
    </section>
-    <section>
+  <para><emphasis role="bold">Setup Perl</emphasis></para>
      <title>Setup Perl</title>
  <para>We need an extra Perl module - Quota. To install it, run:</para>
@ -145,41 +134,53 @@
    <member>install Quota</member>
  </simplelist>
-      <para>If your Perl executable is not located in /usr/bin/perl you will
+  <para>If your Perl executable is not located in /usr/bin/perl you will have
-      have to edit the path in the first line of lamdaemon.pl. If you have
+  to edit the path in the first line of lamdaemon.pl. If you have problems
-      problems compiling the Perl modules try installing a newer release of
+  compiling the Perl modules try installing a newer release of your GCC
-      your GCC compiler and the "make" application.</para>
+  compiler and the "make" application.</para>
  <para>Several Linux distributions already include a quota package for
  Perl.</para>
    </section>
-    <section>
+  <para><emphasis role="bold">Set up SSH</emphasis></para>
      <title>Set up SSH</title>
  <para>Your SSH daemon must offer the password authentication method. To
  activate it just use this configuration option in
  /etc/ssh/sshd_config:</para>
  <para>PasswordAuthentication yes</para>
    </section>
-    <section>
+  <para><emphasis role="bold">Calling of external scripts</emphasis></para>
      <title>Troubleshooting</title>
-      <para>If you have problems managing quotas and home directories then
+  <para>The following extra scripts are called if they exist:</para>
      these points might help:</para>
  <itemizedlist>
    <listitem>
-          <para>There is a test page for lamdaemon: Login to LAM and open
+      <para>Create home directory: /usr/sbin/useradd.local &lt;USER NAME&gt;
-          Tools -&gt; Tests -&gt; Lamdaemon test</para>
+      (after directory was created)</para>
    </listitem>
    <listitem>
      <para>Delete home directory: /usr/sbin/userdel.local &lt;USER NAME&gt;
      (before directory is removed)</para>
    </listitem>
  </itemizedlist>
  <para><emphasis role="bold">Troubleshooting</emphasis></para>
  <para>If you have problems managing quotas and home directories then these
  points might help:</para>
  <itemizedlist>
    <listitem>
      <para>There is a test page for lamdaemon: Login to LAM and open Tools
      -&gt; Tests -&gt; Lamdaemon test</para>
    </listitem>
    <listitem>
      <para>Check /var/log/auth.log or its equivalent on your system. This
-          file contains messages about all logins. If the ssh login failed
+      file contains messages about all logins. If the ssh login failed then
-          then you will find a description about the reason here.</para>
+      you will find a description about the reason here.</para>
    </listitem>
    <listitem>
@ -196,10 +197,8 @@
    </listitem>
  </itemizedlist>
-      <para>Error message <emphasis role="bold">"Your LAM admin user (...)
+  <para>Error message <emphasis role="bold">"Your LAM admin user (...) must be
-      must be a valid Unix account to work with lamdaemon!"</emphasis>: This
+  a valid Unix account to work with lamdaemon!"</emphasis>: This happens if
-      happens if you use the default LDAP admin/manager user to login to LAM.
+  you use the default LDAP admin/manager user to login to LAM. Please see
-      Please see <link linkend="a_lamdaemonConf">here</link> and setup a Unix
+  <link linkend="a_lamdaemonConf">here</link> and setup a Unix account.</para>
      account.</para>
    </section>
 </appendix>
--- a/lam/docs/manual-sources/appendix-schema.xml
+++ b/lam/docs/manual-sources/appendix-schema.xml
@ -467,12 +467,30 @@
          <entry>dhcp.schema</entry>
-          <entry>docs/schema/dhcp.schema</entry>
+          <entry>Part of LAM installation: docs/schema/dhcp.schema</entry>
          <entry>The LDAP suffix should be set to your dhcpServer
          entry.</entry>
        </row>
        <row>
          <entry><inlinemediaobject>
              <imageobject>
                <imagedata fileref="images/schema_bind9.png" width="16"/>
              </imageobject>
            </inlinemediaobject></entry>
          <entry>Bind dyndb-ldap</entry>
          <entry>idnsZone, idnsRecord</entry>
          <entry>schema.ldif</entry>
          <entry>Part of bind-dyndb-ldap</entry>
          <entry>LAM Pro only</entry>
        </row>
        <row>
          <entry><inlinemediaobject>
              <imageobject>
@ -487,7 +505,7 @@
          <entry>dlz.schema</entry>
-          <entry>part of <ulink url="http://bind-dlz.sourceforge.net/">Bind
+          <entry>Part of <ulink url="http://bind-dlz.sourceforge.net/">Bind
          DLZ patch</ulink></entry>
          <entry>LAM Pro only</entry>
@ -803,6 +821,24 @@
          <entry>LAM Pro only, requires DDS extension on LDAP server
          side</entry>
        </row>
        <row>
          <entry><inlinemediaobject>
              <imageobject>
                <imagedata fileref="images/schema_tak.png" width="16px"/>
              </imageobject>
            </inlinemediaobject></entry>
          <entry>TAK</entry>
          <entry>takUser</entry>
          <entry>tak-*.ldif</entry>
          <entry>Part of LAM installation: docs/schema/tak-*.ldif</entry>
          <entry/>
        </row>
      </tbody>
    </tgroup>
  </table>
--- a/lam/docs/manual-sources/appendix-troubleshooting.xml
+++ b/lam/docs/manual-sources/appendix-troubleshooting.xml
@ -28,27 +28,23 @@
        <orderedlist>
          <listitem>
            <para>Locate config.cfg: On DEB/RPM installations it is in
-            /usr/share/ldap-account-manager/config and for tar.bz2 in config
+            <emphasis
            role="bold">/usr/share/ldap-account-manager/config</emphasis> and
            for tar.bz2 in <emphasis role="bold">config</emphasis>
            folder.</para>
          </listitem>
          <listitem>
-            <para>Locate the "password" entry in the file</para>
+            <para>Locate the "password" line in the file</para>
          </listitem>
          <listitem>
-            <para>Replace the password hash after "password: " with your new
+            <para>Remove the password line in the configuration file</para>
            clear-text password (e.g. "secret")</para>
          </listitem>
        </orderedlist>
-        <para>After the change the line should look like this:</para>
+        <para>When you open LAM's start page you will now be asked to set a
-
+        new password.</para>
        <literallayout>password: secret</literallayout>
        <para>You can now login using your new password. Set the password once
        again via GUI in main configuration settings. This will then put again
        a hash value in the config.cfg file.</para>
      </section>
      <section>
--- a/lam/docs/manual-sources/chapter-accessLevel.xml
+++ b/lam/docs/manual-sources/chapter-accessLevel.xml
@ -38,8 +38,7 @@
      </listitem>
    </itemizedlist>
-      <para>The access level can be set on the server configuration
+    <para>The access level can be set on the server configuration page:</para>
      page:</para>
    <para><screenshot>
        <mediaobject>
@ -54,11 +53,11 @@
    <title>Password reset page</title>
    <para>This special page allows your deskside support staff to reset the
-      Unix and Samba passwords of your users. Account may also be (un)locked
+    Unix and Samba passwords of your users. Account may also be (un)locked If
-      If you set the <link linkend="s_accessLevel">access level</link> to
+    you set the <link linkend="s_accessLevel">access level</link> to "Change
-      "Change passwords" then LAM will not allow any changes to the LDAP
+    passwords" then LAM will not allow any changes to the LDAP database except
-      database except password changes via this page. The account pages will
+    password changes via this page. The account pages will be still available
-      be still available in read-only mode.</para>
+    in read-only mode.</para>
    <para>You can open the password reset page by clicking on the key symbol
    on each user account:</para>
@ -69,41 +68,39 @@
            <imagedata fileref="images/passwordReset1.png"/>
          </imageobject>
        </mediaobject>
-        </screenshot>There are three different options to set a new password.
+      </screenshot>There are different options to set a new password - either
-      You can further restrict these options in server profile
+    set a random password or specify the new password. You can further
-      settings.</para>
+    restrict these options in server profile settings.</para>
    <itemizedlist>
      <listitem>
-          <para><emphasis role="bold">set random password and display it on
+        <para><emphasis role="bold">Generate random password</emphasis></para>
          screen</emphasis></para>
        <para>This will set the user's password to a random value. The
-          password will be 11 characters long with a random combination of
+        password will be 14 characters long with a random combination of
        letters, digits and ".-_".</para>
-          <para>You may want to use this method to tell users their new
+        <para>You can send the password via <link
-          passwords via phone.</para>
+        linkend="mailSetup">email</link> or <link
        linkend="smsSetup">SMS</link> if the user account has set the
        mail/mobile phone attribute. You can change the email template to fit
        your needs. Please configure your LAM server profile to setup the
        sender address, subject and mail body. See <link
        linkend="mailSetup">here</link> for setting up your SMTP server. Using
        this method will prevent that your support staff knows the new
        password.</para>
        <para>The password can be shown on screen, too. You may want to use
        this method to tell users their new password via phone.</para>
      </listitem>
      <listitem>
-          <para><emphasis role="bold">set random password and mail it to
+        <para><emphasis role="bold">Set specific password</emphasis></para>
          user</emphasis></para>
-          <para>If the user account has set the mail attribute then LAM can
+        <para>Here you can specify your own password. It can also be sent via
-          send your user a mail with the new password. You can change the mail
+        <link linkend="mailSetup">email</link> or <link
-          template to fit your needs. Please configure your LAM server profile
+        linkend="smsSetup">SMS</link> if the user account has set the
-          to setup the sender address, subject and mail body. See <link linkend="mailSetup">here</link> for setting up your
+        mail/mobile phone attribute.</para>
          SMTP server.</para>
          <para>Using this method will prevent that your support staff knows
          the new password.</para>
        </listitem>
        <listitem>
          <para><emphasis role="bold">set specific password</emphasis></para>
          <para>Here you can specify your own password.</para>
      </listitem>
    </itemizedlist>
@ -115,9 +112,9 @@
      </mediaobject>
    </screenshot>
-      <para>LAM will display contact information about the user like the
+    <para>LAM will display contact information about the user like the user's
-      user's name, email address and telephone number. This will help your
+    name, email address and telephone number. This will help your deskside
-      deskside support to easily contact your users.</para>
+    support to easily contact your users.</para>
    <para><emphasis role="bold">Options:</emphasis></para>
@ -138,9 +135,9 @@
      <listitem>
        <para><emphasis role="bold">Update Samba password
-          timestamps:</emphasis> This will set the timestamps when the
+        timestamps:</emphasis> This will set the timestamps when the password
-          password was changed (sambaPwdLastSet). Only existing attributes are
+        was changed (sambaPwdLastSet). Only existing attributes are updated.
-          updated. No new attributes are added.</para>
+        No new attributes are added.</para>
      </listitem>
      <listitem>
@ -151,15 +148,13 @@
      <listitem>
        <para><emphasis role="bold">Sync Asterisk (voicemail) password with
-          Unix password:</emphasis> Changes also the Asterisk
+        Unix password:</emphasis> Changes also the Asterisk passwords.</para>
          passwords.</para>
      </listitem>
      <listitem>
        <para><emphasis role="bold">Force password change:</emphasis> This
-          will force the user to change his password at next login. This
+        will force the user to change his password at next login. This option
-          option supports Shadow, Samba 3 and PPolicy (automatically
+        supports Shadow, Samba 3 and PPolicy (automatically detected).</para>
          detected).</para>
      </listitem>
    </itemizedlist>
@ -168,10 +163,10 @@
    <para><emphasis role="bold">Account (un)locking:</emphasis></para>
-      <para>Depending if the account includes a Unix/Samba extension and
+    <para>Depending if the account includes a Unix/Samba extension and PPolicy
-      PPolicy is activated the page will show options to (un)lock the account.
+    is activated the page will show options to (un)lock the account. E.g. if
-      E.g. if the account is fully unlocked then there will be no unlocking
+    the account is fully unlocked then there will be no unlocking options
-      options printed.</para>
+    printed.</para>
    <screenshot>
      <mediaobject>
--- a/lam/docs/manual-sources/chapter-configuration.xml
+++ b/lam/docs/manual-sources/chapter-configuration.xml
@ -44,11 +44,6 @@
  <section id="generalSettings">
    <title>General settings</title>
    <para>After selecting "Edit general settings" you will need to enter the
    <link linkend="a_configPasswords">master configuration password</link>.
    The default password for new installations is "lam". Now you can edit the
    general settings.</para>
    <section>
      <title>Configuration Database</title>
@ -301,6 +296,124 @@
      </screenshot>
    </section>
    <section id="smsSetup">
      <title>SMS options (LAM Pro)</title>
      <para>You can send SMS messages to your users for password resets. To
      activate this feature you need to have an account at one of the
      supported SMS providers.</para>
      <para>After all options are filled you can test your settings and check
      if you get an SMS delivered to the entered mobile number.</para>
      <screenshot>
        <graphic fileref="images/configGeneral12.png"/>
      </screenshot>
      <para><emphasis role="bold">Common options</emphasis></para>
      <itemizedlist>
        <listitem>
          <para>Default country prefix: please enter your country prefix for
          telephone numbers. It will be applied whenever no country prefix is
          part of the user's telephone number.</para>
        </listitem>
        <listitem>
          <para>Mobile phone attributes: LAM will check these attributes to
          find the user's mobile telephone number. The first number that is
          found will be used.</para>
        </listitem>
      </itemizedlist>
      <para><ulink url="https://aws.amazon.com/sns/"><emphasis role="bold">AWS
      SNS</emphasis></ulink></para>
      <itemizedlist>
        <listitem>
          <para>Region: this is your AWS region (e.g. eu-central-1)</para>
        </listitem>
        <listitem>
          <para>Account id: please enter the access key id of your IMS user
          that is allowed to send SMS (e.g. AKIAIOSFODNN7EXAMPLE)</para>
        </listitem>
        <listitem>
          <para>Token: this is the secret value of your access key (e.g.
          wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY)</para>
        </listitem>
      </itemizedlist>
      <para><emphasis role="bold">Email2SMS</emphasis></para>
      <para>This service can be used for all SMS gateways that allow to send
      SMS via email. This means LAM sends out an email to the gateway and they
      convert it to an SMS.</para>
      <itemizedlist>
        <listitem>
          <para>Account id: please enter the receiving email address at your
          email2SMS gateway. The address must contain the wildcard "$number"
          for the user's phone number. E.g. "$number@sms.clicksend.com".
          "$number" will be replaced with the actual mobile phone
          number.</para>
        </listitem>
        <listitem>
          <para>From: this is the email FROM address. Typically, email2SMS
          gateways require that the email comes from a specific email
          address.</para>
        </listitem>
      </itemizedlist>
      <para><emphasis role="bold"><ulink
      url="https://gatewayapi.com/">GatewayAPI</ulink></emphasis></para>
      <itemizedlist>
        <listitem>
          <para>Token: please enter your API token (not key/secret)</para>
        </listitem>
      </itemizedlist>
      <para><emphasis role="bold"><ulink
      url="https://www.smsapi.com">SMSAPI</ulink></emphasis></para>
      <itemizedlist>
        <listitem>
          <para>Token: please enter your API token</para>
        </listitem>
      </itemizedlist>
      <para><emphasis role="bold"><ulink
      url="https://www.smsbox.net/">SMSBOX</ulink></emphasis></para>
      <itemizedlist>
        <listitem>
          <para>API key: please enter your API key (pub-...)</para>
        </listitem>
      </itemizedlist>
      <para><emphasis role="bold"><ulink
      url="https://www.twilio.com/">Twilio</ulink></emphasis></para>
      <itemizedlist>
        <listitem>
          <para>Account id: this is your account SID (e.g. AC...)</para>
        </listitem>
        <listitem>
          <para>Token: please enter your API token (not API SID/secret)</para>
        </listitem>
        <listitem>
          <para>From: this can be a mobile number (needs to be registered in
          Twilio) or the ID of a messaging service (MG...). The messaging
          service allows to define a textual sender name.</para>
        </listitem>
      </itemizedlist>
    </section>
    <section id="confmain_webauthn">
      <title>WebAuthn/FIDO2 devices</title>
@ -546,6 +659,10 @@
        will then query LDAP to return results in chunks of 999
        entries.</para>
        <para>Show deleted entries: This is for Active Directory and Samba 4
        only. It will unhide LDAP entries in "CN=Deleted Objects,DC=...". You
        can use this to browse and restore these entries in tree view.</para>
        <para>Referential integrity overlay: Activate this checkbox if you
        have any server side extension for referential integrity in place. In
        this case the server will cleanup references to LDAP entries that are
--- a/lam/docs/manual-sources/chapter-installation.xml
+++ b/lam/docs/manual-sources/chapter-installation.xml
@ -608,6 +608,62 @@
      version. Unless explicitly noticed there is no need to install an
      intermediate release.</para>
      <section>
        <title>9.3 -&gt; 9.4</title>
        <para><emphasis role="bold">New configuration format for main
        configuration and server profiles is enforced.</emphasis> Please save your main
        configuration and all server profiles with LAM 9.0 - 9.3 before
        upgrading. You can also export your configuration and import all
        server profiles and main configuration. This format change does not
        apply if you use MySQL for configuration
        storage.</para>
      </section>
      <section>
        <title>9.2 -&gt; 9.3</title>
        <para>No actions required.</para>
      </section>
      <section>
        <title>9.1 -&gt; 9.2</title>
        <para>LAM Pro:</para>
        <itemizedlist>
          <listitem>
            <para>Custom scripts: The settings in server profile were split by
            account type. If you use custom scripts then you need to perform
            these steps for each server profile that uses them (no scripts
            will be executed till migration was done):</para>
            <itemizedlist>
              <listitem>
                <para>Open server profile and switch to tab "Module
                settings"</para>
              </listitem>
              <listitem>
                <para>Review the automated migration of the custom scripts
                settings (complex configurations will need manual
                adaptions)</para>
              </listitem>
              <listitem>
                <para>Save the server profile</para>
              </listitem>
            </itemizedlist>
          </listitem>
        </itemizedlist>
      </section>
      <section>
        <title>9.0 -&gt; 9.1</title>
        <para>No actions required.</para>
      </section>
      <section>
        <title>8.9 -&gt; 9.0</title>
--- a/lam/docs/manual-sources/chapter-modules.xml
+++ b/lam/docs/manual-sources/chapter-modules.xml
@ -293,8 +293,9 @@
    <para>If a module supports to enforce a password change then you will see
    the appropriate checkbox. LAM Pro also offers to send the password via
-    email after the account is saved. Email options are specified in your
+    email/SMS after the account is saved. Email options are specified in your
-    <link linkend="profile_mail">LAM server profile</link>.</para>
+    <link linkend="profile_mail">LAM server profile</link> and SMS options in
    <link linkend="smsSetup">main configuration</link>.</para>
    <screenshot>
      <mediaobject>
@ -2510,6 +2511,56 @@ AuthorizedKeysCommandUser root</literallayout>
        <graphic fileref="images/mod_lastBind3.png"/>
      </screenshot>
    </section>
    <section>
      <title>TAK</title>
      <para>The <ulink url="https://www.civtak.org/">TAK</ulink> module
      supports the Team Awareness Kit or Tactical Assault Kit (TAK) with the
      Android Team Awareness Kit (ATAK).</para>
      <para>You can define callsigns, team roles and colors for users.</para>
      <para><emphasis role="bold">LDAP schema</emphasis></para>
      <para>The module expects that TAK users use the object class "takUser"
      and the attributes "takCallsign", "takRole" and "takColor". You can find
      matching schema files in /usr/share/ldap-account-manager/docs/schema
      (DEB/RPM) or docs/schema (tar.bz2). Please see the beginning of the
      files for installation instructions.</para>
      <itemizedlist>
        <listitem>
          <para>OpenLDAP: tak-OpenLDAP.ldif</para>
        </listitem>
        <listitem>
          <para>Samba 4: tak-Samba4-attributes.ldif and
          tak-Samba4-objectClass.ldif</para>
        </listitem>
        <listitem>
          <para>Windows (AD): tak-Windows.ldif</para>
        </listitem>
      </itemizedlist>
      <para><emphasis role="bold">Configuration</emphasis></para>
      <para>Add the TAK module for users in your server profile:</para>
      <screenshot>
        <graphic fileref="images/mod_tak1.png"/>
      </screenshot>
      <para>Now you can manage the TAK attributes for users.</para>
      <para>LAM Pro users can add these attributes to the self-service profile
      if needed.</para>
      <screenshot>
        <graphic fileref="images/mod_tak2.png"/>
      </screenshot>
    </section>
  </section>
  <section>
@ -4324,6 +4375,289 @@ Run slapindex to rebuild the index.
    </screenshot>
  </section>
  <section>
    <title>Bind dyndb-ldap (LAM Pro)</title>
    <para>The <ulink
    url="https://pagure.io/bind-dyndb-ldap">bind-dyndb-ldap</ulink> plugin for
    <ulink url="https://www.isc.org/bind/">Bind</ulink> allows you to manage
    DNS entries in LDAP. Please install the bind-dyndb-ldap schema file on
    your LDAP server. It is part of the bind-dyndb-ldap download. LAM Pro can
    manage DNS zones and the following record types:<itemizedlist>
        <listitem>
          <para>A/AAAA: IP addresses</para>
        </listitem>
        <listitem>
          <para>CNAME: alias names</para>
        </listitem>
        <listitem>
          <para>DNAME: delegation name</para>
        </listitem>
        <listitem>
          <para>MX: mail servers</para>
        </listitem>
        <listitem>
          <para>NS: name servers</para>
        </listitem>
        <listitem>
          <para>PTR: reverse DNS entries</para>
        </listitem>
        <listitem>
          <para>SRV: service entries</para>
        </listitem>
        <listitem>
          <para>TXT: text records</para>
        </listitem>
      </itemizedlist></para>
    <section>
      <title>Configuration</title>
      <para>Please open your LAM server profile configuration and add two
      instances of the "Bind dyndb" account type. One for records and one for
      zones.</para>
      <screenshot>
        <graphic fileref="images/mod_bind-dyndb-1.png"/>
      </screenshot>
      <para>The recommended settings are as follows. Please adapt if
      needed.</para>
      <para>DNS records:</para>
      <itemizedlist>
        <listitem>
          <para>LDAP suffix: if you manage a single domain then use the DN of
          the zone entry. If you manage multiple domains then use the DN under
          which they are stored (e.g. the "nsContainer").</para>
        </listitem>
        <listitem>
          <para>List attributes:
          #idnsName;#aRecord;#aAAARecord;#cNAMERecord;#dNameRecord;#tXTRecord;#mxrecord;#srvrecord;#ptrrecord;#dnsttl</para>
        </listitem>
        <listitem>
          <para>Custom label: DNS records</para>
        </listitem>
      </itemizedlist>
      <para>DNS zones:</para>
      <itemizedlist>
        <listitem>
          <para>LDAP suffix: use the DN under which the domains are stored
          (e.g. the "nsContainer").</para>
        </listitem>
        <listitem>
          <para>List attributes:
          #idnsName;#aRecord;#aAAARecord;#cNAMERecord;#dNameRecord;#tXTRecord;#idnssoaserial</para>
        </listitem>
        <listitem>
          <para>Custom label: DNS zones</para>
        </listitem>
      </itemizedlist>
      <screenshot>
        <graphic fileref="images/mod_bind-dyndb-2.png"/>
      </screenshot>
      <para>Next, switch to the modules tab. Here, select DNS records for your
      record type and DNS zone for your zone type. Then you can save the
      server profile and login to LAM.</para>
      <screenshot>
        <graphic fileref="images/mod_bind-dyndb-3.png"/>
      </screenshot>
    </section>
    <section>
      <title>DNS zones</title>
      <para>This allows you to manage your DNS zones (SOA+NS records). You can
      e.g. specify timeouts and name servers.</para>
      <screenshot>
        <graphic fileref="images/mod_bind-dyndb-4.png"/>
      </screenshot>
    </section>
    <section>
      <title>DNS entries</title>
      <para>LAM supports the following DNS record types:</para>
      <itemizedlist>
        <listitem>
          <para>A/AAAA: IP addresses</para>
        </listitem>
        <listitem>
          <para>CNAME: alias names</para>
        </listitem>
        <listitem>
          <para>DNAME: delegation name</para>
        </listitem>
        <listitem>
          <para>MX: mail servers</para>
        </listitem>
        <listitem>
          <para>PTR: reverse DNS entries</para>
        </listitem>
        <listitem>
          <para>SRV: service entries</para>
        </listitem>
        <listitem>
          <para>TXT: text records</para>
        </listitem>
      </itemizedlist>
      <literallayout>
 </literallayout>
      <para><emphasis role="bold">IP addresses (A/AAAA)</emphasis></para>
      <para>Here you can enter IPv4 (A) or IPv6 (AAAA) addresses for a DNS
      name.</para>
      <screenshot>
        <mediaobject>
          <imageobject>
            <imagedata fileref="images/mod_bind-dyndb-5.png"/>
          </imageobject>
        </mediaobject>
      </screenshot>
      <literallayout>
 </literallayout>
      <para><emphasis role="bold">Alias names (CNAME)</emphasis></para>
      <para>Sometimes a DNS entry should simply point to a different DNS entry
      (e.g. for migrations). This can be done by adding an alias name.</para>
      <screenshot>
        <mediaobject>
          <imageobject>
            <imagedata fileref="images/mod_bind-dyndb-7.png"/>
          </imageobject>
        </mediaobject>
      </screenshot>
      <literallayout>
 </literallayout>
      <para><emphasis role="bold">Alias names (DNAME)</emphasis></para>
      <para>You can delegate a DNS zone to a different server.</para>
      <screenshot>
        <mediaobject>
          <imageobject>
            <imagedata fileref="images/mod_bind-dyndb-11.png"/>
          </imageobject>
        </mediaobject>
      </screenshot>
      <literallayout>
 </literallayout>
      <para><emphasis role="bold">Mail servers (MX)</emphasis></para>
      <para>The mail server entries define where mails to a domain should be
      delivered. The server with the lowest preference has the highest
      priority.</para>
      <screenshot>
        <mediaobject>
          <imageobject>
            <imagedata fileref="images/mod_bind-dyndb-8.png"/>
          </imageobject>
        </mediaobject>
      </screenshot>
      <literallayout>
 </literallayout>
      <para><emphasis role="bold">Reverse DNS entries (PTR)</emphasis></para>
      <para>Reverse DNS entries are important when you need to find the DNS
      name that is associated with a given IP address. Reverse DNS entries are
      stored in a separate DNS zone.</para>
      <screenshot>
        <mediaobject>
          <imageobject>
            <imagedata fileref="images/mod_bind-dyndb-6.png"/>
          </imageobject>
        </mediaobject>
      </screenshot>
      <literallayout>
 </literallayout>
      <para><emphasis role="bold">Services (SRV)</emphasis></para>
      <para>Service records can be used to specify which servers provide
      common services such as LDAP. Please note that the host name must be
      _SERVICE._PROTOCOL (e.g. _ldap._tcp).</para>
      <literallayout>
 </literallayout>
      <para>Priority: The priority of the target host, lower value means more
      preferred.</para>
      <para>Weight: A relative weight for records with the same priority. E.g.
      weights 20 and 80 for a service will result in 20% queries to the one
      server and 80% to the other.</para>
      <para>Port: The port number that is used for your service.</para>
      <para>Server: DNS name where service can be reached (relative without or
      absolute with dot at the end).</para>
      <screenshot>
        <mediaobject>
          <imageobject>
            <imagedata fileref="images/mod_bind-dyndb-10.png"/>
          </imageobject>
        </mediaobject>
      </screenshot>
      <literallayout>
 </literallayout>
      <para><emphasis role="bold">Text records (TXT)</emphasis></para>
      <para>Text records can be added to store a description or other data
      (e.g. SPF information).</para>
      <screenshot>
        <mediaobject>
          <imageobject>
            <imagedata fileref="images/mod_bind-dyndb-9.png"/>
          </imageobject>
        </mediaobject>
      </screenshot>
    </section>
  </section>
  <section>
    <title>Bind DLZ (LAM Pro)</title>
@ -6033,13 +6367,15 @@ OK (10 msec)</programlisting>
    </screenshot>
    <para>In "Module settings" you can specify multiple scripts for each
-    action type (e.g. modify) and account type (e.g. user). The scripts need
+    action type (e.g. preModify) and account type (e.g. user). The scripts
-    to be located on the filesystem of your webserver and will be executed in
+    need to be located on the filesystem of your webserver and will be
-    its user environment. E.g. if you webserver runs as user www-data with the
+    executed in its user environment. E.g. if you webserver runs as user
-    group www-data then the custom scripts will be run under this user with
+    www-data with the group www-data then the custom scripts will be run under
-    his rights. The output of the scripts will be shown in LAM.</para>
+    this user with his rights. The output of the scripts will be shown in
    LAM.</para>
-    <para>You can specify the scripts on the LAM configuration pages.</para>
+    <para>You can specify the scripts on the LAM configuration pages. Please
    note that the syntax changed with version 9.2 (see below).</para>
    <screenshot>
      <mediaobject>
@ -6057,15 +6393,21 @@ OK (10 msec)</programlisting>
    <para><emphasis role="bold">Syntax:</emphasis></para>
    <para>Please enter one script per line. Each line has the following
-    format: &lt;account type&gt; &lt;action&gt; &lt;script&gt;</para>
+    format: &lt;action&gt; &lt;script&gt;</para>
    <para>E.g.: preModify /usr/bin/myCustomScript -u $uid$</para>
    <para><emphasis role="bold">Syntax (pre 9.2):</emphasis></para>
    <para>Please enter one script per line. Each line has the following
    format: <emphasis role="bold">&lt;account type&gt;</emphasis>
    &lt;action&gt; &lt;script&gt;</para>
    <para>E.g.: user preModify /usr/bin/myCustomScript -u $uid$</para>
-    <para><emphasis role="bold">Account types:</emphasis></para>
+    <para>Account types: You can setup scripts for all available account types
-
+    (e.g. user, group, host, ...). Please see the help on the configuration
-    <para>You can setup scripts for all available account types (e.g. user,
+    page about your current active account types.</para>
    group, host, ...). Please see the help on the configuration page about
    your current active account types.</para>
    <para><emphasis role="bold">Actions:</emphasis></para>
@ -6242,6 +6584,11 @@ OK (10 msec)</programlisting>
        send password via email (yes|no)</para>
      </listitem>
      <listitem>
        <para><emphasis role="bold">$INFO.sendPasswordViaSms$:</emphasis> send
        password via SMS (yes|no)</para>
      </listitem>
      <listitem>
        <para><emphasis
        role="bold">$INFO.sendPasswordAlternateAddress$:</emphasis> alternate
@ -6282,14 +6629,10 @@ OK (10 msec)</programlisting>
    <para>Example:</para>
-    <literallayout>user preModify /opt/myapp/preModify.sh -u $uid$
+    <literallayout>preModify /opt/myapp/preModify.sh -u $uid$
 group postDelete /opt/myapp/postDelete.sh -g $gid$
 LAM_GROUP: Mail actions
-user manual LAMLABEL="Clean" /bin/myscripts/cleanMailbox -u $uid$
+manual LAMLABEL="Clean" /bin/myscripts/cleanMailbox -u $uid$
-user manual LAMLABEL="Extend" /bin/myscripts/extendMailbox -u $uid$
+manual LAMLABEL="Extend" /bin/myscripts/extendMailbox -u $uid$
 LAM_GROUP: Sync actions
 user manual /bin/myscripts/syncWithCRM -u $uid$
 user manual LAMLABEL="Some app" /bin/myscripts/syncWithSomeApp -u $uid$
 </literallayout>
@ -6350,10 +6693,10 @@ user manual LAMLABEL="Some app" /bin/myscripts/syncWithSomeApp -u $uid$
 LAM_SELECTION_TENANT: Tenant=foo;bar
 LAM_TEXT_COMMENT: Comment=no comment
 LAM_TEXT_AMOUNT: Amount
-user manual LAMLABEL="Clean" /bin/myscripts/cleanMailbox -u $uid$ -e $LAM_SELECTION_ENV$
+manual LAMLABEL="Clean" /bin/myscripts/cleanMailbox -u $uid$ -e $LAM_SELECTION_ENV$
-user manual LAMLABEL="Extend" /bin/myscripts/extendMailbox -u $uid$ -e $LAM_SELECTION_TENANT$
+manual LAMLABEL="Extend" /bin/myscripts/extendMailbox -u $uid$ -e $LAM_SELECTION_TENANT$
-user manual /bin/myscripts/syncWithCRM -u $uid$ -c $LAM_TEXT_COMMENT$
+manual /bin/myscripts/syncWithCRM -u $uid$ -c $LAM_TEXT_COMMENT$
-user manual LAMLABEL="Some app" /bin/myscripts/syncWithSomeApp -u $uid$ -a $LAM_TEXT_AMOUNT$</literallayout>
+manual LAMLABEL="Some app" /bin/myscripts/syncWithSomeApp -u $uid$ -a $LAM_TEXT_AMOUNT$</literallayout>
    <screenshot>
      <graphic fileref="images/customScripts4.png"/>
--- a/lam/docs/manual-sources/chapter-selfService.xml
+++ b/lam/docs/manual-sources/chapter-selfService.xml
@ -1457,20 +1457,25 @@
      <literallayout> </literallayout>
-      <para>LAM Pro can send your users an email with a confirmation link to
+      <para>LAM Pro can send your users an SMS/email with a confirmation link
-      validate their email address. Of course, this should only be used if the
+      to validate their SMS/email address. If you select to send an SMS then
-      email account is independent from the user password (e.g. at external
+      the email mechanism will only be used if no mobile phone number was
-      provider) or you use the backup email address feature. The mail body
+      found for this user. You also need to setup the <link
-      must include the confirmation link by using the special wildcard
+      linkend="smsSetup">SMS settings</link>.</para>
-      "@@resetLink@@". Additionally, you may want to insert other wildcards
+
-      that are replaced by the corresponding LDAP attributes. E.g. "@@uid@@"
+      <para>Confirmation mails should only be used if the email account is
-      will be replaced by the user name.</para>
+      independent from the user password (e.g. at external provider) or you
      use the backup email address feature. The mail body must include the
      confirmation link by using the special wildcard "@@resetLink@@".
      Additionally, you may want to insert other wildcards that are replaced
      by the corresponding LDAP attributes. E.g. "@@uid@@" will be replaced by
      the user name.</para>
      <para>There is also an option to skip the security question at all if
      email verification is enabled. In this case the password can be reset
      directly after clicking on the confirmation link. Please handle with
-      care since anybody with access to the user's mail account can reset the
+      care since anybody with access to the user's SMS/mail account can reset
-      password.</para>
+      the password.</para>
      <para><emphasis role="bold">Captcha support</emphasis></para>
@ -1703,11 +1708,12 @@
              <entry>Label that is displayed on page</entry>
-              <entry>optional regular expression for validation (e.g.
+              <entry>Optional regular expression for validation (e.g.
-              "/^[0-9a-zA-Z]+$/")</entry>
+              "/^[0-9a-zA-Z]+$/"). For binary fields the file name will be
              checked.</entry>
-              <entry>validation message if value does not match validation
+              <entry>Validation message if value does not match validation
-              expression</entry>
+              expression.</entry>
            </row>
            <row>
@ -1721,11 +1727,12 @@
              <entry>Label that is displayed on page</entry>
-              <entry>optional regular expression for validation (e.g.
+              <entry>Optional regular expression for validation (e.g.
-              "/^[0-9a-zA-Z]+$/")</entry>
+              "/^[0-9a-zA-Z]+$/"). For binary fields the file name will be
              checked.</entry>
-              <entry>validation message if value does not match validation
+              <entry>Validation message if value does not match validation
-              expression</entry>
+              expression.</entry>
            </row>
            <row>
@ -1800,6 +1807,14 @@
      <para>constant::userAccountControl::512</para>
      <literallayout>
 </literallayout>
      <para>Binary file:</para>
      <para>required::jpegPhoto;binary::Photo::/.jp(e)?g$/i::Please select a
      JPG file</para>
      <literallayout>
 </literallayout>
--- a/lam/docs/manual-sources/images/configGeneral12.png
+++ b/lam/docs/manual-sources/images/configGeneral12.png
--- a/lam/docs/manual-sources/images/configProfiles4.png
+++ b/lam/docs/manual-sources/images/configProfiles4.png
--- a/lam/docs/manual-sources/images/customScripts.png
+++ b/lam/docs/manual-sources/images/customScripts.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-1.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-1.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-10.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-10.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-11.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-11.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-2.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-2.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-3.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-3.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-4.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-4.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-5.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-5.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-6.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-6.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-7.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-7.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-8.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-8.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-9.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-9.png
--- a/lam/docs/manual-sources/images/mod_tak1.png
+++ b/lam/docs/manual-sources/images/mod_tak1.png
--- a/lam/docs/manual-sources/images/mod_tak2.png
+++ b/lam/docs/manual-sources/images/mod_tak2.png
--- a/lam/docs/manual-sources/images/password1.png
+++ b/lam/docs/manual-sources/images/password1.png
--- a/lam/docs/manual-sources/images/passwordReset2.png
+++ b/lam/docs/manual-sources/images/passwordReset2.png
--- a/lam/docs/manual-sources/images/passwordSelfReset1.png
+++ b/lam/docs/manual-sources/images/passwordSelfReset1.png
--- a/lam/docs/manual-sources/images/schema_bind9.png
+++ b/lam/docs/manual-sources/images/schema_bind9.png
--- a/lam/docs/manual-sources/images/schema_tak.png
+++ b/lam/docs/manual-sources/images/schema_tak.png
--- a/lam/docs/manual-sources/images/tree1.png
+++ b/lam/docs/manual-sources/images/tree1.png
--- a/lam/docs/manual-sources/overview.xml
+++ b/lam/docs/manual-sources/overview.xml
@ -16,7 +16,7 @@
  <para><ulink
  url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
-  <para>Copyright (C) 2003 - 2024 Roland Gruber
+  <para>Copyright (C) 2003 - 2025 Roland Gruber
  &lt;post@rolandgruber.de&gt;</para>
  <para><emphasis role="bold">Key features:</emphasis></para>
@ -87,26 +87,15 @@
        <listitem>
          <para>Edge (max. 2 years old)</para>
        </listitem>
        <listitem>
          <para>Opera (max. 2 years old)</para>
        </listitem>
      </itemizedlist>
    </listitem>
  </itemizedlist>
  <para>The default password to edit the configuration options is
  "lam".</para>
  <para><emphasis role="bold">License:</emphasis></para>
  <para>LAM is published under the GNU General Public License. The complete
  list of licenses can be found in the copyright file.</para>
  <para><emphasis role="bold">Default password:</emphasis></para>
  <para>The default password for the LAM configuration is "lam".</para>
  <literallayout>
 Have fun!
     The LAM development team</literallayout>
--- a/lam/docs/schema/tak-OpenLDAP.ldif
+++ b/lam/docs/schema/tak-OpenLDAP.ldif
@ -0,0 +1,33 @@
 #
 #  LDAP schema for LAM TAK functionality
 #
 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 #  Copyright (C) 2025  Roland Gruber
 #
 #
 #  OID bases:
 #   1.3.6.1.4.1.34955   Roland Gruber Softwareentwicklung
 #   1.3.6.1.4.1.34955.1 attributes
 #   1.3.6.1.4.1.34955.2 object classes
 #
 #  Installation:
 #  ldapadd -x -W -H ldap://localhost -D "cn=admin,dc=company,dc=com" -f tak-OpenLDAP.ldif
 #
 #  Please replace "localhost" with your LDAP server and "cn=admin,dc=company,dc=com" with your LDAP admin user (usually starts with cn=admin or cn=manager).
 #
 #  In some cases you might need to import directly on the OpenLDAP server as root:
 #  ldapadd -Y EXTERNAL -H ldapi:/// -f tak-OpenLDAP.ldif
 #
 #  Version: 1
 #
 #  Changelog:
 #   1: initial release (LAM 9.2)
 #
 dn: cn=tak,cn=schema,cn=config
 objectClass: olcSchemaConfig
 cn: tak
 olcAttributeTypes: ( 1.3.6.1.4.1.34955.1.100 NAME 'takCallsign' DESC 'TAK callsign' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 olcAttributeTypes: ( 1.3.6.1.4.1.34955.1.101 NAME 'takRole' DESC 'TAK team role' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 olcAttributeTypes: ( 1.3.6.1.4.1.34955.1.102 NAME 'takColor' DESC 'TAK team color' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 olcObjectClasses: ( 1.3.6.1.4.1.34955.2.10 NAME 'takUser' DESC 'TAK user' SUP top AUXILIARY MAY ( takCallsign $ takRole $ takColor ) MUST ( cn ) )
--- a/lam/docs/schema/tak-Samba4-attributes.ldif
+++ b/lam/docs/schema/tak-Samba4-attributes.ldif
@ -0,0 +1,58 @@
 #
 #  LDAP schema for LAM TAK functionality
 #
 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 #  Copyright (C) 2025  Roland Gruber
 #
 #
 #  OID bases:
 #   1.3.6.1.4.1.34955   Roland Gruber Softwareentwicklung
 #   1.3.6.1.4.1.34955.1 attributes
 #   1.3.6.1.4.1.34955.2 object classes
 #
 #  Please replace DOMAIN_TOP_DN with your LDAP suffix (e.g. dc=samba4,dc=test).
 #  This file must be installed first.
 #
 #  Installation: ldbmodify -H /var/lib/samba/private/sam.ldb tak-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
 #
 #
 #  Version: 1
 #   1: initial release (LAM 9.2)
 #
 dn: CN=takCallsign,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 objectClass: top
 objectClass: attributeSchema
 attributeID: 1.3.6.1.4.1.34955.1.100
 attributeSyntax: 2.5.5.12
 oMSyntax: 64
 isSingleValued: TRUE
 rangeLower: 4
 cn: takCallsign
 name: takCallsign
 lDAPDisplayName: takCallsign
 description: TAK callsign
 dn: CN=takRole,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 objectClass: top
 objectClass: attributeSchema
 attributeID: 1.3.6.1.4.1.34955.1.101
 attributeSyntax: 2.5.5.12
 oMSyntax: 64
 isSingleValued: TRUE
 cn: takRole
 name: takRole
 lDAPDisplayName: takRole
 description: TAK team role
 dn: CN=takColor,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 objectClass: top
 objectClass: attributeSchema
 attributeID: 1.3.6.1.4.1.34955.1.102
 attributeSyntax: 2.5.5.12
 oMSyntax: 64
 isSingleValued: TRUE
 cn: takColor
 name: takColor
 LDAPDisplayName: takColor
 Description: TAK team color
--- a/lam/docs/schema/tak-Samba4-objectClass.ldif
+++ b/lam/docs/schema/tak-Samba4-objectClass.ldif
@ -0,0 +1,36 @@
 #
 #  LDAP schema for LAM TAK functionality
 #
 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 #  Copyright (C) 2025  Roland Gruber
 #
 #
 #  OID bases:
 #   1.3.6.1.4.1.34955   Roland Gruber Softwareentwicklung
 #   1.3.6.1.4.1.34955.1 attributes
 #   1.3.6.1.4.1.34955.2 object classes
 #
 #  Please replace DOMAIN_TOP_DN with your LDAP suffix (e.g. dc=samba4,dc=test).
 #  This file must be installed second.
 #
 #  Installation: ldbmodify -H /var/lib/samba/private/sam.ldb tak-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true
 #
 #
 #  Version: 1
 #   1: initial release (LAM 9.2)
 #
 dn: CN=takUser,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 objectClass: top
 objectClass: classSchema
 governsID: 1.3.6.1.4.1.34955.2.10
 cn: takUser
 lDAPDisplayName: takUser
 subClassOf: top
 objectClassCategory: 3
 mustContain: cn
 mayContain: takCallsign
 mayContain: takRole
 mayContain: takColor
 description: TAK user
 possSuperiors: top
--- a/lam/docs/schema/tak-Windows.ldif
+++ b/lam/docs/schema/tak-Windows.ldif
@ -0,0 +1,100 @@
 #
 #  LDAP schema for LAM TAK functionality
 #
 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 #  Copyright (C) 2025  Roland Gruber
 #
 #
 #  OID bases:
 #   1.3.6.1.4.1.34955   Roland Gruber Softwareentwicklung
 #   1.3.6.1.4.1.34955.1 attributes
 #   1.3.6.1.4.1.34955.2 object classes
 #
 #  Please replace DOMAIN_TOP_DN with your LDAP suffix (e.g. dc=windows,dc=test).
 #
 #  Installation: ldifde -v -i -f tak-Windows.ldif
 #
 #
 #  Version: 1
 #   1: initial release (LAM 9.2)
 #
 dn: CN=takCallsign,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 changetype: add
 objectClass: top
 objectClass: attributeSchema
 attributeID: 1.3.6.1.4.1.34955.1.100
 attributeSyntax: 2.5.5.12
 oMSyntax: 64
 isSingleValued: TRUE
 rangeLower: 4
 cn: takCallsign
 name: takCallsign
 lDAPDisplayName: takCallsign
 description: TAK callsign
 dn: CN=takRole,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 changetype: add
 objectClass: top
 objectClass: attributeSchema
 attributeID: 1.3.6.1.4.1.34955.1.101
 attributeSyntax: 2.5.5.12
 oMSyntax: 64
 isSingleValued: TRUE
 cn: takRole
 name: takRole
 lDAPDisplayName: takRole
 description: TAK team role
 dn: CN=takColor,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 changetype: add
 objectClass: top
 objectClass: attributeSchema
 attributeID: 1.3.6.1.4.1.34955.1.102
 attributeSyntax: 2.5.5.12
 oMSyntax: 64
 isSingleValued: TRUE
 cn: takColor
 name: takColor
 LDAPDisplayName: takColor
 Description: TAK team color
 dn:
 changetype: modify
 add: schemaUpdateNow
 schemaUpdateNow: 1
 -
 dn: CN=takUser,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 changetype: add
 objectClass: top
 objectClass: classSchema
 governsID: 1.3.6.1.4.1.34955.2.10
 cn: takUser
 lDAPDisplayName: takUser
 subClassOf: top
 objectClassCategory: 3
 mustContain: cn
 mayContain: takCallsign
 mayContain: takRole
 mayContain: takColor
 description: TAK user
 possSuperiors: top
 dn:
 changetype: modify
 add: schemaUpdateNow
 schemaUpdateNow: 1
 -
 dn: CN=User,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
 changetype: modify
 add: auxiliaryClass
 auxiliaryClass: takUser
 -
 dn:
 changetype: modify
 add: schemaUpdateNow
 schemaUpdateNow: 1
 -
--- a/lam/graphics/bind9.png
+++ b/lam/graphics/bind9.png
--- a/lam/graphics/compare.svg
+++ b/lam/graphics/compare.svg
@ -0,0 +1,3 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-files" viewBox="0 0 16 16">
  <path d="M13 0H6a2 2 0 0 0-2 2 2 2 0 0 0-2 2v10a2 2 0 0 0 2 2h7a2 2 0 0 0 2-2 2 2 0 0 0 2-2V2a2 2 0 0 0-2-2m0 13V4a2 2 0 0 0-2-2H5a1 1 0 0 1 1-1h7a1 1 0 0 1 1 1v10a1 1 0 0 1-1 1M3 4a1 1 0 0 1 1-1h7a1 1 0 0 1 1 1v10a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1z"/>
 </svg>
--- a/lam/graphics/list-add.svg
+++ b/lam/graphics/list-add.svg
@ -0,0 +1,8 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" version="1.1" viewBox="0 0 16 16">
 <defs>
  <style id="current-color-scheme" type="text/css">
   .ColorScheme-Text { color:#444444; } .ColorScheme-Highlight { color:#4285f4; } .ColorScheme-NeutralText { color:#ff9800; } .ColorScheme-PositiveText { color:#4caf50; } .ColorScheme-NegativeText { color:#f44336; }
  </style>
 </defs>
 <path style="fill:currentColor" class="ColorScheme-Text" d="M 4,0 C 4,0 3,0 3,1 V 15 L 8,12 13,15 V 1 C 13,1 13,0 12,0 Z M 7,3 H 9 V 5 H 11 V 7 H 9 V 9 H 7 V 7 H 5 V 5 H 7 Z"/>
 </svg>
--- a/lam/graphics/list-remove.svg
+++ b/lam/graphics/list-remove.svg
@ -0,0 +1,8 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" version="1.1">
 <defs>
  <style id="current-color-scheme" type="text/css">
   .ColorScheme-Text { color:#444444; } .ColorScheme-Highlight { color:#4285f4; } .ColorScheme-NeutralText { color:#ff9800; } .ColorScheme-PositiveText { color:#4caf50; } .ColorScheme-NegativeText { color:#f44336; }
  </style>
 </defs>
 <path style="fill:currentColor" class="ColorScheme-Text" d="M 4 0 C 4 0 3 0 3 1 L 3 15 L 8 12 L 13 15 L 13 1 C 13 1 13 0 12 0 L 4 0 z M 5 5 L 11 5 L 11 7 L 5 7 L 5 5 z"/>
 </svg>
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@ -5,7 +5,7 @@ use \LAM\TYPES\TypeManager;
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006 Michael Duergner
-                2003 - 2024 Roland Gruber
+                2003 - 2025 Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -42,9 +42,9 @@ if (isset($_SESSION['conf_config'])) {
 		$entry206Example .= "<b>" . $type->getAlias() . ":</b><br>\n";
 		$descriptions = $type->getBaseType()->getListAttributeDescriptions();
 		$attributes = array_keys($descriptions);
-		for ($a = 0; $a < sizeof($attributes); $a++) {
+		for ($a = 0; $a < count($attributes); $a++) {
 			$entry206Example .= "#" . $attributes[$a] . ": " . $descriptions[$attributes[$a]];
-			if ($a < (sizeof($attributes) - 1)) {
+			if ($a < (count($attributes) - 1)) {
 				$entry206Example .= ", ";
 			}
 		}
@ -239,7 +239,7 @@ $helpArray = [
 					"Text" => _("Please select if the connection should be encrypted via TLS, SSL or not at all.")
 				],
 				"257" => ["Headline" => _("Hide LDAP details on failed login"),
-					"Text" => _("If activated, LAM will not display and details why the login to LAM failed. Use this if you have high security requirements and want to prevent e.g. user name guessing.")
+					"Text" => _("If activated, LAM will not display any details why the login to LAM failed. Use this if you have high security requirements and want to prevent e.g. user name guessing.")
 				],
 				"258" => ["Headline" => _("Mail attribute"),
 					"Text" => _("This LDAP attribute contains the account's primary mail address.")
@ -300,6 +300,9 @@ $helpArray = [
 				"276" => ["Headline" => _('Database name'),
 					"Text" => _('This is the database name on the server.')
 				],
 				"277" => ["Headline" => _('CA certificate path'),
 					"Text" => _('For SSL-secured connections please enter the path to your CA certificate file.')
 				],
 				'280' => ["Headline" => _('Allow setting specific passwords'),
 					"Text" => _('Allows to set a specific password via input field.')
 				],
@ -333,7 +336,7 @@ $helpArray = [
 				'289' => ["Headline" => _('From address'),
 					"Text" => _('This email address will be set as sender address of the mails.')
 				],
-				'290' => ["Headline" => _('TO address'),
+				'290' => ["Headline" => _('To address'),
 					"Text" => _('This email address will be set as TO address for the mails.') . ' '
 						. _("Multiple values are separated by semicolon.")
 				],
@ -349,6 +352,33 @@ $helpArray = [
 				"294" => ["Headline" => _('Cron command'),
 					"Text" => _('Run this for global cleanup tasks. See manual for details.')
 				],
 				"295" => ["Headline" => _("Show deleted entries"),
 					"Text" => _("This enables to show deleted entries in \"CN=Deleted Objects\" for Active Directory.")
 				],
 				"296" => ["Headline" => _("SMS provider"),
 					"Text" => _("Please select the SMS provider that should be used for password and reset link sending.")
 				],
 				"297" => ["Headline" => _("API key"),
 					"Text" => _("Please enter the API key of your SMS provider.")
 				],
 				"298" => ["Headline" => _("Token"),
 					"Text" => _("Please enter the API token of your SMS provider.")
 				],
 				"298a" => ["Headline" => _("Account id"),
 					"Text" => _("Please enter the account id of your SMS provider.")
 				],
 				"299" => ["Headline" => _("Mobile phone attributes"),
 					"Text" => _("Please enter the LDAP attributes that should be checked to identify the user's mobile phone number.") . ' ' . _("Multiple values are separated by semicolon.")
 				],
 				"299a" => ["Headline" => _("Default country prefix"),
 					"Text" => _("Please enter the default country prefix for your phone numbers (e.g. '+49').")
 				],
 				"299b" => ["Headline" => _("From"),
 					"Text" => _("Please enter the phone number or messaging service ID that acts as the source of the message.")
 				],
 				"299c" => ["Headline" => _("Region"),
 					"Text" => _("Please enter the region ID for the SMS service.")
 				],
 				// 300 - 399
 				// profile/PDF editor, file upload
 				"301" => ["Headline" => _("RDN identifier"),
@ -408,6 +438,9 @@ $helpArray = [
 				"411" => ["Headline" => _("Font"),
 					"Text" => _("Please select the font for the PDF file. Dejavu will work on all systems but does not support e.g. Chinese and Japanese. The other fonts require that an appropriate font is installed on the system where the PDF is opened.")
 				],
 				"412" => ["Headline" => _("Send via SMS"),
 					"Text" => _("Sends the password to the user via SMS.")
 				],
 				// 500 - 599
 				// LAM Pro
 				"501" => ["Headline" => _("LDAP suffix"),
@ -539,6 +572,9 @@ $helpArray = [
 					"Text" => _('This email address will be set as To address of all mails.') . ' '
 						. _('Multiple values are separated by comma.')
 				],
 				"558" => ["Headline" => _("Send SMS"),
 					"Text" => _('Sends the confirmation link by SMS. If no phone number is found then an email will be sent.')
 				],
 				"560" => ["Headline" => _("Remember device"),
 					"Text" => _('This will remember your current device. You will not need to provide your 2nd factor for a configured period of time.')
 				],
--- a/lam/lib/2factor.inc
+++ b/lam/lib/2factor.inc
@ -7,8 +7,14 @@ use DateTime;
 use Duo\DuoUniversal\Client;
 use Duo\DuoUniversal\DuoException;
 use Exception;
 use Facile\OpenIDClient\Client\ClientBuilder;
 use Facile\OpenIDClient\Client\ClientInterface;
 use Facile\OpenIDClient\Client\Metadata\ClientMetadata;
 use Facile\OpenIDClient\Issuer\IssuerBuilder;
 use GuzzleHttp\Psr7\ServerRequest;
 use htmlResponsiveRow;
 use LAM\LOGIN\WEBAUTHN\WebauthnManager;
 use LAM_INTERFACE;
 use SelfServiceLoginHandler;
 use selfServiceProfile;
 use LAMConfig;
@ -23,7 +29,7 @@ use Webauthn\PublicKeyCredentialCreationOptions;
 /*
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2017 - 2024  Roland Gruber
+  Copyright (C) 2017 - 2025  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -65,7 +71,7 @@ interface TwoFactorProvider {
 	 * @param string $password password
 	 * @param string $serial serial number of token
 	 * @param string $twoFactorInput input for 2nd factor
-	 * @return boolean true if verified and false if verification failed
+	 * @return bool true if verified and false if verification failed
 	 * @throws Exception error during check
 	 */
 	public function verify2ndFactor($user, $password, $serial, $twoFactorInput);
@ -74,7 +80,7 @@ interface TwoFactorProvider {
 	 * Returns if the service has a custom input form.
 	 * In this case the token field is not displayed.
 	 *
-	 * @return has custom input form
+	 * @return bool has custom input form
 	 */
 	public function hasCustomInputForm();
@ -130,7 +136,7 @@ abstract class BaseProvider implements TwoFactorProvider {
 	 * Returns the value of the user attribute in LDAP.
 	 *
 	 * @param string $userDn user DN
-	 * @return string user name
+	 * @return string|null user name
 	 */
 	protected function getLoginAttributeValue($userDn) {
 		$attrName = $this->config->twoFactorAuthenticationSerialAttributeName;
@ -456,7 +462,7 @@ class DuoProvider extends BaseProvider {
 	 * @see BaseProvider::addCustomInput
 	 */
 	public function addCustomInput(&$row, $userDn) {
-		$pathPrefix = $this->config->isSelfService ? '../' : '';
+		$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/duo.png'));
 		if (!empty($_GET['duo_code'])) {
 			// authentication is verified
@ -607,7 +613,7 @@ class OktaProvider extends BaseProvider {
 			return;
 		}
-		$pathPrefix = $this->config->isSelfService ? '../' : '';
+		$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/okta.png'));
 		$_SESSION['okta_state'] = bin2hex(random_bytes(10));
 		$_SESSION['okta_code_verifier'] = bin2hex(random_bytes(50));
@ -792,7 +798,7 @@ class OpenIdProvider extends BaseProvider {
 			return;
 		}
 		$content = new htmlResponsiveRow();
-		$pathPrefix = $this->config->isSelfService ? '../' : '';
+		$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/openid.png'));
 		include_once __DIR__ . '/3rdParty/composer/autoload.php';
 		try {
@ -831,10 +837,10 @@ class OpenIdProvider extends BaseProvider {
 	/**
 	 * Returns the client object.
 	 *
-	 * @return \Facile\OpenIDClient\Client\Client client
+	 * @return ClientInterface client
 	 */
-	private function getOpenIdClient(): \Facile\OpenIDClient\Client\Client {
+	private function getOpenIdClient(): ClientInterface {
-		$issuer = (new \Facile\OpenIDClient\Issuer\IssuerBuilder())->build($this->config->twoFactorAuthenticationURL . '/.well-known/openid-configuration');
+		$issuer = (new IssuerBuilder())->build($this->config->twoFactorAuthenticationURL . '/.well-known/openid-configuration');
 		$meta = [
 			'client_id' => $this->config->twoFactorAuthenticationClientId,
 			'client_secret' => $this->config->twoFactorAuthenticationSecretKey,
@ -843,8 +849,8 @@ class OpenIdProvider extends BaseProvider {
 		if (!empty($_GET['redirect_uri'])) {
 			$meta['redirect_uri'] = $_GET['redirect_uri'];
 		}
-		$clientMetadata = \Facile\OpenIDClient\Client\Metadata\ClientMetadata::fromArray($meta);
+		$clientMetadata = ClientMetadata::fromArray($meta);
-		return (new \Facile\OpenIDClient\Client\ClientBuilder())
+		return (new ClientBuilder())
 			->setIssuer($issuer)
 			->setClientMetadata($clientMetadata)
 			->build();
@ -874,7 +880,7 @@ class OpenIdProvider extends BaseProvider {
 		include_once __DIR__ . '/3rdParty/composer/autoload.php';
 		$client = $this->getOpenIdClient();
 		$authorizationService = $this->getAuthorizationService();
-		$serverRequest = \GuzzleHttp\Psr7\ServerRequest::fromGlobals();
+		$serverRequest = ServerRequest::fromGlobals();
 		try {
 			$callbackParams = $authorizationService->getCallbackParams($serverRequest, $client);
 			$tokenSet = $authorizationService->callback($client, $callbackParams, $_GET['redirect_uri']);
@ -971,8 +977,8 @@ class WebauthnProvider extends BaseProvider {
 			$row->add(new htmlStatusMessage('INFO', _('Please register a security device.')));
 		}
 		$row->addVerticalSpacer('2rem');
-		$pathPrefix = $this->config->isSelfService ? '../' : '';
+		$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
-		$selfServiceParam = $this->config->isSelfService ? 'true' : 'false';
+		$selfServiceParam = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? 'selfservice=true' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg', '50%'));
 		$row->addVerticalSpacer('1rem');
 		$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.'));
@ -990,7 +996,9 @@ class WebauthnProvider extends BaseProvider {
 		$errorMessageDiv->addDataAttribute('button', _('Ok'));
 		$errorMessageDiv->addDataAttribute('title', _('WebAuthn failed'));
 		$row->add($errorMessageDiv);
-		$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', ' . $selfServiceParam . ');'), 0);
+		$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', \'' . $selfServiceParam . '\',' .
 			' \'' . _('Do you want to set a name for this device?') . '\', \'' . _('Name') . '\',' .
 			' \'' . _('Ok') . '\', \'' . _('Cancel') . '\');'), 0);
 	}
 	/**
@ -1024,7 +1032,14 @@ class WebauthnProvider extends BaseProvider {
 			}
 			$response = base64_decode($_POST['sig_response']);
 			$registrationObject = PublicKeyCredentialCreationOptions::createFromString($_SESSION['webauthn_registration']);
-			return $webauthnManager->storeNewRegistration($registrationObject, $response);
+			if (!$webauthnManager->storeNewRegistration($registrationObject, $response)) {
 				return false;
 			}
 			if (!empty($_POST['newName'])) {
 				$deviceList = $webauthnManager->getDatabase()->findAllForUserDn($userDn);
 				$webauthnManager->getDatabase()->updateDeviceName($userDn, base64_encode($deviceList[0]->getPublicKeyCredentialId()), $_POST['newName']);
 			}
 			return true;
 		}
 		else {
 			logNewMessage(LOG_DEBUG, 'Checking WebAuthn response of ' . $userDn);
@ -1072,7 +1087,7 @@ class TwoFactorProviderService {
 	 *
 	 * @param selfServiceProfile|LAMConfig $configObj profile
 	 */
-	public function __construct(&$configObj) {
+	public function __construct(selfServiceProfile|LAMConfig $configObj) {
 		if ($configObj instanceof selfServiceProfile) {
 			$this->config = $this->getConfigSelfService($configObj);
 		}
@ -1084,7 +1099,6 @@ class TwoFactorProviderService {
 	/**
 	 * Returns the provider for the given type.
 	 *
 	 * @param string $type authentication type
 	 * @return TwoFactorProvider provider
 	 * @throws Exception unable to get provider
 	 */
@ -1231,7 +1245,7 @@ class TwoFactorProviderService {
 	 */
 	private function getConfigSelfService(&$profile): TwoFactorConfiguration {
 		$tfConfig = new TwoFactorConfiguration();
-		$tfConfig->isSelfService = true;
+		$tfConfig->interface = LAM_INTERFACE::SELF_SERVICE;
 		$tfConfig->twoFactorAuthentication = $profile->twoFactorAuthentication;
 		$tfConfig->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
 		$tfConfig->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
@ -1281,7 +1295,7 @@ class TwoFactorProviderService {
 	 */
 	private function getConfigAdmin($conf): TwoFactorConfiguration {
 		$tfConfig = new TwoFactorConfiguration();
-		$tfConfig->isSelfService = false;
+		$tfConfig->interface = LAM_INTERFACE::ADMIN;
 		$tfConfig->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
 		$tfConfig->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
 		$tfConfig->twoFactorAuthenticationOptional = $conf->getTwoFactorAuthenticationOptional();
@ -1327,10 +1341,8 @@ class TwoFactorProviderService {
 */
 class TwoFactorConfiguration {
-	/**
+	/** LAM UI */
-	 * @var bool is self service
+	public LAM_INTERFACE $interface = LAM_INTERFACE::ADMIN;
 	 */
 	public bool $isSelfService = false;
 	/**
 	 * @var ?string provider id
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/CODE_OF_CONDUCT.md
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/CODE_OF_CONDUCT.md
@ -0,0 +1,4 @@
 ## Code of Conduct
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
 For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 opensource-codeofconduct@amazon.com with any additional questions or comments.
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/LICENSE
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/LICENSE
@ -0,0 +1,175 @@
                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
   1. Definitions.
      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.
      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/NOTICE
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/NOTICE
@ -0,0 +1 @@
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/README.md
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/README.md
@ -0,0 +1,117 @@
 # AWS Common Runtime PHP bindings
 ## Requirements
 * PHP 5.5+ on UNIX platforms, 7.2+ on Windows
 * CMake 3.x
 * GCC 4.4+, clang 3.8+ on UNIX, Visual Studio build tools on Windows
 * Tests require [Composer](https://getcomposer.org)
 ## Installing with Composer and PECL
 The package has two different package published to [composer](https://packagist.org/packages/aws/aws-crt-php) and [PECL](https://pecl.php.net/package/awscrt).
 On UNIX, you can get the package from package manager or build from source:
 ```
 pecl install awscrt
 composer require aws/aws-crt-php
 ```
 On Windows, you need to build from source as instruction written below for the native extension `php_awscrt.dll` . And, follow https://www.php.net/manual/en/install.pecl.windows.php#install.pecl.windows.loading to load extension. After that:
 ```
 composer require aws/aws-crt-php
 ```
 ## Building from Github source
 ```sh
 $ git clone --recursive https://github.com/awslabs/aws-crt-php.git
 $ cd aws-crt-php
 $ phpize
 $ ./configure
 $ make
 $ ./dev-scripts/run_tests.sh
 ```
 ## Building on Windows
 ### Requirements for Windows
 * Ensure you have the [windows PHP SDK](https://github.com/microsoft/php-sdk-binary-tools) (this example assumes installation of the SDK to C:\php-sdk and that you've checked out the PHP source to php-src within the build directory) and it works well on your machine.
 * Ensure you have "Development package (SDK to develop PHP extensions)" and PHP available from your system path. You can download them from https://windows.php.net/download/. You can check if they are available by running `phpize -v` and `php -v`
 ### Instructions
 From Command Prompt (not powershell). The instruction is based on Visual Studio 2019 on 64bit Windows.
 ```bat
 > git clone --recursive https://github.com/awslabs/aws-crt-php.git
 > git clone https://github.com/microsoft/php-sdk-binary-tools.git C:\php-sdk
 > C:\php-sdk\phpsdk-vs16-x64.bat
 C:\php-sdk\
 $ cd <your-path-to-aws-crt-php>
 <your-path-to-aws-crt-php>\
 $ phpize
 # --with-prefix only required when your php runtime in system path is different than the runtime you wish to use.
 <your-path-to-aws-crt-php>\
 $ configure --enable-awscrt=shared --with-prefix=<your-path-to-php-prefix>
 <your-path-to-aws-crt-php>\
 $ nmake
 <your-path-to-aws-crt-php>\
 $ nmake generate-php-ini
 # check .\php-win.ini, it now has the full path to php_awscrt.dll that you can manually load to your php runtime, or you can run the following command to run tests and load the required native extension for awscrt.
 <your-path-to-aws-crt-php>\
 $ .\dev-scripts\run_tests.bat <your-path-to-php-binary>
 ```
 Note: for VS2017, Cmake will default to build for Win32, refer to [here](https://cmake.org/cmake/help/latest/generator/Visual%20Studio%2015%202017.html). If you are building for x64 php, you can set environment variable as follow to let cmake pick x64 compiler.
 ```bat
 set CMAKE_GENERATOR=Visual Studio 15 2017
 set CMAKE_GENERATOR_PLATFORM=x64
 ```
 ## Debugging
 Using [PHPBrew](https://github.com/phpbrew/phpbrew) to build/manage multiple versions of PHP is helpful.
 Note: You must use a debug build of PHP to debug native extensions.
 See the [PHP Internals Book](https://www.phpinternalsbook.com/php7/build_system/building_php.html) for more info
 ```shell
 # PHP 8 example
 $ phpbrew install --stdout -j 8 8.0 +default -- CFLAGS=-Wno-error --disable-cgi --enable-debug
 # PHP 5.5 example
 $ phpbrew install --stdout -j 8 5.5 +default -openssl -mbstring -- CFLAGS="-w -Wno-error" --enable-debug --with-zlib=/usr/local/opt/zlib
 $ phpbrew switch php-8.0.6 # or whatever version is current, it'll be at the end of the build output
 $ phpize
 $ ./configure
 $ make CMAKE_BUILD_TYPE=Debug
 ```
 Ensure that the php you launch from your debugger is the result of `which php` , not just
 the system default php.
 ## Security
 See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
 ## Known OpenSSL related issue (Unix only)
 * When your php loads a different version of openssl than your system openssl version, awscrt may fail to load or weirdly crash. You can find the openssl version php linked via: `php -i | grep 'OpenSSL'`, and awscrt linked from the build log, which will be `Found OpenSSL: * (found version *)`
 The easiest workaround to those issue is to build from source and get aws-lc for awscrt to depend on instead.
 TO do that, same instructions as [here](#building-from-github-source), but use `USE_OPENSSL=OFF make` instead of `make`
 ## License
 This project is licensed under the Apache-2.0 License.
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/composer.json
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/composer.json
@ -0,0 +1,35 @@
 {
    "name": "aws/aws-crt-php",
    "homepage": "https://github.com/awslabs/aws-crt-php",
    "description": "AWS Common Runtime for PHP",
    "keywords": ["aws","amazon","sdk","crt"],
    "type": "library",
    "authors": [
        {
            "name": "AWS SDK Common Runtime Team",
            "email": "aws-sdk-common-runtime@amazon.com"
        }
    ],
    "minimum-stability": "alpha",
    "require": {
        "php": ">=5.5"
    },
    "require-dev": {
        "phpunit/phpunit":"^4.8.35||^5.6.3||^9.5",
        "yoast/phpunit-polyfills": "^1.0"
    },
    "autoload": {
        "classmap": [
            "src/"
        ]
    },
    "suggest": {
        "ext-awscrt": "Make sure you install awscrt native extension to use any of the functionality."
    },
    "scripts": {
        "test": "./dev-scripts/run_tests.sh",
        "test-extension": "@test",
        "test-win": ".\\dev-scripts\\run_tests.bat"
    },
    "license": "Apache-2.0"
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/format-check.py
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/format-check.py
@ -0,0 +1,46 @@
 #!/usr/bin/env python3
 import argparse
 import os
 from pathlib import Path
 import re
 from subprocess import list2cmdline, run
 from tempfile import NamedTemporaryFile
 CLANG_FORMAT_VERSION = '18.1.6'
 INCLUDE_REGEX = re.compile(r'^ext/.*\.(c|h|inl)$')
 EXCLUDE_REGEX = re.compile(r'^$')
 arg_parser = argparse.ArgumentParser(description="Check with clang-format")
 arg_parser.add_argument('-i', '--inplace-edit', action='store_true',
                        help="Edit files inplace")
 args = arg_parser.parse_args()
 os.chdir(Path(__file__).parent)
 # create file containing list of all files to format
 filepaths_file = NamedTemporaryFile(delete=False)
 for dirpath, dirnames, filenames in os.walk('.'):
    for filename in filenames:
        # our regexes expect filepath to use forward slash
        filepath = Path(dirpath, filename).as_posix()
        if not INCLUDE_REGEX.match(filepath):
            continue
        if EXCLUDE_REGEX.match(filepath):
            continue
        filepaths_file.write(f"{filepath}\n".encode())
 filepaths_file.close()
 # use pipx to run clang-format from PyPI
 # this is a simple way to run the same clang-format version regardless of OS
 cmd = ['pipx', 'run', f'clang-format=={CLANG_FORMAT_VERSION}',
       f'--files={filepaths_file.name}']
 if args.inplace_edit:
    cmd += ['-i']
 else:
    cmd += ['--Werror', '--dry-run']
 print(f"{Path.cwd()}$ {list2cmdline(cmd)}")
 if run(cmd).returncode:
    exit(1)
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/AwsCredentials.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/AwsCredentials.php
@ -0,0 +1,69 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 use AWS\CRT\NativeResource as NativeResource;
 use AWS\CRT\Options as Options;
 /**
 * Represents a set of AWS credentials
 *
 * @param array options:
 * - string access_key_id - AWS Access Key Id
 * - string secret_access_key - AWS Secret Access Key
 * - string session_token - Optional STS session token
 * - int expiration_timepoint_seconds - Optional time to expire these credentials
 */
 final class AwsCredentials extends NativeResource {
    static function defaults() {
        return [
            'access_key_id' => '',
            'secret_access_key' => '',
            'session_token' => '',
            'expiration_timepoint_seconds' => 0,
        ];
    }
    private $access_key_id;
    private $secret_access_key;
    private $session_token;
    private $expiration_timepoint_seconds = 0;
    public function __get($name) {
        return $this->$name;
    }
    function __construct(array $options = []) {
        parent::__construct();
        $options = new Options($options, self::defaults());
        $this->access_key_id = $options->access_key_id->asString();
        $this->secret_access_key = $options->secret_access_key->asString();
        $this->session_token = $options->session_token ? $options->session_token->asString() : null;
        $this->expiration_timepoint_seconds = $options->expiration_timepoint_seconds->asInt();
        if (strlen($this->access_key_id) == 0) {
            throw new \InvalidArgumentException("access_key_id must be provided");
        }
        if (strlen($this->secret_access_key) == 0) {
            throw new \InvalidArgumentException("secret_access_key must be provided");
        }
        $creds_options = self::$crt->aws_credentials_options_new();
        self::$crt->aws_credentials_options_set_access_key_id($creds_options, $this->access_key_id);
        self::$crt->aws_credentials_options_set_secret_access_key($creds_options, $this->secret_access_key);
        self::$crt->aws_credentials_options_set_session_token($creds_options, $this->session_token);
        self::$crt->aws_credentials_options_set_expiration_timepoint_seconds($creds_options, $this->expiration_timepoint_seconds);
        $this->acquire(self::$crt->aws_credentials_new($creds_options));
        self::$crt->aws_credentials_options_release($creds_options);
    }
    function __destruct() {
        self::$crt->aws_credentials_release($this->release());
        parent::__destruct();
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/CredentialsProvider.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/CredentialsProvider.php
@ -0,0 +1,23 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 use AWS\CRT\NativeResource as NativeResource;
 /**
 * Base class for credentials providers
 */
 abstract class CredentialsProvider extends NativeResource {
    function __construct(array $options = []) {
        parent::__construct();
    }
    function __destruct() {
        self::$crt->credentials_provider_release($this->release());
        parent::__destruct();
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/Signable.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/Signable.php
@ -0,0 +1,43 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 use AWS\CRT\IO\InputStream;
 use AWS\CRT\NativeResource as NativeResource;
 class Signable extends NativeResource {
    public static function fromHttpRequest($http_message) {
        return new Signable(function() use ($http_message) {
            return self::$crt->signable_new_from_http_request($http_message->native);
        });
    }
    public static function fromChunk($chunk_stream, $previous_signature="") {
        if (!($chunk_stream instanceof InputStream)) {
            $chunk_stream = new InputStream($chunk_stream);
        }
        return new Signable(function() use($chunk_stream, $previous_signature) {
            return self::$crt->signable_new_from_chunk($chunk_stream->native, $previous_signature);
        });
    }
    public static function fromCanonicalRequest($canonical_request) {
        return new Signable(function() use($canonical_request) {
            return self::$crt->signable_new_from_canonical_request($canonical_request);
        });
    }
    protected function __construct($ctor) {
        parent::__construct();
        $this->acquire($ctor());
    }
    function __destruct() {
        self::$crt->signable_release($this->release());
        parent::__destruct();
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SignatureType.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SignatureType.php
@ -0,0 +1,15 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 class SignatureType {
    const HTTP_REQUEST_HEADERS = 0;
    const HTTP_REQUEST_QUERY_PARAMS = 1;
    const HTTP_REQUEST_CHUNK = 2;
    const HTTP_REQUEST_EVENT = 3;
    const CANONICAL_REQUEST_HEADERS = 4;
    const CANONICAL_REQUEST_QUERY_PARAMS = 5;
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SignedBodyHeaderType.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SignedBodyHeaderType.php
@ -0,0 +1,11 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 class SignedBodyHeaderType {
    const NONE = 0;
    const X_AMZ_CONTENT_SHA256 = 1;
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/Signing.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/Signing.php
@ -0,0 +1,22 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 use AWS\CRT\NativeResource;
 abstract class Signing extends NativeResource {
    static function signRequestAws($signable, $signing_config, $on_complete) {
        return self::$crt->sign_request_aws($signable->native, $signing_config->native,
            function($result, $error_code) use ($on_complete) {
                $signing_result = SigningResult::fromNative($result);
                $on_complete($signing_result, $error_code);
            }, null);
    }
    static function testVerifySigV4ASigning($signable, $signing_config, $expected_canonical_request, $signature, $ecc_key_pub_x, $ecc_key_pub_y) {
        return self::$crt->test_verify_sigv4a_signing($signable, $signing_config, $expected_canonical_request, $signature, $ecc_key_pub_x, $ecc_key_pub_y);
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningAlgorithm.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningAlgorithm.php
@ -0,0 +1,11 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 class SigningAlgorithm {
    const SIGv4 = 0;
    const SIGv4_ASYMMETRIC = 1;
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningConfigAWS.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningConfigAWS.php
@ -0,0 +1,75 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 use AWS\CRT\NativeResource as NativeResource;
 use AWS\CRT\Options as Options;
 class SigningConfigAWS extends NativeResource {
    public static function defaults() {
        return [
            'algorithm' => SigningAlgorithm::SIGv4,
            'signature_type' => SignatureType::HTTP_REQUEST_HEADERS,
            'credentials_provider' => null,
            'region' => null,
            'service' => null,
            'use_double_uri_encode' => false,
            'should_normalize_uri_path' => false,
            'omit_session_token' => false,
            'signed_body_value' => null,
            'signed_body_header_type' => SignedBodyHeaderType::NONE,
            'expiration_in_seconds' => 0,
            'date' => time(),
            'should_sign_header' => null,
        ];
    }
    private $options;
    public function __construct(array $options = []) {
        parent::__construct();
        $this->options = $options = new Options($options, self::defaults());
        $sc = $this->acquire(self::$crt->signing_config_aws_new());
        self::$crt->signing_config_aws_set_algorithm($sc, $options->algorithm->asInt());
        self::$crt->signing_config_aws_set_signature_type($sc, $options->signature_type->asInt());
        if ($credentials_provider = $options->credentials_provider->asObject()) {
            self::$crt->signing_config_aws_set_credentials_provider(
                $sc,
                $credentials_provider->native);
        }
        self::$crt->signing_config_aws_set_region(
            $sc, $options->region->asString());
        self::$crt->signing_config_aws_set_service(
            $sc, $options->service->asString());
        self::$crt->signing_config_aws_set_use_double_uri_encode(
            $sc, $options->use_double_uri_encode->asBool());
        self::$crt->signing_config_aws_set_should_normalize_uri_path(
            $sc, $options->should_normalize_uri_path->asBool());
        self::$crt->signing_config_aws_set_omit_session_token(
            $sc, $options->omit_session_token->asBool());
        self::$crt->signing_config_aws_set_signed_body_value(
            $sc, $options->signed_body_value->asString());
        self::$crt->signing_config_aws_set_signed_body_header_type(
            $sc, $options->signed_body_header_type->asInt());
        self::$crt->signing_config_aws_set_expiration_in_seconds(
            $sc, $options->expiration_in_seconds->asInt());
        self::$crt->signing_config_aws_set_date($sc, $options->date->asInt());
        if ($should_sign_header = $options->should_sign_header->asCallable()) {
            self::$crt->signing_config_aws_set_should_sign_header_fn($sc, $should_sign_header);
        }
    }
    function __destruct()
    {
        self::$crt->signing_config_aws_release($this->release());
        parent::__destruct();
    }
    public function __get($name) {
        return $this->options->get($name);
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningResult.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningResult.php
@ -0,0 +1,33 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 use AWS\CRT\NativeResource;
 use AWS\CRT\HTTP\Request;
 class SigningResult extends NativeResource {
    protected function __construct($native) {
        parent::__construct();
        $this->acquire($native);
    }
    function __destruct() {
        // No destruction necessary, SigningResults are transient, just release
        $this->release();
        parent::__destruct();
    }
    public static function fromNative($ptr) {
        return new SigningResult($ptr);
    }
    public function applyToHttpRequest(&$http_request) {
        self::$crt->signing_result_apply_to_http_request($this->native, $http_request->native);
        // Update http_request from native
        $http_request = Request::unmarshall($http_request->toBlob());
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/StaticCredentialsProvider.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/StaticCredentialsProvider.php
@ -0,0 +1,35 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\Auth;
 /**
 * Provides a static set of AWS credentials
 *
 * @param array options:
 * - string access_key_id - AWS Access Key Id
 * - string secret_access_key - AWS Secret Access Key
 * - string session_token - Optional STS session token
 */
 final class StaticCredentialsProvider extends CredentialsProvider {
    private $credentials;
    public function __get($name) {
        return $this->$name;
    }
    function __construct(array $options = []) {
        parent::__construct();
        $this->credentials = new AwsCredentials($options);
        $provider_options = self::$crt->credentials_provider_static_options_new();
        self::$crt->credentials_provider_static_options_set_access_key_id($provider_options, $this->credentials->access_key_id);
        self::$crt->credentials_provider_static_options_set_secret_access_key($provider_options, $this->credentials->secret_access_key);
        self::$crt->credentials_provider_static_options_set_session_token($provider_options, $this->credentials->session_token);
        $this->acquire(self::$crt->credentials_provider_static_new($provider_options));
        self::$crt->credentials_provider_static_options_release($provider_options);
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/CRT.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/CRT.php
@ -0,0 +1,358 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT;
 use AWS\CRT\Internal\Extension;
 use \RuntimeException;
 /**
 * Wrapper for the interface to the CRT. There only ever needs to be one of these, but
 * additional instances won't cost anything other than their memory.
 * Creating an instance of any NativeResource will activate the CRT binding. User code
 * should only need to create one of these if they are only accessing CRT:: static functions.
 */
 final class CRT {
    private static $impl = null;
    private static $refcount = 0;
    function __construct() {
        if (is_null(self::$impl)) {
            try {
                self::$impl = new Extension();
            } catch (RuntimeException $rex) {
                throw new RuntimeException("Unable to initialize AWS CRT via awscrt extension: \n$rex", -1);
            }
        }
        ++self::$refcount;
    }
    function __destruct() {
        if (--self::$refcount == 0) {
            self::$impl = null;
        }
    }
    /**
     * @return bool whether or not the CRT is currently loaded
     */
    public static function isLoaded() {
        return !is_null(self::$impl);
    }
    /**
     * @return bool whether or not the CRT is available via one of the possible backends
     */
    public static function isAvailable() {
        try {
            new CRT();
            return true;
        } catch (RuntimeException $ex) {
            return false;
        }
    }
    /**
     * @return integer last error code reported within the CRT
     */
    public static function last_error() {
        return self::$impl->aws_crt_last_error();
    }
    /**
     * @param integer $error Error code from the CRT, usually delivered via callback or {@see last_error}
     * @return string Human-readable description of the provided error code
     */
    public static function error_str($error) {
        return self::$impl->aws_crt_error_str((int) $error);
    }
    /**
     * @param integer $error Error code from the CRT, usually delivered via callback or {@see last_error}
     * @return string Name/enum identifier for the provided error code
     */
    public static function error_name($error) {
        return self::$impl->aws_crt_error_name((int) $error);
    }
    public static function log_to_stdout() {
        return self::$impl->aws_crt_log_to_stdout();
    }
    public static function log_to_stderr() {
        return self::$impl->aws_crt_log_to_stderr();
    }
    public static function log_to_file($filename) {
        return self::$impl->aws_crt_log_to_file($filename);
    }
    public static function log_to_stream($stream) {
        return self::$impl->aws_crt_log_to_stream($stream);
    }
    public static function log_set_level($level) {
        return self::$impl->aws_crt_log_set_level($level);
    }
    public static function log_stop() {
        return self::$impl->aws_crt_log_stop();
    }
    public static function log_message($level, $message) {
        return self::$impl->aws_crt_log_message($level, $message);
    }
    /**
     * @return object Pointer to native event_loop_group_options
     */
    function event_loop_group_options_new() {
        return self::$impl->aws_crt_event_loop_group_options_new();
    }
    /**
     * @param object $elg_options Pointer to native event_loop_group_options
     */
    function event_loop_group_options_release($elg_options) {
        self::$impl->aws_crt_event_loop_group_options_release($elg_options);
    }
    /**
     * @param object $elg_options Pointer to native event_loop_group_options
     * @param integer $max_threads Maximum number of threads to allow the event loop group to use, default: 0/1 per CPU core
     */
    function event_loop_group_options_set_max_threads($elg_options, $max_threads) {
        self::$impl->aws_crt_event_loop_group_options_set_max_threads($elg_options, (int)$max_threads);
    }
    /**
     * @param object Pointer to event_loop_group_options, {@see event_loop_group_options_new}
     * @return object Pointer to the new event loop group
     */
    function event_loop_group_new($options) {
        return self::$impl->aws_crt_event_loop_group_new($options);
    }
    /**
     * @param object $elg Pointer to the event loop group to release
     */
    function event_loop_group_release($elg) {
        self::$impl->aws_crt_event_loop_group_release($elg);
    }
    /**
     * return object Pointer to native AWS credentials options
     */
    function aws_credentials_options_new() {
        return self::$impl->aws_crt_credentials_options_new();
    }
    function aws_credentials_options_release($options) {
        self::$impl->aws_crt_credentials_options_release($options);
    }
    function aws_credentials_options_set_access_key_id($options, $access_key_id) {
        self::$impl->aws_crt_credentials_options_set_access_key_id($options, $access_key_id);
    }
    function aws_credentials_options_set_secret_access_key($options, $secret_access_key) {
        self::$impl->aws_crt_credentials_options_set_secret_access_key($options, $secret_access_key);
    }
    function aws_credentials_options_set_session_token($options, $session_token) {
        self::$impl->aws_crt_credentials_options_set_session_token($options, $session_token);
    }
    function aws_credentials_options_set_expiration_timepoint_seconds($options, $expiration_timepoint_seconds) {
        self::$impl->aws_crt_credentials_options_set_expiration_timepoint_seconds($options, $expiration_timepoint_seconds);
    }
    function aws_credentials_new($options) {
        return self::$impl->aws_crt_credentials_new($options);
    }
    function aws_credentials_release($credentials) {
        self::$impl->aws_crt_credentials_release($credentials);
    }
    function credentials_provider_release($provider) {
        self::$impl->aws_crt_credentials_provider_release($provider);
    }
    function credentials_provider_static_options_new() {
        return self::$impl->aws_crt_credentials_provider_static_options_new();
    }
    function credentials_provider_static_options_release($options) {
        self::$impl->aws_crt_credentials_provider_static_options_release($options);
    }
    function credentials_provider_static_options_set_access_key_id($options, $access_key_id) {
        self::$impl->aws_crt_credentials_provider_static_options_set_access_key_id($options, $access_key_id);
    }
    function credentials_provider_static_options_set_secret_access_key($options, $secret_access_key) {
        self::$impl->aws_crt_credentials_provider_static_options_set_secret_access_key($options, $secret_access_key);
    }
    function credentials_provider_static_options_set_session_token($options, $session_token) {
        self::$impl->aws_crt_credentials_provider_static_options_set_session_token($options, $session_token);
    }
    function credentials_provider_static_new($options) {
        return self::$impl->aws_crt_credentials_provider_static_new($options);
    }
    function input_stream_options_new() {
        return self::$impl->aws_crt_input_stream_options_new();
    }
    function input_stream_options_release($options) {
        self::$impl->aws_crt_input_stream_options_release($options);
    }
    function input_stream_options_set_user_data($options, $user_data) {
        self::$impl->aws_crt_input_stream_options_set_user_data($options, $user_data);
    }
    function input_stream_new($options) {
        return self::$impl->aws_crt_input_stream_new($options);
    }
    function input_stream_release($stream) {
        self::$impl->aws_crt_input_stream_release($stream);
    }
    function input_stream_seek($stream, $offset, $basis) {
        return self::$impl->aws_crt_input_stream_seek($stream, $offset, $basis);
    }
    function input_stream_read($stream, $length) {
        return self::$impl->aws_crt_input_stream_read($stream, $length);
    }
    function input_stream_eof($stream) {
        return self::$impl->aws_crt_input_stream_eof($stream);
    }
    function input_stream_get_length($stream) {
        return self::$impl->aws_crt_input_stream_get_length($stream);
    }
    function http_message_new_from_blob($blob) {
        return self::$impl->aws_crt_http_message_new_from_blob($blob);
    }
    function http_message_to_blob($message) {
        return self::$impl->aws_crt_http_message_to_blob($message);
    }
    function http_message_release($message) {
        self::$impl->aws_crt_http_message_release($message);
    }
    function signing_config_aws_new() {
        return self::$impl->aws_crt_signing_config_aws_new();
    }
    function signing_config_aws_release($signing_config) {
        return self::$impl->aws_crt_signing_config_aws_release($signing_config);
    }
    function signing_config_aws_set_algorithm($signing_config, $algorithm) {
        self::$impl->aws_crt_signing_config_aws_set_algorithm($signing_config, (int)$algorithm);
    }
    function signing_config_aws_set_signature_type($signing_config, $signature_type) {
        self::$impl->aws_crt_signing_config_aws_set_signature_type($signing_config, (int)$signature_type);
    }
    function signing_config_aws_set_credentials_provider($signing_config, $credentials_provider) {
        self::$impl->aws_crt_signing_config_aws_set_credentials_provider($signing_config, $credentials_provider);
    }
    function signing_config_aws_set_region($signing_config, $region) {
        self::$impl->aws_crt_signing_config_aws_set_region($signing_config, $region);
    }
    function signing_config_aws_set_service($signing_config, $service) {
        self::$impl->aws_crt_signing_config_aws_set_service($signing_config, $service);
    }
    function signing_config_aws_set_use_double_uri_encode($signing_config, $use_double_uri_encode) {
        self::$impl->aws_crt_signing_config_aws_set_use_double_uri_encode($signing_config, $use_double_uri_encode);
    }
    function signing_config_aws_set_should_normalize_uri_path($signing_config, $should_normalize_uri_path) {
        self::$impl->aws_crt_signing_config_aws_set_should_normalize_uri_path($signing_config, $should_normalize_uri_path);
    }
    function signing_config_aws_set_omit_session_token($signing_config, $omit_session_token) {
        self::$impl->aws_crt_signing_config_aws_set_omit_session_token($signing_config, $omit_session_token);
    }
    function signing_config_aws_set_signed_body_value($signing_config, $signed_body_value) {
        self::$impl->aws_crt_signing_config_aws_set_signed_body_value($signing_config, $signed_body_value);
    }
    function signing_config_aws_set_signed_body_header_type($signing_config, $signed_body_header_type) {
        self::$impl->aws_crt_signing_config_aws_set_signed_body_header_type($signing_config, $signed_body_header_type);
    }
    function signing_config_aws_set_expiration_in_seconds($signing_config, $expiration_in_seconds) {
        self::$impl->aws_crt_signing_config_aws_set_expiration_in_seconds($signing_config, $expiration_in_seconds);
    }
    function signing_config_aws_set_date($signing_config, $timestamp) {
        self::$impl->aws_crt_signing_config_aws_set_date($signing_config, $timestamp);
    }
    function signing_config_aws_set_should_sign_header_fn($signing_config, $should_sign_header_fn) {
        self::$impl->aws_crt_signing_config_aws_set_should_sign_header_fn($signing_config, $should_sign_header_fn);
    }
    function signable_new_from_http_request($http_message) {
        return self::$impl->aws_crt_signable_new_from_http_request($http_message);
    }
    function signable_new_from_chunk($chunk_stream, $previous_signature) {
        return self::$impl->aws_crt_signable_new_from_chunk($chunk_stream, $previous_signature);
    }
    function signable_new_from_canonical_request($canonical_request) {
        return self::$impl->aws_crt_signable_new_from_canonical_request($canonical_request);
    }
    function signable_release($signable) {
        self::$impl->aws_crt_signable_release($signable);
    }
    function signing_result_release($signing_result) {
        self::$impl->aws_crt_signing_result_release($signing_result);
    }
    function signing_result_apply_to_http_request($signing_result, $http_message) {
        return self::$impl->aws_crt_signing_result_apply_to_http_request(
            $signing_result, $http_message);
    }
    function sign_request_aws($signable, $signing_config, $on_complete, $user_data) {
        return self::$impl->aws_crt_sign_request_aws($signable, $signing_config, $on_complete, $user_data);
    }
    function test_verify_sigv4a_signing($signable, $signing_config, $expected_canonical_request, $signature, $ecc_key_pub_x, $ecc_key_pub_y) {
        return self::$impl->aws_crt_test_verify_sigv4a_signing($signable, $signing_config, $expected_canonical_request, $signature, $ecc_key_pub_x, $ecc_key_pub_y);
    }
    public static function crc32($input, $previous = 0) {
        return self::$impl->aws_crt_crc32($input, $previous);
    }
    public static function crc32c($input, $previous = 0) {
        return self::$impl->aws_crt_crc32c($input, $previous);
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Headers.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Headers.php
@ -0,0 +1,50 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\HTTP;
 use AWS\CRT\Internal\Encoding;
 final class Headers {
    private $headers;
    public function __construct($headers = []) {
        $this->headers = $headers;
    }
    public static function marshall($headers) {
        $buf = "";
        foreach ($headers->headers as $header => $value) {
            $buf .= Encoding::encodeString($header);
            $buf .= Encoding::encodeString($value);
        }
        return $buf;
    }
    public static function unmarshall($buf) {
        $strings = Encoding::readStrings($buf);
        $headers = [];
        for ($idx = 0; $idx < count($strings);) {
            $headers[$strings[$idx++]] = $strings[$idx++];
        }
        return new Headers($headers);
    }
    public function count() {
        return count($this->headers);
    }
    public function get($header) {
        return isset($this->headers[$header]) ? $this->headers[$header] : null;
    }
    public function set($header, $value) {
        $this->headers[$header] = $value;
    }
    public function toArray() {
        return $this->headers;
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Message.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Message.php
@ -0,0 +1,95 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\HTTP;
 use AWS\CRT\NativeResource;
 use AWS\CRT\Internal\Encoding;
 abstract class Message extends NativeResource {
    private $method;
    private $path;
    private $query;
    private $headers;
    public function __construct($method, $path, $query = [], $headers = []) {
        parent::__construct();
        $this->method = $method;
        $this->path = $path;
        $this->query = $query;
        $this->headers = new Headers($headers);
        $this->acquire(self::$crt->http_message_new_from_blob(self::marshall($this)));
    }
    public function __destruct() {
        self::$crt->http_message_release($this->release());
        parent::__destruct();
    }
    public function toBlob() {
        return self::$crt->http_message_to_blob($this->native);
    }
    protected static function marshall($msg) {
        $buf = "";
        $buf .= Encoding::encodeString($msg->method);
        $buf .= Encoding::encodeString($msg->pathAndQuery());
        $buf .= Headers::marshall($msg->headers);
        return $buf;
    }
    protected static function _unmarshall($buf, $class=Message::class) {
        $method = Encoding::readString($buf);
        $path_and_query = Encoding::readString($buf);
        $parts = explode("?", $path_and_query, 2);
        $path = isset($parts[0]) ? $parts[0] : "";
        $query = isset($parts[1]) ? $parts[1] : "";
        $headers = Headers::unmarshall($buf);
        // Turn query params back into a dictionary
        if (strlen($query)) {
            $query = rawurldecode($query);
            $query = explode("&", $query);
            $query = array_reduce($query, function($params, $pair) {
                list($param, $value) = explode("=", $pair, 2);
                $params[$param] = $value;
                return $params;
            }, []);
        } else {
            $query = [];
        }
        return new $class($method, $path, $query, $headers->toArray());
    }
    public function pathAndQuery() {
        $path = $this->path;
        $queries = [];
        foreach ($this->query as $param => $value) {
            $queries []= urlencode($param) . "=" . urlencode($value);
        }
        $query = implode("&", $queries);
        if (strlen($query)) {
            $path = implode("?", [$path, $query]);
        }
        return $path;
    }
    public function method() {
        return $this->method;
    }
    public function path() {
        return $this->path;
    }
    public function query() {
        return $this->query;
    }
    public function headers() {
        return $this->headers;
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Request.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Request.php
@ -0,0 +1,32 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\HTTP;
 use AWS\CRT\IO\InputStream;
 class Request extends Message {
    private $body_stream = null;
    public function __construct($method, $path, $query = [], $headers = [], $body_stream = null) {
        parent::__construct($method, $path, $query, $headers);
        if (!is_null($body_stream) && !($body_stream instanceof InputStream)) {
            throw new \InvalidArgumentException('body_stream must be an instance of ' . InputStream::class);
        }
        $this->body_stream = $body_stream;
    }
    public static function marshall($request) {
        return parent::marshall($request);
    }
    public static function unmarshall($buf) {
        return parent::_unmarshall($buf, Request::class);
    }
    public function body_stream() {
        return $this->body_stream;
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Response.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Response.php
@ -0,0 +1,27 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\HTTP;
 class Response extends Message {
    private $status_code;
    public function __construct($method, $path, $query, $headers, $status_code) {
        parent::__construct($method, $path, $query, $headers);
        $this->status_code = $status_code;
    }
    public static function marshall($response) {
        return parent::marshall($response);
    }
    public static function unmarshall($buf) {
        return parent::_unmarshall($buf, Response::class);
    }
    public function status_code() {
        return $this->status_code;
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/IO/EventLoopGroup.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/IO/EventLoopGroup.php
@ -0,0 +1,39 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\IO;
 use AWS\CRT\NativeResource as NativeResource;
 use AWS\CRT\Options as Options;
 /**
 * Represents 1 or more event loops (1 per thread) for doing I/O and background tasks.
 * Typically, every application has one EventLoopGroup.
 *
 * @param array options:
 * - int num_threads - Number of worker threads in the EventLoopGroup. Defaults to 0/1 per logical core.
 */
 final class EventLoopGroup extends NativeResource {
    static function defaults() {
        return [
            'max_threads' => 0,
        ];
    }
    function __construct(array $options = []) {
        parent::__construct();
        $options = new Options($options, self::defaults());
        $elg_options = self::$crt->event_loop_group_options_new();
        self::$crt->event_loop_group_options_set_max_threads($elg_options, $options->getInt('max_threads'));
        $this->acquire(self::$crt->event_loop_group_new($elg_options));
        self::$crt->event_loop_group_options_release($elg_options);
    }
    function __destruct() {
        self::$crt->event_loop_group_release($this->release());
        parent::__destruct();
    }
 }
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/IO/InputStream.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/IO/InputStream.php
@ -0,0 +1,50 @@
 <?php
 /**
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */
 namespace AWS\CRT\IO;
 use AWS\CRT\NativeResource as NativeResource;
 final class InputStream extends NativeResource {
    private $stream = null;
    const SEEK_BEGIN = 0;
    const SEEK_END = 2;
    public function __construct($stream) {
        parent::__construct();
        $this->stream = $stream;
        $options = self::$crt->input_stream_options_new();
        // The stream implementation in native just converts the PHP stream into
        // a native php_stream* and executes operations entirely in native
        self::$crt->input_stream_options_set_user_data($options, $stream);
        $this->acquire(self::$crt->input_stream_new($options));
        self::$crt->input_stream_options_release($options);
    }
    public function __destruct() {
        $this->release();
        parent::__destruct();
    }
    public function eof() {
        return self::$crt->input_stream_eof($this->native);
    }
    public function length() {
        return self::$crt->input_stream_get_length($this->native);
    }
    public function read($length = 0) {
        if ($length == 0) {
            $length = $this->length();
        }
        return self::$crt->input_stream_read($this->native, $length);
    }
    public function seek($offset, $basis) {
        return self::$crt->input_stream_seek($this->native, $offset, $basis);
    }
 }
--- a/Show more
+++ b/Show more
`@ -1,3 +1,3 @@`
	`#!/bin/bash`	`#!/bin/bash`

	~/.local/bin/codespell --skip '3rdParty,/jodit/,/po/,/locale/,tmp,sess,config,graphics,/style/images/,/style/.gif,/style/.png,/docs/manual-onePage/,/docs/manual-sources/images/,/templates/lib/jquery,/templates/lib/popper,/templates/lib/tippy,/templates/lib/flatpickr,/templates/lib/Sortable,/templates/lib/cropper,~,/docs/phpdoc/,/docs/manual/,/docs/devel/images/,/docs/manual-pdf/,.sh,/cropper.js,/lib/extra/,lam/.phpdoc,lam/composer.' --ignore-words-list "tim,te,pres,files'" lam	~/.local/bin/codespell --skip '3rdParty,/jodit/,/po/,/locale/,tmp,sess,config,graphics,/style/images/,/style/.gif,/style/.png,/docs/manual-onePage/,/docs/manual-sources/images/,/templates/lib/jquery,/templates/lib/popper,/templates/lib/tippy,/templates/lib/flatpickr,/templates/lib/Sortable,/templates/lib/cropper,~,/docs/phpdoc/,/docs/manual/,/docs/devel/images/,/docs/manual-pdf/,.sh,/cropper.js,/templates/lib/sweetalert,/lib/extra/,lam/.phpdoc,lam/composer.*' --ignore-words-list "tim,te,pres,files'" lam
		`@ -0,0 +1 @@`
							`Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.`