refactoring

2025-10-03 09:49:16 +02:00 · 2025-10-02 21:55:55 +02:00 · 2025-10-02 21:17:50 +02:00 · 2025-10-02 21:01:58 +02:00 · 2025-10-02 20:31:39 +02:00 · 2025-09-25 20:34:47 +02:00
3465 changed files with 370047 additions and 269187 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -19,7 +19,7 @@ jobs:
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/autobuild to send a status report
    name: Analyse
-    runs-on: ubuntu-latest
+    runs-on: self-hosted

    steps:
    - name: Harden Runner
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@ -14,7 +14,7 @@ permissions:

 jobs:
  dependency-review:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@ -15,7 +15,7 @@ jobs:
    permissions:
      contents: read  # for actions/checkout to fetch code
      pull-requests: read  # for sonarsource/sonarcloud-github-action to determine which PR to decorate
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted

    steps:
    - name: Harden Runner
@ -29,14 +29,14 @@ jobs:
      uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2
      with:
        php-version: '8.1'
-        extensions: ldap, xdebug, gd, json, xml, curl, zip, mbstring
+        extensions: ldap, xdebug, gd, json, xml, curl, zip, mbstring, imagick, pdo_sqlite

    - name: Validate composer.json and composer.lock
      run: composer validate --strict

    - name: Cache Composer packages
      id: composer-cache
-      uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
      with:
        path: vendor
        key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
--- a/.github/workflows/quality.yml
+++ b/.github/workflows/quality.yml
@ -12,7 +12,7 @@ permissions:
 jobs:
  build:

-    runs-on: ubuntu-22.04
+    runs-on: self-hosted

    steps:
    - name: Harden Runner
@ -26,28 +26,28 @@ jobs:
      uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2
      with:
        php-version: '8.1'
-        extensions: ldap, xdebug, gd, json, xml, curl, zip, mbstring
+        extensions: ldap, xdebug, gd, json, xml, curl, zip, mbstring, imagick, pdo_sqlite

    - name: Validate composer.json and composer.lock
      run: composer validate --strict

    - name: Cache Composer packages
      id: composer-cache
-      uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
      with:
        path: vendor
-        key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+        key: ${{ runner.os }}-quality-${{ hashFiles('**/composer.lock') }}
        restore-keys: |
-          ${{ runner.os }}-php-
+          ${{ runner.os }}-quality-

    - name: PHP Version
      run: php --version

    - name: Install dependencies
-      run: composer install --prefer-dist --no-progress
+      run: composer install --no-progress

    - name: Install CodeSpell
-      run: pip install --user codespell
+      run: pipx install codespell

    - name: CodeSpell
      run: ./codespell.sh
@ -56,7 +56,7 @@ jobs:
      run: ./vendor/bin/phpstan -V

    - name: PHPStan
-      run: ./vendor/bin/phpstan --xdebug
+      run: ./vendor/bin/phpstan

    - name: Rector
      run: ./vendor/bin/rector process --dry-run
--- a/Readme.md
+++ b/Readme.md
@ -25,4 +25,4 @@ There are two modules. Usually, you only need the files inside "lam".
 LAM is published under the GNU General Public License.
 The complete list of licenses can be found in the copyright file.

-Copyright (C) 2003 - 2024 Roland Gruber <post@rolandgruber.de>
+Copyright (C) 2003 - 2025 Roland Gruber <post@rolandgruber.de>
--- a/codespell.sh
+++ b/codespell.sh
@ -1,3 +1,3 @@
 #!/bin/bash

-~/.local/bin/codespell --skip '*3rdParty*,*/jodit/*,*/po/*,*/locale/*,tmp,sess,config,graphics,*/style/images/*,*/style/*.gif,*/style/*.png,*/docs/manual-onePage/*,*/docs/manual-sources/images/*,*/templates/lib/*jquery*,*/templates/lib/*popper*,*/templates/lib/*tippy*,*/templates/lib/*flatpickr*,*/templates/lib/*Sortable*,*/templates/lib/*cropper*,*~,*/docs/phpdoc/*,*/docs/manual/*,*/docs/devel/images/*,*/docs/manual-pdf/*,*.sh,*/cropper.js,*/lib/extra/*,lam/.phpdoc,lam/composer.*' --ignore-words-list "tim,te,pres,files'" lam
+~/.local/bin/codespell --skip '*3rdParty*,*/jodit/*,*/po/*,*/locale/*,tmp,sess,config,graphics,*/style/images/*,*/style/*.gif,*/style/*.png,*/docs/manual-onePage/*,*/docs/manual-sources/images/*,*/templates/lib/*jquery*,*/templates/lib/*popper*,*/templates/lib/*tippy*,*/templates/lib/*flatpickr*,*/templates/lib/*Sortable*,*/templates/lib/*cropper*,*~,*/docs/phpdoc/*,*/docs/manual/*,*/docs/devel/images/*,*/docs/manual-pdf/*,*.sh,*/cropper.js,*/templates/lib/*sweetalert*,*/lib/extra/*,lam/.phpdoc,lam/composer.*' --ignore-words-list "tim,te,pres,files'" lam
--- a/composer.json
+++ b/composer.json
@ -3,9 +3,8 @@
  "description": "LDAP Account Manager",
  "require-dev" : {
    "phpunit/phpunit" : "9.5.21",
-    "squizlabs/php_codesniffer" : "3.4.0",
-    "phpstan/phpstan": "^1.10",
-    "rector/rector": "^1",
+    "phpstan/phpstan": "^2",
+    "rector/rector": "^2",
    "cyclonedx/cyclonedx-php-composer": "^5.0"
  },
  "require": {
@ -13,7 +12,14 @@
    "ext-json": "*",
    "ext-pdo": "*",
    "ext-xmlreader": "*",
-    "ext-zip": "*"
+    "ext-zip": "*",
+    "ext-gd": "*",
+    "ext-imagick": "*",
+    "ext-gettext": "*",
+    "ext-curl": "*",
+    "ext-openssl": "*",
+    "ext-xmlwriter": "*",
+    "ext-iconv": "*"
  },
  "scripts": {
    "test": "vendor/bin/phpunit"
--- a/lam-packaging/RPM/ldap-account-manager.spec
+++ b/lam-packaging/RPM/ldap-account-manager.spec
@ -112,11 +112,6 @@ if [ ! -f /var/lib/%{lam_dir}/config/config.cfg ]; then
 	cp /var/lib/%{lam_dir}/config/config.cfg.sample /var/lib/%{lam_dir}/config/config.cfg
 	chmod 600 /var/lib/%{lam_dir}/config/config.cfg
 	chown %{lam_uid}:%{lam_gid} /var/lib/%{lam_dir}/config/config.cfg
-	if [ ! -f /var/lib/%{lam_dir}/config/lam.conf ]; then
-		cp /var/lib/%{lam_dir}/config/unix.sample.conf /var/lib/%{lam_dir}/config/lam.conf
-		chmod 600 /var/lib/%{lam_dir}/config/lam.conf
-		chown %{lam_uid}:%{lam_gid} /var/lib/%{lam_dir}/config/lam.conf
-	fi
 fi
 for server in apache2 httpd nginx; do
    if [ `which systemctl 2< /dev/null` ]; then
--- a/lam-packaging/buildPackages
+++ b/lam-packaging/buildPackages
@ -30,7 +30,7 @@ function minify {
 	for file in $files; do
 		jsFiles="$jsFiles $file"
 	done
-	uglifyjs -o $outFile $jsFiles
+	terser $jsFiles -o $outFile
 	rm $files
 	# add final new line to supress Debian warnings
 	echo "" >> $outFile
--- a/lam-packaging/debian/README.Debian
+++ b/lam-packaging/debian/README.Debian
@ -14,10 +14,16 @@ Configuration:
  All settings can be edited via the webfrontend. Please
  point your browser to the LAM start page and then select
  "LAM configuration".
-  The default password for the configuration is "lam".


 Lamdaemon:

 If you want to use the lamdaemon you need to install the
 package ldap-account-manager-lamdaemon on the target machine.
+
+
+Packaging:
+
+The Debian's orig.tar.bz2 file differs from the tar.bz2 files that are provided upstream.
+While the upstream files contain minified CSS and JS files, the Debian orig.tar.bz2 file
+contains the sources and minifies during Debian package build.
--- a/lam-packaging/debian/changelog
+++ b/lam-packaging/debian/changelog
@ -1,8 +1,32 @@
-ldap-account-manager (9.0.RC1-1) unstable; urgency=medium
+ldap-account-manager (9.3-1) unstable; urgency=medium

  * new upstream release

- -- Roland Gruber <post@rolandgruber.de>  Wed, 04 Dec 2024 07:23:11 +0200
+ -- Roland Gruber <post@rolandgruber.de>  Mon, 15 Sep 2025 07:11:26 +0200
+
+ldap-account-manager (9.2-1) unstable; urgency=medium
+
+  * new upstream release
+  * Fix "Please upgrade to upstream release >= 9.1" by packaging
+      new version (Closes: #1100719)
+
+ -- Roland Gruber <post@rolandgruber.de>  Fri, 06 Jun 2025 07:41:13 +0200
+
+ldap-account-manager (9.1-1) unstable; urgency=medium
+
+  * new upstream release
+
+ -- Roland Gruber <post@rolandgruber.de>  Thu, 13 Mar 2025 07:36:27 +0200
+
+ldap-account-manager (9.0-1) unstable; urgency=medium
+
+  * new upstream release
+  * Fix "ldap-account-manager: CVE-2024-52792" by using
+      new file format (Closes: #1090934)
+  * Fix "Please allow recent php-monolog (>= 3)" by using
+      different dependencies (Closes: #1076835)
+
+ -- Roland Gruber <post@rolandgruber.de>  Tue, 17 Dec 2024 19:23:11 +0200

 ldap-account-manager (8.9-1) unstable; urgency=medium

--- a/lam-packaging/debian/control
+++ b/lam-packaging/debian/control
@ -2,8 +2,8 @@ Source: ldap-account-manager
 Maintainer: Roland Gruber <post@rolandgruber.de>
 Section: web
 Priority: optional
-Standards-Version: 4.7.0
-Build-Depends: debhelper (>= 12), debhelper-compat (= 12), po-debconf, cleancss (>= 5.2), uglifyjs (>= 3.12)
+Standards-Version: 4.7.2
+Build-Depends: debhelper (>= 12), debhelper-compat (= 12), po-debconf, cleancss (>= 5.2), terser (>= 5.0)
 Homepage: https://www.ldap-account-manager.org/
 Rules-Requires-Root: binary-targets

@ -11,16 +11,15 @@ Package: ldap-account-manager
 Architecture: all
 Depends: php (>= 8.1), php-ldap,
 php-gd | php-imagick,
- php-json, php-curl,
+ php-json, php-curl, php-sqlite3, php-mysql,
 php-zip, php-xml, php-gmp, php-mbstring,
 libapache2-mod-php | libapache2-mod-fcgid | php-fpm,
 apache2 (>= 2.4.0) | httpd,
 gettext, fonts-dejavu,
- libjs-jquery-jstree (>= 3.3.0),
 php-phpseclib3, php-monolog,
- php-voku-portable-ascii (<< 3.0), libphp-phpmailer (<< 7.0),
+ libphp-phpmailer (<< 7.0),
 debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
-Recommends: php-opcache
+Recommends: php-opcache, php-apcu
 Suggests: ldap-server, php-mcrypt, ldap-account-manager-lamdaemon, perl
 Conflicts: libapache2-mod-php5, php5, php5-fpm
 Description: webfrontend for managing accounts in an LDAP directory
--- a/lam-packaging/debian/copyright
+++ b/lam-packaging/debian/copyright
@ -1,4 +1,4 @@
-This software is copyright (c) 2003 - 2024 by Roland Gruber
+This software is copyright (c) 2003 - 2025 by Roland Gruber

 If you purchased a copy of LDAP Account Manager Pro then the following
 files are licensed under the conditions which you accepted at purchase
@ -17,6 +17,8 @@ time.
 * lib/modules/automount.inc
 * lib/modules/bindDLZ.inc
 * lib/modules/bindDLZXfr.inc
+* lib/modules/bindDyndbRecord.inc
+* lib/modules/bindDyndbZone.inc
 * lib/modules/customBaseType.inc
 * lib/modules/customFields.inc
 * lib/modules/customScripts.inc
@ -56,6 +58,7 @@ time.
 * lib/modules/rfc2307bisAutomount.inc
 * lib/modules/rfc2307bisPosixGroup.inc
 * lib/modules/selfRegistration.inc
+* lib/modules/simpleSecurityObject.inc
 * lib/modules/sudoRole.inc
 * lib/modules/uidObject.inc
 * lib/modules/webauthn.inc
@ -64,6 +67,7 @@ time.
 * lib/types/alias.inc
 * lib/types/automountType.inc
 * lib/types/bind.inc
+* lib/types/bindDyndbType.inc
 * lib/types/customType.inc
 * lib/types/gon.inc
 * lib/types/kopanoAddressListType.inc
@ -94,7 +98,7 @@ All other files are licensed under the conditions below.


 The complete license can be found in the file COPYING or in
-/usr/share/common-licenses/GPL-3.
+/usr/share/common-licenses/GPL-3 (Debian/Ubuntu).


 Some parts of this package have other, compatible licences. These are:
@ -408,33 +412,6 @@ D:


 E:
-  Duo
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above copyright
-     notice, this list of conditions and the following disclaimer.
-  2. Redistributions in binary form must reproduce the above copyright
-     notice, this list of conditions and the following disclaimer in the
-     documentation and/or other materials provided with the distribution.
-  3. The name of the author may not be used to endorse or promote products
-     derived from this software without specific prior written permission.
-
-  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-  IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-  OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-F:
  3-Clause BSD License

  Redistribution and use in source and binary forms, with or without
@ -463,7 +440,7 @@ F:
  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


-G:
+F:
  2-Clause BSD License

  Redistribution and use in source and binary forms, with or without modification,
@ -487,38 +464,8 @@ G:
  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  POSSIBILITY OF SUCH DAMAGE.

-H:
-  3-Clause BSD License

-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-      copyright notice, this list of conditions and the following
-      disclaimer in the documentation and/or other materials provided
-      with the distribution.
-
-    * Neither the name of the copyright holder nor the names of its
-      contributors may be used to endorse or promote products derived
-      from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-I:
+G:
                  GNU LESSER GENERAL PUBLIC LICENSE
                       Version 2.1, February 1999

@ -973,217 +920,199 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.


-J:
-Apache 2.0
+H:
+  Apache License 2.0

 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

-1. Definitions.
+## 1. Definitions.

-"License" shall mean the terms and conditions for use, reproduction, and
-distribution as defined by Sections 1 through 9 of this document.
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1
+through 9 of this document.

-"Licensor" shall mean the copyright owner or entity authorized by the copyright
-owner that is granting the License.
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the
+License.

-"Legal Entity" shall mean the union of the acting entity and all other entities
-that control, are controlled by, or are under common control with that entity.
-For the purposes of this definition, "control" means (i) the power, direct or
-indirect, to cause the direction or management of such entity, whether by
-contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
-outstanding shares, or (iii) beneficial ownership of such entity.
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled
+by, or are under common control with that entity. For the purposes of this definition, "control" means
+(i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract
+or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
+ownership of such entity.

-You" (or "Your") shall mean an individual or Legal Entity exercising
-permissions granted by this License.
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.

-"Source" form shall mean the preferred form for making modifications, including
-but not limited to software source code, documentation source, and
-configuration files.
+"Source" form shall mean the preferred form for making modifications, including but not limited to software
+source code, documentation source, and configuration files.

-"Object" form shall mean any form resulting from mechanical transformation or
-translation of a Source form, including but not limited to compiled object
-code, generated documentation, and conversions to other media types.
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form,
+including but not limited to compiled object code, generated documentation, and conversions to other media
+types.

-"Work" shall mean the work of authorship, whether in Source or Object form,
-made available under the License, as indicated by a copyright notice that is
-included in or attached to the work (an example is provided in the Appendix
-below).
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License,
+as indicated by a copyright notice that is included in or attached to the work (an example is provided in the
+Appendix below).

-"Derivative Works" shall mean any work, whether in Source or Object form, that
-is based on (or derived from) the Work and for which the editorial revisions,
-annotations, elaborations, or other modifications represent, as a whole, an
-original work of authorship. For the purposes of this License, Derivative Works
-shall not include works that remain separable from, or merely link (or bind by
-name) to the interfaces of, the Work and Derivative Works thereof.
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from)
+the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent,
+as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not
+include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work
+and Derivative Works thereof.

-"Contribution" shall mean any work of authorship, including the original
-version of the Work and any modifications or additions to that Work or
-Derivative Works thereof, that is intentionally submitted to Licensor for
-inclusion in the Work by the copyright owner or by an individual or Legal
-Entity authorized to submit on behalf of the copyright owner. For the purposes
-of this definition, "submitted" means any form of electronic, verbal, or
-written communication sent to the Licensor or its representatives, including
-but not limited to communication on electronic mailing lists, source code
-control systems, and issue tracking systems that are managed by, or on behalf
-of, the Licensor for the purpose of discussing and improving the Work, but
-excluding communication that is conspicuously marked or otherwise designated in
-writing by the copyright owner as "Not a Contribution."
+"Contribution" shall mean any work of authorship, including the original version of the Work and any
+modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to
+Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to
+submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of
+electronic, verbal, or written communication sent to the Licensor or its representatives, including but not
+limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
+that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but
+excluding communication that is conspicuously marked or otherwise designated in writing by the copyright
+owner as "Not a Contribution."

-"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
-of whom a Contribution has been received by Licensor and subsequently
-incorporated within the Work.
-2. Grant of Copyright License. Subject to the terms and conditions of this
-License, each Contributor hereby grants to You a perpetual, worldwide,
-non-exclusive, no-charge, royalty-free, irrevocable copyright license to
-reproduce, prepare Derivative Works of, publicly display, publicly perform,
-sublicense, and distribute the Work and such Derivative Works in Source or
-Object form.
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been
+received by Licensor and subsequently incorporated within the Work.

-3. Grant of Patent License. Subject to the terms and conditions of this
-License, each Contributor hereby grants to You a perpetual, worldwide,
-non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this
-section) patent license to make, have made, use, offer to sell, sell, import,
-and otherwise transfer the Work, where such license applies only to those
-patent claims licensable by such Contributor that are necessarily infringed by
-their Contribution(s) alone or by combination of their Contribution(s) with the
-Work to which such Contribution(s) was submitted. If You institute patent
-litigation against any entity (including a cross-claim or counterclaim in a
-lawsuit) alleging that the Work or a Contribution incorporated within the Work
-constitutes direct or contributory patent infringement, then any patent
-licenses granted to You under this License for that Work shall terminate as of
-the date such litigation is filed.
+## 2. Grant of Copyright License.

-4. Redistribution. You may reproduce and distribute copies of the Work or
-Derivative Works thereof in any medium, with or without modifications, and in
-Source or Object form, provided that You meet the following conditions:
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
+Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.

-(a) You must give any other recipients of the Work or Derivative Works a copy
-of this License; and
+## 3. Grant of Patent License.

-(b) You must cause any modified files to carry prominent notices stating that
-You changed the files; and
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent
+license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
+license applies only to those patent claims licensable by such Contributor that are necessarily infringed by
+their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such
+Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim
+or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
+constitutes direct or contributory patent infringement, then any patent licenses granted to You under this
+License for that Work shall terminate as of the date such litigation is filed.

-(c) You must retain, in the Source form of any Derivative Works that You
-distribute, all copyright, patent, trademark, and attribution notices from the
-Source form of the Work, excluding those notices that do not pertain to any
-part of the Derivative Works; and
+## 4. Redistribution.

-(d) If the Work includes a "NOTICE" text file as part of its distribution, then
-any Derivative Works that You distribute must include a readable copy of the
-attribution notices contained within such NOTICE file, excluding those notices
-that do not pertain to any part of the Derivative Works, in at least one of the
-following places: within a NOTICE text file distributed as part of the
-Derivative Works; within the Source form or documentation, if provided along
-with the Derivative Works; or, within a display generated by the Derivative
-Works, if and wherever such third-party notices normally appear. The contents
-of the NOTICE file are for informational purposes only and do not modify the
-License. You may add Your own attribution notices within Derivative Works that
-You distribute, alongside or as an addendum to the NOTICE text from the Work,
-provided that such additional attribution notices cannot be construed as
-modifying the License.
+You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without
+modifications, and in Source or Object form, provided that You meet the following conditions:

-You may add Your own copyright statement to Your modifications and may provide
-additional or different license terms and conditions for use, reproduction, or
-distribution of Your modifications, or for any such Derivative Works as a
-whole, provided Your use, reproduction, and distribution of the Work otherwise
-complies with the conditions stated in this License.
+   1. You must give any other recipients of the Work or Derivative Works a copy of this License; and

-5. Submission of Contributions. Unless You explicitly state otherwise, any
-Contribution intentionally submitted for inclusion in the Work by You to the
-Licensor shall be under the terms and conditions of this License, without any
-additional terms or conditions. Notwithstanding the above, nothing herein shall
-supersede or modify the terms of any separate license agreement you may have
-executed with Licensor regarding such Contributions.
+   2. You must cause any modified files to carry prominent notices stating that You changed the files; and

-6. Trademarks. This License does not grant permission to use the trade names,
-trademarks, service marks, or product names of the Licensor, except as required
-for reasonable and customary use in describing the origin of the Work and
+   3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent,
+	  trademark, and attribution notices from the Source form of the Work, excluding those notices that do
+	  not pertain to any part of the Derivative Works; and
+
+   4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that
+	  You distribute must include a readable copy of the attribution notices contained within such NOTICE
+	  file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one
+	  of the following places: within a NOTICE text file distributed as part of the Derivative Works; within
+	  the Source form or documentation, if provided along with the Derivative Works; or, within a display
+	  generated by the Derivative Works, if and wherever such third-party notices normally appear. The
+	  contents of the NOTICE file are for informational purposes only and do not modify the License. You may
+	  add Your own attribution notices within Derivative Works that You distribute, alongside or as an
+	  addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be
+	  construed as modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide additional or different license
+terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative
+Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the
+conditions stated in this License.
+
+## 5. Submission of Contributions.
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by
+You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
+conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate
+license agreement you may have executed with Licensor regarding such Contributions.
+
+## 6. Trademarks.
+
+This License does not grant permission to use the trade names, trademarks, service marks, or product names of
+the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
 reproducing the content of the NOTICE file.

-7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
-writing, Licensor provides the Work (and each Contributor provides its
-Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied, including, without limitation, any warranties
-or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-PARTICULAR PURPOSE. You are solely responsible for determining the
-appropriateness of using or redistributing the Work and assume any risks
-associated with Your exercise of permissions under this License.
+## 7. Disclaimer of Warranty.

-8. Limitation of Liability. In no event and under no legal theory, whether in
-tort (including negligence), contract, or otherwise, unless required by
-applicable law (such as deliberate and grossly negligent acts) or agreed to in
-writing, shall any Contributor be liable to You for damages, including any
-direct, indirect, special, incidental, or consequential damages of any
-character arising as a result of this License or out of the use or inability to
-use the Work (including but not limited to damages for loss of goodwill, work
-stoppage, computer failure or malfunction, or any and all other commercial
-damages or losses), even if such Contributor has been advised of the
-possibility of such damages.
+Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor
+provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
+MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.

-9. Accepting Warranty or Additional Liability. While redistributing the Work or
-Derivative Works thereof, You may choose to offer, and charge a fee for,
-acceptance of support, warranty, indemnity, or other liability obligations
-and/or rights consistent with this License. However, in accepting such
-obligations, You may act only on Your own behalf and on Your sole
-responsibility, not on behalf of any other Contributor, and only if You agree
-to indemnify, defend, and hold each Contributor harmless for any liability
-incurred by, or claims asserted against, such Contributor by reason of your
-accepting any such warranty or additional liability.
+## 8. Limitation of Liability.

+In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless
+required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any
+Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential
+damages of any character arising as a result of this License or out of the use or inability to use the Work
+(including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has been advised of the possibility
+of such damages.

+## 9. Accepting Warranty or Additional Liability.
+
+While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for,
+acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this
+License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole
+responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold
+each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason
+of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS


 Programs and licenses with other licenses and/or authors than the
 main license and authors:

-graphics/webauthn.svg                                                F  2017  Duo Security, Inc.
-lib/3rdParty/composer/beberlei                                       G  2013  Benjamin Eberlei
-lib/3rdParty/composer/brick                                          B        Benjamin Morel
-lib/3rdParty/composer/carbonphp                                      B  2023  Carbon
-lib/3rdParty/composer/christian-riesen                               B        Christian Riesen
-lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano
-lib/3rdParty/composer/doctrine                                       B        Doctrine Project
-lib/3rdParty/composer/duo                                            E        Cisco Systems, Inc. and/or its affiliates
-lib/3rdParty/composer/facile-it                                      B        Thomas Vargiu
-lib/3rdParty/composer/fgrosse                                        B  2015  Friedrich Große
-lib/3rdParty/composer/firebase                                       F  2011  Neuman Vong
-lib/3rdParty/composer/guzzlehttp                                     B  2015  Michael Dowling
-lib/3rdParty/composer/http-interop                                   B  2016  Woody Gilk
-lib/3rdParty/composer/illuminate                                     B        Taylor Otwell
-lib/3rdParty/composer/nesbot                                         B        Brian Nesbitt
-lib/3rdParty/composer/monolog                                        B  2011  Jordi Boggiano
-lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises
-lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team
-lib/3rdParty/composer/phpmailer                                      I
-lib/3rdParty/composer/phpseclib                                      B  2019  TerraFrost and other contributors
-lib/3rdParty/composer/psr                                            B        PHP Framework Interoperability Group
-lib/3rdParty/composer/ralouphie                                      B  2014  Ralph Khattar
-lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs
-lib/3rdParty/composer/symfony                                        B  2022  Fabien Potencier
-lib/3rdParty/composer/thecodingmachine                               B        TheCodingMachine
-lib/3rdParty/composer/voku                                           B  2019 Lars Moelleken
-lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs
-lib/3rdParty/composer/web-token                                      B        Florent Morselli
-lib/3rdParty/composer/webklex                                        B  2016  Webklex
-lib/3rdParty/tcpdf                                                   D  2022  Nicola Asuni - Tecnick.com LTD
-lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah
-lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB
-style/010_normalize.css                                              B        Nicolas Gallagher and Jonathan Neal
-style/050_grid.css                                                   B
-templates/lib/*jquery*.js                                            B  2018  jQuery Foundation and other contributors
-templates/lib/*popper*.js                                            B
-templates/lib/*tippy*.js                                             B  2021  atomiks
-templates/lib/*flatpickr*.js                                         B  2017  Gregory Petrosyan
-style/600_flatpickr.css                                              B  2017  Gregory Petrosyan
-templates/lib/*sweetalert2*.js                                       B
-style/*sweetalert2*.css                                              B
-templates/lib/cropper*.js                                            B  2018  Chen Fengyuan
-style/600_cropper*.css                                               B  2018  Chen Fengyuan
-templates/lib/extra/jodit                                            B        Chupurnov
-templates/lib/extra/friendlyCaptcha                                  B
-templates/lib/400_Sortable*.js                                       B        RubaXa, owenm
-templates/lib/extra/jstree/*                                         B  2014  Ivan Bozhanov
-style/jstree/*                                                       B  2014  Ivan Bozhanov
-templates/lib/extra/qrcode/*                                         B  2009  Kazuhiko Arase
-templates/lib/extra/tabulator/*                                      B  2024  Oliver Folkerd
-style/tabulator/*                                                    B  2024  Oliver Folkerd
+graphics/webauthn.svg                                                E  2017  Duo Security, Inc.                             https://github.com/duo-labs/webauthn.io
+lib/3rdParty/composer/aws                                            H        Amazon Web Services                            https://github.com/aws/aws-sdk-php, https://github.com/awslabs/aws-crt-php
+lib/3rdParty/composer/brick                                          B        Benjamin Morel                                 https://github.com/brick/math
+lib/3rdParty/composer/carbonphp                                      B  2023  Carbon                                         https://github.com/CarbonPHP/carbon-doctrine-types
+lib/3rdParty/composer/christian-riesen                               B        Christian Riesen                               https://github.com/ChristianRiesen/base32
+lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano                  https://github.com/composer/composer
+lib/3rdParty/composer/doctrine                                       B        Doctrine Project                               https://github.com/doctrine
+lib/3rdParty/composer/duosecurity                                    E        Cisco Systems, Inc. and/or its affiliates      https://github.com/duosecurity/duo_universal_php
+lib/3rdParty/composer/facile-it                                      B        Thomas Vargiu                                  https://github.com/facile-it
+lib/3rdParty/composer/firebase                                       E  2011  Neuman Vong                                    https://github.com/firebase/php-jwt
+lib/3rdParty/composer/guzzlehttp                                     B  2015  Michael Dowling                                https://github.com/guzzle/psr7
+lib/3rdParty/composer/http-interop                                   B  2016  Woody Gilk                                     https://github.com/http-interop/http-factory-guzzle
+lib/3rdParty/composer/illuminate                                     B        Taylor Otwell                                  https://github.com/illuminate
+lib/3rdParty/composer/lcobucci                                       B  2017  Luís Cobucci                                   https://github.com/lcobucci/clock
+lib/3rdParty/composer/monolog                                        B  2011  Jordi Boggiano                                 https://github.com/Seldaek/monolog
+lib/3rdParty/composer/mtdowling                                      B  2014  Michael Dowling                                https://github.com/jmespath/jmespath.php
+lib/3rdParty/composer/nesbot                                         B        Brian Nesbitt                                  https://github.com/CarbonPHP/carbon
+lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises                 https://github.com/paragonie
+lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team                                  https://github.com/php-http/discovery
+lib/3rdParty/composer/phpmailer                                      G                                                       https://github.com/PHPMailer/PHPMailer
+lib/3rdParty/composer/phpseclib                                      B  2019  TerraFrost and other contributors              https://github.com/phpseclib/phpseclib
+lib/3rdParty/composer/psr                                            B        PHP Framework Interoperability Group           https://github.com/php-fig
+lib/3rdParty/composer/ralouphie                                      B  2014  Ralph Khattar                                  https://github.com/ralouphie/getallheaders
+lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs                                    https://github.com/Spomky-Labs
+lib/3rdParty/composer/symfony                                        B  2022  Fabien Potencier                               https://github.com/symfony
+lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs                                    https://github.com/web-auth
+lib/3rdParty/composer/web-token                                      B        Florent Morselli                               https://github.com/web-token
+lib/3rdParty/composer/webklex                                        B  2016  Webklex                                        https://github.com/Webklex/php-imap
+lib/3rdParty/tcpdf                                                   D  2022  Nicola Asuni - Tecnick.com LTD                 https://github.com/tecnickcom/TCPDF
+lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah   https://github.com/dejavu-fonts/dejavu-fonts
+lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB                                      https://github.com/Yubico/php-yubico
+style/010_normalize.css                                              B        Nicolas Gallagher and Jonathan Neal            https://github.com/csstools/normalize.css
+style/050_grid.css                                                   B                                                       https://foundation.zurb.com/sites/docs/v/5.5.3/components/grid.html
+templates/lib/*popper*.js                                            B                                                       https://github.com/floating-ui/floating-ui
+templates/lib/*tippy*.js                                             B  2021  atomiks                                        https://github.com/atomiks/tippyjs
+templates/lib/*flatpickr*.js                                         B  2017  Gregory Petrosyan                              https://github.com/flatpickr/flatpickr
+style/600_flatpickr.css                                              B  2017  Gregory Petrosyan                              https://github.com/flatpickr/flatpickr
+templates/lib/*sweetalert2*.js                                       B                                                       https://github.com/sweetalert2/sweetalert2
+style/*sweetalert2*.css                                              B                                                       https://github.com/sweetalert2/sweetalert2
+templates/lib/410_cropper*.js                                        B  2018  Chen Fengyuan                                  https://github.com/fengyuanchen/cropperjs
+style/600_cropper*.css                                               B  2018  Chen Fengyuan                                  https://github.com/fengyuanchen/cropperjs
+templates/lib/extra/jodit                                            B        Chupurnov                                      https://github.com/xdan/jodit/
+templates/lib/extra/friendlyCaptcha                                  B                                                       https://github.com/FriendlyCaptcha/friendly-challenge
+templates/lib/400_Sortable*.js                                       B        RubaXa, owenm                                  https://github.com/SortableJS/Sortable
+templates/lib/extra/qrcode/*                                         B  2009  Kazuhiko Arase                                 https://github.com/kazuhikoarase/qrcode-generator
+templates/lib/extra/tabulator/*                                      B  2024  Oliver Folkerd                                 https://github.com/olifolkerd/tabulator/
+style/tabulator/*                                                    B  2024  Oliver Folkerd                                 https://github.com/olifolkerd/tabulator/
+templates/lib/extra/wunderbaum/*                                     B  2024  Martin Wendt                                   https://github.com/mar10/wunderbaum
+style/wunderbaum/*                                                   B  2024  Martin Wendt                                   https://github.com/mar10/wunderbaum
+style/bootstrap-icons/*                                              B  2024  The Bootstrap Authors                          https://icons.getbootstrap.com/
--- a/lam-packaging/debian/ldap-account-manager.links
+++ b/lam-packaging/debian/ldap-account-manager.links
@ -0,0 +1,8 @@
+/usr/share/doc/ldap-account-manager/docs /usr/share/ldap-account-manager/docs
+/etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg
+/usr/share/php/phpseclib3 /usr/share/ldap-account-manager/lib/3rdParty/composer/phpseclib/phpseclib/phpseclib
+/usr/share/php/Monolog /usr/share/ldap-account-manager/lib/3rdParty/composer/monolog/monolog/src/Monolog
+/usr/share/php/libphp-phpmailer /usr/share/ldap-account-manager/lib/3rdParty/composer/phpmailer/phpmailer
+/var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
+/var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
+/var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
--- a/lam-packaging/debian/minify
+++ b/lam-packaging/debian/minify
@ -8,7 +8,7 @@ if [ ! -e $outFile ]; then
 	for file in $files; do
 		jsFiles="$jsFiles $file"
 	done
-	uglifyjs -o $outFile $jsFiles
+	terser $jsFiles -o $outFile
 	rm $files
 	# add final new line to supress Debian warnings
 	echo "" >> $outFile
--- a/lam-packaging/debian/postinst
+++ b/lam-packaging/debian/postinst
@ -9,26 +9,6 @@ fi
 . /usr/share/debconf/confmodule
 db_version 2.0 || [ $? -lt 30 ]

-# 3rd party libs
-jsThirdPartyLibs='jstree'
-for jsThirdPartyLib in $jsThirdPartyLibs; do
-	if [ ! -L /usr/share/ldap-account-manager/templates/lib/extra/${jsThirdPartyLib} ] ; then
-		ln -s /usr/share/javascript/${jsThirdPartyLib} /usr/share/ldap-account-manager/templates/lib/extra/${jsThirdPartyLib}
-	fi
-done
-if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/composer/phpseclib/phpseclib/phpseclib ] ; then
-	ln -s /usr/share/php/phpseclib3 /usr/share/ldap-account-manager/lib/3rdParty/composer/phpseclib/phpseclib/phpseclib
-fi
-if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/composer/monolog/monolog/src/Monolog ] ; then
-	ln -s /usr/share/php/Monolog /usr/share/ldap-account-manager/lib/3rdParty/composer/monolog/monolog/src/Monolog
-fi
-if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/composer/voku/portable-ascii/src/voku ] ; then
-	ln -s /usr/share/php/voku /usr/share/ldap-account-manager/lib/3rdParty/composer/voku/portable-ascii/src/voku
-fi
-if [ ! -L /usr/share/ldap-account-manager/lib/3rdParty/composer/phpmailer/phpmailer ] ; then
-	ln -s /usr/share/php/libphp-phpmailer /usr/share/ldap-account-manager/lib/3rdParty/composer/phpmailer/phpmailer
-fi
-
 cd /usr/share/ldap-account-manager/config-samples/profiles
 files=`ls -a default.*`
 for file in $files; do
@ -51,15 +31,7 @@ for file in $files; do
 	cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
 	chown www-data /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
 done
-if [ ! -h /usr/share/ldap-account-manager/config ]; then
-  ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
-fi
-if [ ! -h /usr/share/ldap-account-manager/sess ]; then
-  ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
-fi
-if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
-  ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
-fi
+
 chmod 700 /var/lib/ldap-account-manager/config
 chmod 700 /var/lib/ldap-account-manager/tmp
 chmod 700 /var/lib/ldap-account-manager/sess
--- a/lam-packaging/debian/rules
+++ b/lam-packaging/debian/rules
@ -51,7 +51,6 @@ install:
 	cp -r lib/3rdParty/composer debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
 	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/composer/phpseclib/phpseclib/phpseclib
 	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/composer/monolog/monolog/src/Monolog
-	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/composer/voku/portable-ascii/src/voku
 	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/composer/phpmailer/phpmailer
 	cp -r lib/3rdParty/yubico debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
 	cp -r lib/3rdParty/tcpdf debian/ldap-account-manager/usr/share/ldap-account-manager/lib/3rdParty/
@ -60,7 +59,6 @@ install:
 	install -D --mode=644 sess/.htaccess debian/ldap-account-manager/var/lib/ldap-account-manager/sess/.htaccess
 	cp -r style debian/ldap-account-manager/usr/share/ldap-account-manager/
 	cp -r templates debian/ldap-account-manager/usr/share/ldap-account-manager/
-	rm -r debian/ldap-account-manager/usr/share/ldap-account-manager/templates/lib/extra/jstree

 	install -D --mode=755 lib/lamdaemon.pl debian/ldap-account-manager-lamdaemon/usr/share/ldap-account-manager/lib/lamdaemon.pl
 	install -D --mode=755 debian/README-lamdaemon.Debian debian/ldap-account-manager-lamdaemon/usr/share/doc/ldap-account-manager-lamdaemon/README.Debian
@ -77,12 +75,11 @@ binary-indep: build install
 	dh_install
 	dh_compress
 	dh_fixperms
-	dh_link /usr/share/doc/ldap-account-manager/docs /usr/share/ldap-account-manager/docs
 	install -D --mode=644 debian/lam.apache.conf debian/ldap-account-manager/etc/ldap-account-manager/apache.conf
 	install -D --mode=644 debian/lam.nginx.conf debian/ldap-account-manager/etc/ldap-account-manager/nginx.conf
 	install -D --mode=644 config/config.cfg.sample debian/ldap-account-manager/etc/ldap-account-manager/config.cfg
+	dh_link
 	chown www-data debian/ldap-account-manager/etc/ldap-account-manager/config.cfg
-	dh_link /etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg
 	chown www-data debian/ldap-account-manager/etc/ldap-account-manager/config.cfg
 	chown -R www-data debian/ldap-account-manager/var/lib/ldap-account-manager/config
 	chown www-data debian/ldap-account-manager/var/lib/ldap-account-manager/tmp
--- a/lam-packaging/docker/.env
+++ b/lam-packaging/docker/.env
@ -15,10 +15,12 @@ LDAP_GROUPS_DN=ou=groups,dc=my-domain,dc=com
 # LDAP server URL
 LDAP_SERVER=ldap://ldap:389
 # LDAP admin user (set as login user for LAM)
+# Use LDAP_USER_FILE to read the value from a file (e.g. for Docker swarm: docker service create --secret LDAP_USER -e LDAP_USER_FILE=/run/secrets/LDAP_USER ...)
 LDAP_USER=cn=admin,dc=my-domain,dc=com
 # default language, e.g. en_US, de_DE, fr_FR, ...
 LAM_LANG=en_US
 # LAM configuration master password and password for server profile "lam"
+# Use LAM_PASSWORD_FILE to read the value from a file (e.g. for Docker swarm: docker service create --secret LAM_PASSWORD -e LAM_PASSWORD_FILE=/run/secrets/LAM_PASSWORD ...)
 LAM_PASSWORD=lam
 # run cron jobs (LAM Pro)
 LAM_CONFIGURE_CRON=false
@ -32,11 +34,13 @@ LAM_CONFIGURATION_PORT=
 # MySQL user name if database is mysql
 LAM_CONFIGURATION_USER=
 # MySQL password if database is mysql
+# Use LAM_CONFIGURATION_PASSWORD_FILE to read the value from a file (e.g. for Docker swarm: docker service create --secret LAM_CONFIGURATION_PASSWORD -e LAM_CONFIGURATION_PASSWORD_FILE=/run/secrets/LAM_CONFIGURATION_PASSWORD ...)
 LAM_CONFIGURATION_PASSWORD=
 # MySQL database name if database is mysql
 LAM_CONFIGURATION_DATABASE_NAME=

 # LAM Pro license (line breaks can be removed)
+# Use LAM_LICENSE_FILE to read the value from a file (e.g. for Docker swarm: docker service create --secret LAM_LICENSE -e LAM_LICENSE_FILE=/run/secrets/LAM_LICENSE ...)
 LAM_LICENSE=

 # deactivate TLS certificate checks, activate for development only
--- a/lam-packaging/docker/Dockerfile
+++ b/lam-packaging/docker/Dockerfile
@ -2,7 +2,7 @@
 #  Docker image for LDAP Account Manager

 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-#  Copyright (C) 2019 - 2024  Roland Gruber
+#  Copyright (C) 2019 - 2025  Roland Gruber

 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -29,7 +29,7 @@
 FROM debian:bookworm-slim
 LABEL maintainer="Roland Gruber <post@rolandgruber.de>"

-ARG LAM_RELEASE=9.0.RC1
+ARG LAM_RELEASE=9.3
 EXPOSE 80

 ENV \
@ -44,6 +44,7 @@ RUN apt-get install -y locales
 RUN sed -i 's/^# *\(ca_ES.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(cz_CZ.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(de_DE.UTF-8\)/\1/' /etc/locale.gen && \
+        sed -i 's/^# *\(el_GR.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(en_GB.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && \
        sed -i 's/^# *\(es_ES.UTF-8\)/\1/' /etc/locale.gen && \
@ -82,12 +83,12 @@ RUN apt-get install --no-install-recommends -y \
        php-mysql \
        php-sqlite3 \
        php-mbstring \
+        php-opcache \
+        php-apcu \
        wget \
        libldap-common \
        gettext \
-        libjs-jquery-jstree \
        php-phpseclib3 \
-        php-voku-portable-ascii \
        libphp-phpmailer \
        cron \
    && \
--- a/lam-packaging/docker/docker-compose.yml
+++ b/lam-packaging/docker/docker-compose.yml
@ -3,7 +3,7 @@ services:
  ldap-account-manager:
    build:
      context: .
-    image: ldapaccountmanager/lam:9.0.RC1
+    image: ldapaccountmanager/lam:9.3
    restart: unless-stopped
    ports:
      - "8080:80"
--- a/lam-packaging/docker/start.sh
+++ b/lam-packaging/docker/start.sh
@ -4,7 +4,7 @@

 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 #  Copyright (C) 2019        Felix Bartels
-#                2019 - 2024 Roland Gruber
+#                2019 - 2025 Roland Gruber

 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -42,14 +42,13 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
  echo "Configuring LAM"

  LAM_LANG="${LAM_LANG:-en_US}"
-  export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
-  LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
+  LAM_PASSWORD="${LAM_PASSWORD:-lam}"
  LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
  LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
  LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
  LDAP_USERS_DN="${LDAP_USERS_DN:-${LDAP_BASE_DN}}"
  LDAP_GROUPS_DN="${LDAP_GROUPS_DN:-${LDAP_BASE_DN}}"
-  LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
+  LDAP_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
  LAM_LICENSE="${LAM_LICENSE:-}"
  LAM_CONFIGURATION_DATABASE="${LAM_CONFIGURATION_DATABASE:-files}"
  LAM_CONFIGURATION_HOST="${LAM_CONFIGURATION_HOST:-}"
@ -58,8 +57,32 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
  LAM_CONFIGURATION_USER="${LAM_CONFIGURATION_USER:-}"
  LAM_CONFIGURATION_PASSWORD="${LAM_CONFIGURATION_PASSWORD:-}"

+  # Set an environment variable with the _FILE suffix to override the non-suffixed environment variable with the contents of the specified file
+  fileVariables=(
+    LDAP_USER
+    LAM_PASSWORD
+    LAM_CONFIGURATION_PASSWORD
+    LAM_LICENSE
+  )
+
+  for envVar in "${fileVariables[@]}"; do
+      fileEnvVar="${envVar}_FILE"
+      if [[ -n "${!fileEnvVar:-}" ]]; then
+          if [[ -r "${!fileEnvVar:-}" ]]; then
+              export "${envVar}=$(< "${!fileEnvVar}")"
+              unset "${fileEnvVar}"
+          else
+              warn "Skipping export of '${envVar}'. '${!fileEnvVar:-}' is not readable."
+          fi
+      fi
+  done
+  unset fileVariables
+
+  export LAM_PASSWORD
+  LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
+  unset LAM_PASSWORD
+
  sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
-    s|"password": "[^"]*"|"password": "${LAM_PASSWORD_SSHA}"|;
    s|"license": "[^"]*"|"license": "${LAM_LICENSE}"|;
    s|"configDatabaseType": "[^"]*"|"configDatabaseType": "${LAM_CONFIGURATION_DATABASE}"|;
    s|"configDatabaseServer": "[^"]*"|"configDatabaseServer": "${LAM_CONFIGURATION_HOST}"|;
@ -68,7 +91,11 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
    s|"configDatabaseUser": "[^"]*"|"configDatabaseUser": "${LAM_CONFIGURATION_USER}"|;
    s|"configDatabasePassword": "[^"]*"|"configDatabasePassword": "${LAM_CONFIGURATION_PASSWORD}"|;
 EOF
-  unset LAM_PASSWORD
+  if ! grep -e '"password":' /etc/ldap-account-manager/config.cfg > /dev/null; then
+    sed -i "2i\ \ \"password\": \"${LAM_PASSWORD_SSHA}\"," /etc/ldap-account-manager/config.cfg
+  else
+    sed -i "s|\"password\": .*|\"password\": \"${LAM_PASSWORD_SSHA}\",|" /etc/ldap-account-manager/config.cfg
+  fi

  set +e
  ls -l /var/lib/ldap-account-manager/config/lam.conf
@ -81,13 +108,17 @@ EOF

  sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
    s|"ServerURL": "[^"]*"|"ServerURL": "${LDAP_SERVER}"|;
-    s|"Admins": "[^"]*"|"Admins": "${LDAP_ADMIN_USER}"|;
-    s|"Passwd": "[^"]*"|"Passwd": "${LAM_PASSWORD_SSHA}"|;
+    s|"Admins": "[^"]*"|"Admins": "${LDAP_USER}"|;
    s|"treeViewSuffix": "[^"]*"|"treeViewSuffix": "${LDAP_BASE_DN}"|;
    s|"defaultLanguage": "[^"]*"|"defaultLanguage": "${LAM_LANG}.utf8"|;
    s|"suffix_user": "[^"]*"|"suffix_user": "${LDAP_USERS_DN}"|;
    s|"suffix_group": "[^"]*"|"suffix_group": "${LDAP_GROUPS_DN}"|;
 EOF
+  if ! grep -e '"Passwd":' /var/lib/ldap-account-manager/config/lam.conf > /dev/null; then
+    sed -i "2i\ \ \"Passwd\": \"${LAM_PASSWORD_SSHA}\"," /var/lib/ldap-account-manager/config/lam.conf
+  else
+    sed -i "s|\"Passwd\": .*|\"Passwd\": \"${LAM_PASSWORD_SSHA}\",|" /var/lib/ldap-account-manager/config/lam.conf
+  fi

 fi

--- a/lam/HISTORY
+++ b/lam/HISTORY
@ -1,6 +1,56 @@
-December 2024 9.0
+December 2025 9.4
+ - Main configuration and server profiles require latest file format (introduced in 9.0) (389)
+ - LAM Pro:
+  -> SMS sending can be done with email2SMS providers (465)
+
+
+16.09.2025 9.3
+ - New translation: Greek
+ - Tree view: added comparison feature (440)
+ - Windows: added logon hours (457)
+ - Lamdaemon: run /usr/sbin/userdel.local before (and no longer after) home directory is deleted (443)
+ - LAM Pro:
+  -> SMS support for password sending and password self-reset (441)
+  -> Self-Service: clear PPolicy "pwdReset" on password change if needed (448)
+ - Fixed bugs:
+  -> WebAuthn: 2-factor verification failed: Unable to load the data (453)
+  -> Random password generator does not respect server profile rules (458)
+  -> XSS in profile editor (low, CVE-2025-58174)
+
+
+06.06.2025 9.2
+ - PHP 8.4 compatibility
+ - TAK support added
+ - Active Directory: allow to restore deleted entries in tree view (415)
+ - Multi-edit tool: change operations are combined by DN to allow e.g. adding object classes with required attributes (408)
+ - Windows users: support thumbnail images (needs to be activated in server profile) (431)
+ - Tree view: better editing of olcAccess (420)
+ - LAM Pro:
+  -> Custom scripts: split config by account type (409)
+ - Fixed bugs:
+  -> Unix: profile editor for users not working (418)
+  -> Custom fields: problems with deleting facsimileTelephoneNumber (419)
+  -> Cannot add user (windowsUser) to group (windowsGroup) (444)
+
+
+13.03.2025 9.1
+ - Usability improvements (347, 348, 360, 403)
+ - Active Directory: deleted entries in "CN=Deleted Objects" can be shown (option in server profile, advanced settings)
+ - Security: LAM no longer ships with any default passwords, main configuration password is requested on login if not yet set (390)
+ - Docker: support to read e.g. configuration password from file to support Docker swarm
+ - LAM Pro:
+  -> Added support to manage DNS entries of bind-dyndb-ldap (361)
+  -> Unix users: support to create a group with same name for rfc2307bis (404)
+ - Fixed bugs:
+  -> Ambiguous tooltip on profile editor for Shadow users (394)
+  -> Self service photo file enhancements (396)
+  -> Tree view: delete does not work in French (406)
+  -> Cron job mails: show all values for multi-value attribute wildcards (411)
+
+
+17.12.2024 9.0
 - New configuration file format for main configuration and server profiles (applied on save, old format can still be read)
- - Unix users: allow to create group with same name via account profile (#332)
+ - Unix users: allow to create group with same name via account profile (332)
 - Group of (unique) names, organisational roles: added member/owner count to PDF fields
 - Windows: display password expiration date
 - Usability improvements (342, 350, 372)
@ -13,6 +63,7 @@ December 2024 9.0
  -> Docker: added option to run cron jobs (346)
  -> Windows: use msDS-UserPasswordExpiryTimeComputed for password expiration job (387)
 - Fixed bugs:
+  -> Security fix: Set arbitrary config values due to improper input validation for config values (GHSA-6cp9-j5r7-xhcc, CVE-2024-52792)
  -> Windows: show more than 1000 LDAP entries when paged results is activated in server profile
  -> WebAuthn: support DNs larger than 64 bytes (358)
  -> Wildcard replacements do not work without switching to the module tab (379)
@ -26,7 +77,7 @@ December 2024 9.0
  -> Self registration: added option to generate password
  -> Request access: allow to define an expiration time for memberships/ownerships (284)
  -> Request access: support additional group next to owners (300)
-  -> Request access: auto-refresh views (#324)
+  -> Request access: auto-refresh views (324)
 - Fixed bugs:
  -> Unix users: error log messages on file upload

@ -247,8 +298,8 @@ December 2024 9.0
  - PHP 8.0 compatibility (except tree view)
  - Support copying LDAP entries from account list
  - Account/PDF profiles: management of global templates and logos
-  - Group of names: allow filter by member/owner (#151)
-  - General information: link to groups (#152)
+  - Group of names: allow filter by member/owner (151)
+  - General information: link to groups (152)
  - LAM Pro:
   -> Self registration: support binary attributes (e.g. for jpegPhoto)
   -> Self registration: support custom mail attributes and mail from constant value (149)
@ -260,7 +311,7 @@ December 2024 9.0


 06.12.2020 7.4
-  - Argond2id support for password hashes (requires PHP 7.3) (#113)
+  - Argond2id support for password hashes (requires PHP 7.3) (113)
  - 2-factor authentication:
   -> Support for Okta
   -> WebAuthn devices can be named in Self Service and WebAuthn tool
@ -386,7 +437,7 @@ December 2024 9.0
  - LAM Pro:
   -> Auto deletion of entries with dynamic directory services support (requires PHP 7.2)
  - Fixed bugs:
-   -> Issue when changing key case of uid (#197)
+   -> Issue when changing key case of uid (197)


 20.06.2018 6.4
--- a/lam/README
+++ b/lam/README
@ -15,9 +15,6 @@ LAM - Readme
  Installation and documentation:
    Please see the LAM manual in docs/manual/index.html.

-  Default password:
-    The default password to edit the configuration options is "lam".
-
  Download:
    You can get the newest version at https://www.ldap-account-manager.org/.

@ -25,4 +22,4 @@ LAM - Readme
    LAM is published under the GNU General Public License.
    The complete list of licenses can be found in the copyright file.

-  Copyright (C) 2003 - 2024 Roland Gruber <post@rolandgruber.de>
+  Copyright (C) 2003 - 2025 Roland Gruber <post@rolandgruber.de>
--- a/lam/VERSION
+++ b/lam/VERSION
@ -1 +1 @@
-9.0.RC1
+9.3
--- a/lam/composer.json
+++ b/lam/composer.json
@ -1,6 +1,6 @@
 {
  "name": "ldap-account-manager/ldap-account-manager",
-  "version": "9.0",
+  "version": "9.3",
  "config": {
    "vendor-dir": "lib/3rdParty/composer",
    "platform": {
@ -10,22 +10,34 @@
      "php-http/discovery": false
    }
  },
-  "require" : {
-    "web-auth/webauthn-lib" : "^4",
+  "require": {
+    "web-auth/webauthn-lib": "^4",
    "web-auth/cose-lib": "^v4",
-    "web-auth/metadata-service": "^4",
-    "symfony/psr-http-message-bridge" : "^6",
-    "symfony/http-foundation" : "^6.0",
+    "symfony/psr-http-message-bridge": "^6",
+    "symfony/http-foundation": "^6.0",
    "symfony/http-client": "^6",
    "http-interop/http-factory-guzzle": "^1.2",
-    "webklex/php-imap" : "^5.5",
+    "webklex/php-imap": "^6",
    "phpmailer/phpmailer": "~6.5",
    "guzzlehttp/psr7": "^2",
    "paragonie/random_compat": "^2.0",
    "phpseclib/phpseclib": "^3.0",
    "christian-riesen/base32": "^1.6",
+
    "facile-it/php-openid-client": "^0",
+    "spomky-labs/aes-key-wrap": "^7",
+
    "monolog/monolog": "^3",
-    "duosecurity/duo_universal_php": "^1.0"
+    "duosecurity/duo_universal_php": "^1.0",
+
+    "aws/aws-sdk-php": "^3"
+  },
+  "scripts": {
+    "pre-autoload-dump": "Aws\\Script\\Composer\\Composer::removeUnusedServices"
+  },
+  "extra": {
+    "aws/aws-sdk-php": [
+      "Sns"
+    ]
  }
 }
--- a/lam/composer.lock
+++ b/lam/composer.lock
--- a/lam/config/addressbook.sample.conf
+++ b/lam/config/addressbook.sample.conf
@ -3,7 +3,6 @@
  "useTLS": "yes",
  "followReferrals": "false",
  "pagedResults": "false",
-  "Passwd": "{CRYPT-SHA512}$6$ZJcXwaxHP0GQH0Rd$Ggkn8Wz\/8ntCM9v0TywomjkgSvV.3BoayFwnc9QP3MV.b7HWaqLOA8urP2e7HyEmU\/JmC8xR7jTqrXCHC4kFr. WkpjWHdheEhQMEdRSDBSZA==",
  "Admins": "cn=Manager,dc=my-domain,dc=com",
  "defaultLanguage": "en_GB.utf8",
  "scriptPath": "",
--- a/lam/config/config.cfg.sample
+++ b/lam/config/config.cfg.sample
@ -1,5 +1,4 @@
 {
-  "password": "{CRYPT-SHA512}$6$WheNHdlVwDoL4s.x$DrZ10TpIGQa5wd0jbvtm8eaTleJCf1nec3ihOaNwMdPUKVFCphXwtnTSmFFXjhGa45RlrSEWhDVyjLCMiV\/.c. V2hlTkhkbFZ3RG9MNHMueA==",
  "default": "lam",
  "sessionTimeout": "30",
  "hideLoginErrorDetails": "false",
--- a/lam/config/language
+++ b/lam/config/language
@ -26,6 +26,9 @@ es_ES.utf8:UTF-8:Español (España)
 # French
 fr_FR.utf8:UTF-8:Français (France)

+# Greek
+el_GR.utf8:UTF-8:Ελληνικά (Ελλάδα)
+
 # Italian
 it_IT.utf8:UTF-8:Italiano (Italia)

--- a/lam/config/samba3.sample.conf
+++ b/lam/config/samba3.sample.conf
@ -3,7 +3,6 @@
  "useTLS": "yes",
  "followReferrals": "false",
  "pagedResults": "false",
-  "Passwd": "{CRYPT-SHA512}$6$MUWJEkvtUY7G5sFA$QS6voQCksH9gNbbbQpjDKt65iez9bgKQI2x60DAffCK5.LO\/\/QfYTetQ6V2PlUR32CTkuhlSXSGXnH9scD\/zb0 TVVXSkVrdnRVWTdHNXNGQQ==",
  "Admins": "cn=Manager,dc=my-domain,dc=com",
  "defaultLanguage": "en_GB.utf8",
  "scriptPath": "",
--- a/lam/config/templates/pdf/default.bindDyndbType.xml
+++ b/lam/config/templates/pdf/default.bindDyndbType.xml
@ -0,0 +1,18 @@
+<pdf filename="printLogo.jpg" headline="DNS information" foldingmarks="no">
+	<section name="_bindDyndbZone_idnsname">
+		<entry name="bindDyndbZone_idnssoaexpire"/>
+		<entry name="bindDyndbZone_idnssoarefresh"/>
+		<entry name="bindDyndbZone_idnssoaminimum"/>
+		<entry name="bindDyndbZone_idnssoaretry"/>
+		<entry name="bindDyndbZone_idnssoamname"/>
+		<entry name="bindDyndbZone_idnssoarname"/>
+		<entry name="bindDyndbZone_idnssoaserial"/>
+		<entry name="bindDyndbZone_dnsdefaultttl"/>
+		<entry name="bindDyndbZone_idnszoneactive"/>
+		<entry name="bindDyndbZone_nsrecord"/>
+		<entry name="bindDyndbZone_mxrecord"/>
+		<entry name="bindDyndbZone_arecord"/>
+		<entry name="bindDyndbZone_aaaarecord"/>
+		<entry name="bindDyndbZone_txtrecord"/>
+	</section>
+</pdf>
--- a/lam/config/templates/profiles/default.bindDyndbType
+++ b/lam/config/templates/profiles/default.bindDyndbType
@ -0,0 +1,6 @@
+ldap_suffix: -
+ldap_rdn: idnsname
+bindDyndbZone_idnssoaexpire: 604800
+bindDyndbZone_idnssoaminimum: 86400
+bindDyndbZone_idnssoarefresh: 2800
+bindDyndbZone_idnssoaretry: 7200
--- a/lam/config/unix.sample.conf
+++ b/lam/config/unix.sample.conf
@ -3,7 +3,6 @@
  "useTLS": "no",
  "followReferrals": "false",
  "pagedResults": "false",
-  "Passwd": "{CRYPT-SHA512}$6$zvb8WVEHSAKEGtGO$573kA9Us8LtGLLm5Gu87P\/vIiF\/2Ol\/DauzPmUpvC4eCL\/t0WWiwBaY19Rx5G3wzbeZWWlE1kp2fikrpZTZ51\/ enZiOFdWRUhTQUtFR3RHTw==",
  "Admins": "cn=Manager,dc=my-domain,dc=com",
  "defaultLanguage": "en_GB.utf8",
  "scriptPath": "",
--- a/lam/config/windows_samba4.sample.conf
+++ b/lam/config/windows_samba4.sample.conf
@ -3,7 +3,6 @@
  "useTLS": "no",
  "followReferrals": "false",
  "pagedResults": "false",
-  "Passwd": "{CRYPT-SHA512}$6$9IWWua4lbp7uiLCC$AHPgST1YAm3yUAWKGeNZ5f9GCo1wBGyVo3MGvAt6.UOtQ9dYxs4WeQ4mlzjR30rD6cRayMNRBWqYFuBLvzn9T0 OUlXV3VhNGxicDd1aUxDQw==",
  "Admins": "cn=Administrator,cn=users,dc=my-domain,dc=com",
  "defaultLanguage": "en_GB.utf8",
  "scriptPath": "",
--- a/lam/copyright
+++ b/lam/copyright
@ -1,4 +1,4 @@
-This software is copyright (c) 2003 - 2024 by Roland Gruber
+This software is copyright (c) 2003 - 2025 by Roland Gruber

 If you purchased a copy of LDAP Account Manager Pro then the following
 files are licensed under the conditions which you accepted at purchase
@ -17,6 +17,8 @@ time.
 * lib/modules/automount.inc
 * lib/modules/bindDLZ.inc
 * lib/modules/bindDLZXfr.inc
+* lib/modules/bindDyndbRecord.inc
+* lib/modules/bindDyndbZone.inc
 * lib/modules/customBaseType.inc
 * lib/modules/customFields.inc
 * lib/modules/customScripts.inc
@ -56,6 +58,7 @@ time.
 * lib/modules/rfc2307bisAutomount.inc
 * lib/modules/rfc2307bisPosixGroup.inc
 * lib/modules/selfRegistration.inc
+* lib/modules/simpleSecurityObject.inc
 * lib/modules/sudoRole.inc
 * lib/modules/uidObject.inc
 * lib/modules/webauthn.inc
@ -64,6 +67,7 @@ time.
 * lib/types/alias.inc
 * lib/types/automountType.inc
 * lib/types/bind.inc
+* lib/types/bindDyndbType.inc
 * lib/types/customType.inc
 * lib/types/gon.inc
 * lib/types/kopanoAddressListType.inc
@ -93,7 +97,8 @@ All other files are licensed under the conditions below.
    along with this program.  If not, see <https://www.gnu.org/licenses/>.


-The complete license can be found in the file COPYING.
+The complete license can be found in the file COPYING or in
+/usr/share/common-licenses/GPL-3 (Debian/Ubuntu).


 Some parts of this package have other, compatible licences. These are:
@ -407,33 +412,6 @@ D:


 E:
-  Duo
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above copyright
-     notice, this list of conditions and the following disclaimer.
-  2. Redistributions in binary form must reproduce the above copyright
-     notice, this list of conditions and the following disclaimer in the
-     documentation and/or other materials provided with the distribution.
-  3. The name of the author may not be used to endorse or promote products
-     derived from this software without specific prior written permission.
-
-  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-  IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-  OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-F:  
  3-Clause BSD License

  Redistribution and use in source and binary forms, with or without
@ -462,7 +440,7 @@ F:
  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


-G:
+F:
  2-Clause BSD License

  Redistribution and use in source and binary forms, with or without modification,
@ -486,38 +464,8 @@ G:
  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  POSSIBILITY OF SUCH DAMAGE.

-H:
-  3-Clause BSD License

-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-      copyright notice, this list of conditions and the following
-      disclaimer in the documentation and/or other materials provided
-      with the distribution.
-
-    * Neither the name of the copyright holder nor the names of its
-      contributors may be used to endorse or promote products derived
-      from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-I:
+G:
                  GNU LESSER GENERAL PUBLIC LICENSE
                       Version 2.1, February 1999

@ -972,217 +920,199 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.


-J:
-Apache 2.0
+H:
+  Apache License 2.0

 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

-1. Definitions.
+## 1. Definitions.

-"License" shall mean the terms and conditions for use, reproduction, and
-distribution as defined by Sections 1 through 9 of this document.
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1
+through 9 of this document.

-"Licensor" shall mean the copyright owner or entity authorized by the copyright
-owner that is granting the License.
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the
+License.

-"Legal Entity" shall mean the union of the acting entity and all other entities
-that control, are controlled by, or are under common control with that entity.
-For the purposes of this definition, "control" means (i) the power, direct or
-indirect, to cause the direction or management of such entity, whether by
-contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
-outstanding shares, or (iii) beneficial ownership of such entity.
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled
+by, or are under common control with that entity. For the purposes of this definition, "control" means
+(i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract
+or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
+ownership of such entity.

-You" (or "Your") shall mean an individual or Legal Entity exercising
-permissions granted by this License.
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.

-"Source" form shall mean the preferred form for making modifications, including
-but not limited to software source code, documentation source, and
-configuration files.
+"Source" form shall mean the preferred form for making modifications, including but not limited to software
+source code, documentation source, and configuration files.

-"Object" form shall mean any form resulting from mechanical transformation or
-translation of a Source form, including but not limited to compiled object
-code, generated documentation, and conversions to other media types.
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form,
+including but not limited to compiled object code, generated documentation, and conversions to other media
+types.

-"Work" shall mean the work of authorship, whether in Source or Object form,
-made available under the License, as indicated by a copyright notice that is
-included in or attached to the work (an example is provided in the Appendix
-below).
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License,
+as indicated by a copyright notice that is included in or attached to the work (an example is provided in the
+Appendix below).

-"Derivative Works" shall mean any work, whether in Source or Object form, that
-is based on (or derived from) the Work and for which the editorial revisions,
-annotations, elaborations, or other modifications represent, as a whole, an
-original work of authorship. For the purposes of this License, Derivative Works
-shall not include works that remain separable from, or merely link (or bind by
-name) to the interfaces of, the Work and Derivative Works thereof.
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from)
+the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent,
+as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not
+include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work
+and Derivative Works thereof.

-"Contribution" shall mean any work of authorship, including the original
-version of the Work and any modifications or additions to that Work or
-Derivative Works thereof, that is intentionally submitted to Licensor for
-inclusion in the Work by the copyright owner or by an individual or Legal
-Entity authorized to submit on behalf of the copyright owner. For the purposes
-of this definition, "submitted" means any form of electronic, verbal, or
-written communication sent to the Licensor or its representatives, including
-but not limited to communication on electronic mailing lists, source code
-control systems, and issue tracking systems that are managed by, or on behalf
-of, the Licensor for the purpose of discussing and improving the Work, but
-excluding communication that is conspicuously marked or otherwise designated in
-writing by the copyright owner as "Not a Contribution."
+"Contribution" shall mean any work of authorship, including the original version of the Work and any
+modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to
+Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to
+submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of
+electronic, verbal, or written communication sent to the Licensor or its representatives, including but not
+limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
+that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but
+excluding communication that is conspicuously marked or otherwise designated in writing by the copyright
+owner as "Not a Contribution."

-"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
-of whom a Contribution has been received by Licensor and subsequently
-incorporated within the Work.
-2. Grant of Copyright License. Subject to the terms and conditions of this
-License, each Contributor hereby grants to You a perpetual, worldwide,
-non-exclusive, no-charge, royalty-free, irrevocable copyright license to
-reproduce, prepare Derivative Works of, publicly display, publicly perform,
-sublicense, and distribute the Work and such Derivative Works in Source or
-Object form.
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been
+received by Licensor and subsequently incorporated within the Work.

-3. Grant of Patent License. Subject to the terms and conditions of this
-License, each Contributor hereby grants to You a perpetual, worldwide,
-non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this
-section) patent license to make, have made, use, offer to sell, sell, import,
-and otherwise transfer the Work, where such license applies only to those
-patent claims licensable by such Contributor that are necessarily infringed by
-their Contribution(s) alone or by combination of their Contribution(s) with the
-Work to which such Contribution(s) was submitted. If You institute patent
-litigation against any entity (including a cross-claim or counterclaim in a
-lawsuit) alleging that the Work or a Contribution incorporated within the Work
-constitutes direct or contributory patent infringement, then any patent
-licenses granted to You under this License for that Work shall terminate as of
-the date such litigation is filed.
+## 2. Grant of Copyright License.

-4. Redistribution. You may reproduce and distribute copies of the Work or
-Derivative Works thereof in any medium, with or without modifications, and in
-Source or Object form, provided that You meet the following conditions:
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
+Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.

-(a) You must give any other recipients of the Work or Derivative Works a copy
-of this License; and
+## 3. Grant of Patent License.

-(b) You must cause any modified files to carry prominent notices stating that
-You changed the files; and
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent
+license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
+license applies only to those patent claims licensable by such Contributor that are necessarily infringed by
+their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such
+Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim
+or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
+constitutes direct or contributory patent infringement, then any patent licenses granted to You under this
+License for that Work shall terminate as of the date such litigation is filed.

-(c) You must retain, in the Source form of any Derivative Works that You
-distribute, all copyright, patent, trademark, and attribution notices from the
-Source form of the Work, excluding those notices that do not pertain to any
-part of the Derivative Works; and
+## 4. Redistribution.

-(d) If the Work includes a "NOTICE" text file as part of its distribution, then
-any Derivative Works that You distribute must include a readable copy of the
-attribution notices contained within such NOTICE file, excluding those notices
-that do not pertain to any part of the Derivative Works, in at least one of the
-following places: within a NOTICE text file distributed as part of the
-Derivative Works; within the Source form or documentation, if provided along
-with the Derivative Works; or, within a display generated by the Derivative
-Works, if and wherever such third-party notices normally appear. The contents
-of the NOTICE file are for informational purposes only and do not modify the
-License. You may add Your own attribution notices within Derivative Works that
-You distribute, alongside or as an addendum to the NOTICE text from the Work,
-provided that such additional attribution notices cannot be construed as
-modifying the License.
+You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without
+modifications, and in Source or Object form, provided that You meet the following conditions:

-You may add Your own copyright statement to Your modifications and may provide
-additional or different license terms and conditions for use, reproduction, or
-distribution of Your modifications, or for any such Derivative Works as a
-whole, provided Your use, reproduction, and distribution of the Work otherwise
-complies with the conditions stated in this License.
+   1. You must give any other recipients of the Work or Derivative Works a copy of this License; and

-5. Submission of Contributions. Unless You explicitly state otherwise, any
-Contribution intentionally submitted for inclusion in the Work by You to the
-Licensor shall be under the terms and conditions of this License, without any
-additional terms or conditions. Notwithstanding the above, nothing herein shall
-supersede or modify the terms of any separate license agreement you may have
-executed with Licensor regarding such Contributions.
+   2. You must cause any modified files to carry prominent notices stating that You changed the files; and

-6. Trademarks. This License does not grant permission to use the trade names,
-trademarks, service marks, or product names of the Licensor, except as required
-for reasonable and customary use in describing the origin of the Work and
+   3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent,
+	  trademark, and attribution notices from the Source form of the Work, excluding those notices that do
+	  not pertain to any part of the Derivative Works; and
+
+   4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that
+	  You distribute must include a readable copy of the attribution notices contained within such NOTICE
+	  file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one
+	  of the following places: within a NOTICE text file distributed as part of the Derivative Works; within
+	  the Source form or documentation, if provided along with the Derivative Works; or, within a display
+	  generated by the Derivative Works, if and wherever such third-party notices normally appear. The
+	  contents of the NOTICE file are for informational purposes only and do not modify the License. You may
+	  add Your own attribution notices within Derivative Works that You distribute, alongside or as an
+	  addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be
+	  construed as modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide additional or different license
+terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative
+Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the
+conditions stated in this License.
+
+## 5. Submission of Contributions.
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by
+You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
+conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate
+license agreement you may have executed with Licensor regarding such Contributions.
+
+## 6. Trademarks.
+
+This License does not grant permission to use the trade names, trademarks, service marks, or product names of
+the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
 reproducing the content of the NOTICE file.

-7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
-writing, Licensor provides the Work (and each Contributor provides its
-Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied, including, without limitation, any warranties
-or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-PARTICULAR PURPOSE. You are solely responsible for determining the
-appropriateness of using or redistributing the Work and assume any risks
-associated with Your exercise of permissions under this License.
+## 7. Disclaimer of Warranty.

-8. Limitation of Liability. In no event and under no legal theory, whether in
-tort (including negligence), contract, or otherwise, unless required by
-applicable law (such as deliberate and grossly negligent acts) or agreed to in
-writing, shall any Contributor be liable to You for damages, including any
-direct, indirect, special, incidental, or consequential damages of any
-character arising as a result of this License or out of the use or inability to
-use the Work (including but not limited to damages for loss of goodwill, work
-stoppage, computer failure or malfunction, or any and all other commercial
-damages or losses), even if such Contributor has been advised of the
-possibility of such damages.
+Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor
+provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
+MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.

-9. Accepting Warranty or Additional Liability. While redistributing the Work or
-Derivative Works thereof, You may choose to offer, and charge a fee for,
-acceptance of support, warranty, indemnity, or other liability obligations
-and/or rights consistent with this License. However, in accepting such
-obligations, You may act only on Your own behalf and on Your sole
-responsibility, not on behalf of any other Contributor, and only if You agree
-to indemnify, defend, and hold each Contributor harmless for any liability
-incurred by, or claims asserted against, such Contributor by reason of your
-accepting any such warranty or additional liability.
+## 8. Limitation of Liability.

+In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless
+required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any
+Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential
+damages of any character arising as a result of this License or out of the use or inability to use the Work
+(including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has been advised of the possibility
+of such damages.

+## 9. Accepting Warranty or Additional Liability.
+
+While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for,
+acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this
+License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole
+responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold
+each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason
+of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS


 Programs and licenses with other licenses and/or authors than the
 main license and authors:

-graphics/webauthn.svg                                                F  2017  Duo Security, Inc.
-lib/3rdParty/composer/beberlei                                       G  2013  Benjamin Eberlei
-lib/3rdParty/composer/brick                                          B        Benjamin Morel
-lib/3rdParty/composer/carbonphp                                      B  2023  Carbon
-lib/3rdParty/composer/christian-riesen                               B        Christian Riesen
-lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano
-lib/3rdParty/composer/doctrine                                       B        Doctrine Project
-lib/3rdParty/composer/duo                                            E        Cisco Systems, Inc. and/or its affiliates
-lib/3rdParty/composer/facile-it                                      B        Thomas Vargiu
-lib/3rdParty/composer/fgrosse                                        B  2015  Friedrich Große
-lib/3rdParty/composer/firebase                                       F  2011  Neuman Vong
-lib/3rdParty/composer/guzzlehttp                                     B  2015  Michael Dowling
-lib/3rdParty/composer/http-interop                                   B  2016  Woody Gilk
-lib/3rdParty/composer/illuminate                                     B        Taylor Otwell
-lib/3rdParty/composer/nesbot                                         B        Brian Nesbitt
-lib/3rdParty/composer/monolog                                        B  2011  Jordi Boggiano
-lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises
-lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team
-lib/3rdParty/composer/phpmailer                                      I
-lib/3rdParty/composer/phpseclib                                      B  2019  TerraFrost and other contributors
-lib/3rdParty/composer/psr                                            B        PHP Framework Interoperability Group
-lib/3rdParty/composer/ralouphie                                      B  2014  Ralph Khattar
-lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs
-lib/3rdParty/composer/symfony                                        B  2022  Fabien Potencier
-lib/3rdParty/composer/thecodingmachine                               B        TheCodingMachine
-lib/3rdParty/composer/voku                                           B  2019 Lars Moelleken
-lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs
-lib/3rdParty/composer/web-token                                      B        Florent Morselli
-lib/3rdParty/composer/webklex                                        B  2016  Webklex
-lib/3rdParty/tcpdf                                                   D  2022  Nicola Asuni - Tecnick.com LTD
-lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah
-lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB
-style/010_normalize.css                                              B        Nicolas Gallagher and Jonathan Neal
-style/050_grid.css                                                   B
-templates/lib/*jquery*.js                                            B  2018  jQuery Foundation and other contributors
-templates/lib/*popper*.js                                            B
-templates/lib/*tippy*.js                                             B  2021  atomiks
-templates/lib/*flatpickr*.js                                         B  2017  Gregory Petrosyan
-style/600_flatpickr.css                                              B  2017  Gregory Petrosyan
-templates/lib/*sweetalert2*.js                                       B
-style/*sweetalert2*.css                                              B
-templates/lib/cropper*.js                                            B  2018  Chen Fengyuan
-style/600_cropper*.css                                               B  2018  Chen Fengyuan
-templates/lib/extra/jodit                                            B        Chupurnov
-templates/lib/extra/friendlyCaptcha                                  B
-templates/lib/400_Sortable*.js                                       B        RubaXa, owenm
-templates/lib/extra/jstree/*                                         B  2014  Ivan Bozhanov
-style/jstree/*                                                       B  2014  Ivan Bozhanov
-templates/lib/extra/qrcode/*                                         B  2009  Kazuhiko Arase
-templates/lib/extra/tabulator/*                                      B  2024  Oliver Folkerd
-style/tabulator/*                                                    B  2024  Oliver Folkerd
+graphics/webauthn.svg                                                E  2017  Duo Security, Inc.                             https://github.com/duo-labs/webauthn.io
+lib/3rdParty/composer/aws                                            H        Amazon Web Services                            https://github.com/aws/aws-sdk-php, https://github.com/awslabs/aws-crt-php
+lib/3rdParty/composer/brick                                          B        Benjamin Morel                                 https://github.com/brick/math
+lib/3rdParty/composer/carbonphp                                      B  2023  Carbon                                         https://github.com/CarbonPHP/carbon-doctrine-types
+lib/3rdParty/composer/christian-riesen                               B        Christian Riesen                               https://github.com/ChristianRiesen/base32
+lib/3rdParty/composer/composer                                       B        Nils Adermann, Jordi Boggiano                  https://github.com/composer/composer
+lib/3rdParty/composer/doctrine                                       B        Doctrine Project                               https://github.com/doctrine
+lib/3rdParty/composer/duosecurity                                    E        Cisco Systems, Inc. and/or its affiliates      https://github.com/duosecurity/duo_universal_php
+lib/3rdParty/composer/facile-it                                      B        Thomas Vargiu                                  https://github.com/facile-it
+lib/3rdParty/composer/firebase                                       E  2011  Neuman Vong                                    https://github.com/firebase/php-jwt
+lib/3rdParty/composer/guzzlehttp                                     B  2015  Michael Dowling                                https://github.com/guzzle/psr7
+lib/3rdParty/composer/http-interop                                   B  2016  Woody Gilk                                     https://github.com/http-interop/http-factory-guzzle
+lib/3rdParty/composer/illuminate                                     B        Taylor Otwell                                  https://github.com/illuminate
+lib/3rdParty/composer/lcobucci                                       B  2017  Luís Cobucci                                   https://github.com/lcobucci/clock
+lib/3rdParty/composer/monolog                                        B  2011  Jordi Boggiano                                 https://github.com/Seldaek/monolog
+lib/3rdParty/composer/mtdowling                                      B  2014  Michael Dowling                                https://github.com/jmespath/jmespath.php
+lib/3rdParty/composer/nesbot                                         B        Brian Nesbitt                                  https://github.com/CarbonPHP/carbon
+lib/3rdParty/composer/paragonie                                      B  2015  Paragon Initiative Enterprises                 https://github.com/paragonie
+lib/3rdParty/composer/php-http                                       B  2015  PHP HTTP Team                                  https://github.com/php-http/discovery
+lib/3rdParty/composer/phpmailer                                      G                                                       https://github.com/PHPMailer/PHPMailer
+lib/3rdParty/composer/phpseclib                                      B  2019  TerraFrost and other contributors              https://github.com/phpseclib/phpseclib
+lib/3rdParty/composer/psr                                            B        PHP Framework Interoperability Group           https://github.com/php-fig
+lib/3rdParty/composer/ralouphie                                      B  2014  Ralph Khattar                                  https://github.com/ralouphie/getallheaders
+lib/3rdParty/composer/spomky-labs                                    B  2018  Spomky-Labs                                    https://github.com/Spomky-Labs
+lib/3rdParty/composer/symfony                                        B  2022  Fabien Potencier                               https://github.com/symfony
+lib/3rdParty/composer/web-auth                                       B  2018  Spomky-Labs                                    https://github.com/web-auth
+lib/3rdParty/composer/web-token                                      B        Florent Morselli                               https://github.com/web-token
+lib/3rdParty/composer/webklex                                        B  2016  Webklex                                        https://github.com/Webklex/php-imap
+lib/3rdParty/tcpdf                                                   D  2022  Nicola Asuni - Tecnick.com LTD                 https://github.com/tecnickcom/TCPDF
+lib/3rdParty/tcpdf/fonts/dejavu*.z                                   A        Public Domain, Bitstream, Inc., Tavmjong Bah   https://github.com/dejavu-fonts/dejavu-fonts
+lib/3rdParty/yubico/Yubico.php                                       C  2015  Yubico AB                                      https://github.com/Yubico/php-yubico
+style/010_normalize.css                                              B        Nicolas Gallagher and Jonathan Neal            https://github.com/csstools/normalize.css
+style/050_grid.css                                                   B                                                       https://foundation.zurb.com/sites/docs/v/5.5.3/components/grid.html
+templates/lib/*popper*.js                                            B                                                       https://github.com/floating-ui/floating-ui
+templates/lib/*tippy*.js                                             B  2021  atomiks                                        https://github.com/atomiks/tippyjs
+templates/lib/*flatpickr*.js                                         B  2017  Gregory Petrosyan                              https://github.com/flatpickr/flatpickr
+style/600_flatpickr.css                                              B  2017  Gregory Petrosyan                              https://github.com/flatpickr/flatpickr
+templates/lib/*sweetalert2*.js                                       B                                                       https://github.com/sweetalert2/sweetalert2
+style/*sweetalert2*.css                                              B                                                       https://github.com/sweetalert2/sweetalert2
+templates/lib/410_cropper*.js                                        B  2018  Chen Fengyuan                                  https://github.com/fengyuanchen/cropperjs
+style/600_cropper*.css                                               B  2018  Chen Fengyuan                                  https://github.com/fengyuanchen/cropperjs
+templates/lib/extra/jodit                                            B        Chupurnov                                      https://github.com/xdan/jodit/
+templates/lib/extra/friendlyCaptcha                                  B                                                       https://github.com/FriendlyCaptcha/friendly-challenge
+templates/lib/400_Sortable*.js                                       B        RubaXa, owenm                                  https://github.com/SortableJS/Sortable
+templates/lib/extra/qrcode/*                                         B  2009  Kazuhiko Arase                                 https://github.com/kazuhikoarase/qrcode-generator
+templates/lib/extra/tabulator/*                                      B  2024  Oliver Folkerd                                 https://github.com/olifolkerd/tabulator/
+style/tabulator/*                                                    B  2024  Oliver Folkerd                                 https://github.com/olifolkerd/tabulator/
+templates/lib/extra/wunderbaum/*                                     B  2024  Martin Wendt                                   https://github.com/mar10/wunderbaum
+style/wunderbaum/*                                                   B  2024  Martin Wendt                                   https://github.com/mar10/wunderbaum
+style/bootstrap-icons/*                                              B  2024  The Bootstrap Authors                          https://icons.getbootstrap.com/
--- a/lam/docs/devel/upgrade.htm
+++ b/lam/docs/devel/upgrade.htm
@ -60,6 +60,23 @@ This is a list of API changes for all LAM releases.

 <br>

+<h2>9.2 -&gt; 9.3</h2>
+<ul>
+  <li>Module/Type API
+    <ul>
+      <li>Added defined parameter and return types to some methods (e.g. "getTitleBarSubtitle")</li>
+      <li>getPasswordQuickChangeOptions(): new parameter $forcePasswordChangeByDefault</li>
+    </ul>
+  </li>
+</ul>
+<h2>9.0 -&gt; 9.1</h2>
+<ul>
+  <li>JavaScript
+    <ul>
+      <li>jQuery was removed from the project</li>
+    </ul>
+  </li>
+</ul>
 <h2>8.4 -&gt; 8.5</h2>
 <ul>
  <li>Files in "tmp" directory must be managed via class LamTemporaryFilesManager</li>
--- a/lam/docs/manual-sources/appendix-lamdaemon.xml
+++ b/lam/docs/manual-sources/appendix-lamdaemon.xml
@ -1,205 +1,204 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
-  <appendix id="a_lamdaemon">
-    <title>Setup for home directory and quota management</title>
+<appendix id="a_lamdaemon">
+  <title>Setup lamdaemon for home directory and quota management</title>

-    <para>Lamdaemon.pl is used to modify quota and home directories on a
-    remote or local host via SSH (even if homedirs are located on
-    localhost).</para>
+  <para>Lamdaemon.pl is used to modify quota and home directories on a remote
+  or local host via SSH (even if homedirs are located on localhost).</para>

-    <para>If you want wo use it you have to set up the following things to get
-    it to work:</para>
+  <para>If you want to use it you have to set up the following things to get
+  it to work:</para>

-    <section>
-      <title>Installation</title>
+  <para><emphasis role="bold">Installation</emphasis></para>

-      <para>First of all, you need to install lamdaemon.pl on your remote
-      server where LAM should manage homedirs and/or quota. This is usually a
-      different server than the one where LAM is installed. But there is no
-      problem if it is the same.</para>
+  <para>First of all, you need to install lamdaemon.pl on your remote server
+  where LAM should manage homedirs and/or quota. This is usually a different
+  server than the one where LAM is installed. But there is no problem if it is
+  the same.</para>

-      <screenshot>
-        <mediaobject>
-          <imageobject>
-            <imagedata fileref="images/lamdaemonServers.png" />
-          </imageobject>
-        </mediaobject>
-      </screenshot>
+  <screenshot>
+    <mediaobject>
+      <imageobject>
+        <imagedata fileref="images/lamdaemonServers.png"/>
+      </imageobject>
+    </mediaobject>
+  </screenshot>

-      <para></para>
+  <para/>

-      <para><emphasis role="bold">Debian based (e.g. also
-      Ubuntu)</emphasis></para>
+  <itemizedlist>
+    <listitem>
+      <para>Debian based (e.g. also Ubuntu): Please install the lamdaemon DEB
+      package on your quota/homedir server.</para>
+    </listitem>

-      <para>Please install the lamdaemon DEB package on your quota/homedir
-      server.</para>
+    <listitem>
+      <para>RPM based (Fedora, CentOS, Suse, ...): Please install the
+      lamdaemon RPM package on your quota/homedir server.</para>
+    </listitem>

-      <para><emphasis role="bold">RPM based (Fedora, CentOS, Suse,
-      ...)</emphasis></para>
-
-      <para>Please install the lamdaemon RPM package on your quota/homedir
-      server.</para>
-
-      <para><emphasis role="bold">Other</emphasis></para>
-
-      <para>Please copy lib/lamdaemon.pl from the LAM tar.bz2 package to your
-      quota/homedir server. The location may be anywhere (e.g. use
+    <listitem>
+      <para>Other: Please copy lib/lamdaemon.pl from the LAM tar.bz2 package
+      to your quota/homedir server. The location may be anywhere (e.g. use
      /opt/lamdaemon). Please make the lamdaemon.pl script executable.</para>
-    </section>
+    </listitem>
+  </itemizedlist>

-    <section id="a_lamdaemonConf">
-      <title>LDAP Account Manager configuration</title>
+  <para><emphasis role="bold">LAM server profile
+  configuration</emphasis></para>

-      <itemizedlist>
-        <listitem>
-          <para>Set the remote or local host in the configuration (e.g.
-          127.0.0.1)</para>
-        </listitem>
+  <itemizedlist>
+    <listitem>
+      <para>Set the remote or local host in the configuration (e.g.
+      127.0.0.1)</para>
+    </listitem>

-        <listitem>
-          <para>Path to lamdaemon.pl, e.g.
-          /srv/www/htdocs/lam/lib/lamdaemon.pl If you installed a DEB or
-          RPM package then the script will be located at
-          /usr/share/ldap-account-manager/lib/lamdaemon.pl.</para>
-        </listitem>
+    <listitem>
+      <para>Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl If
+      you installed a DEB or RPM package then the script will be located at
+      /usr/share/ldap-account-manager/lib/lamdaemon.pl.</para>
+    </listitem>

-        <listitem>
-          <para>Your LAM admin user must be a valid Unix account. It needs to
-          have the object class "posixAccount" and an attribute "uid". This
-          account must be accepted by the SSH daemon of your home directory
-          server. Do not create a second local account but change your system
-          to accept LDAP users. You can use LAM to add the Unix account part
-          to your admin user or create a new account. Please do not forget to
-          setup LDAP write access (<ulink
-          url="http://www.openldap.org/doc/admin24/access-control.html">ACLs</ulink>)
-          if you create a new account.</para>
-        </listitem>
-      </itemizedlist>
+    <listitem>
+      <para id="a_lamdaemonConf">Your LAM admin user must be a valid Unix
+      account. It needs to have the object class "posixAccount" and an
+      attribute "uid". This account must be accepted by the SSH daemon of your
+      home directory server. Do not create a second local account but change
+      your system to accept LDAP users. You can use LAM to add the Unix
+      account part to your admin user or create a new account. Please do not
+      forget to setup LDAP write access (<ulink
+      url="http://www.openldap.org/doc/admin24/access-control.html">ACLs</ulink>)
+      if you create a new account.</para>
+    </listitem>
+  </itemizedlist>

-      <para></para>
+  <para/>

-      <screenshot>
-        <mediaobject>
-          <imageobject>
-            <imagedata fileref="images/lamdaemon.png" />
-          </imageobject>
-        </mediaobject>
-      </screenshot>
+  <screenshot>
+    <mediaobject>
+      <imageobject>
+        <imagedata fileref="images/lamdaemon.png"/>
+      </imageobject>
+    </mediaobject>
+  </screenshot>

-      <para>Note that the builtin admin/manager entries do not work for
-      lamdaemon. You need to login with a Unix account.</para>
+  <para>Note that the builtin admin/manager entries do not work for lamdaemon.
+  You need to login with a Unix account.</para>

-      <screenshot>
-        <mediaobject>
-          <imageobject>
-            <imagedata fileref="images/lamdaemon1.png" />
-          </imageobject>
-        </mediaobject>
-      </screenshot>
+  <screenshot>
+    <mediaobject>
+      <imageobject>
+        <imagedata fileref="images/lamdaemon1.png"/>
+      </imageobject>
+    </mediaobject>
+  </screenshot>

-      <para><emphasis role="bold">OpenLDAP ACL location:</emphasis></para>
+  <para><emphasis role="bold">OpenLDAP ACL location</emphasis></para>

-      <para>The access rights for OpenLDAP are configured in
-      /etc/ldap/slapd.conf or
-      /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif.</para>
-    </section>
+  <para>The access rights for OpenLDAP are configured in /etc/ldap/slapd.conf
+  or /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif.</para>

-    <section>
-      <title>Setup sudo</title>
+  <para><emphasis role="bold">Setup sudo</emphasis></para>

-      <para>The perl script has to run as root. Therefore we need a wrapper,
-      sudo. Edit /etc/sudoers on host where homedirs or quotas should be used
-      and add the following line:</para>
+  <para>The perl script has to run as root. Therefore we need a wrapper, sudo.
+  Edit /etc/sudoers on host where homedirs or quotas should be used and add
+  the following line:</para>

-      <para>$admin All= NOPASSWD: $path_to_lamdaemon *</para>
+  <para>$admin All= NOPASSWD: $path_to_lamdaemon *</para>

-      <para><emphasis condition="">$admin</emphasis> is the admin user from
-      LAM (must be a valid Unix account) and
-      <emphasis>$path_to_lamdaemon</emphasis> is the path to
-      lamdaemon.pl.</para>
+  <para><emphasis condition="">$admin</emphasis> is the admin user from LAM
+  (must be a valid Unix account) and <emphasis>$path_to_lamdaemon</emphasis>
+  is the path to lamdaemon.pl.</para>

-      <para><emphasis role="bold">Example:</emphasis></para>
+  <para>Example:</para>

-      <para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
-      *</para>
+  <para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl *</para>

-      <para>You might need to run the sudo command once manually to init sudo.
-      The command "sudo -l" will show all possible sudo commands of the
-      current user.</para>
+  <para>You might need to run the sudo command once manually to init sudo. The
+  command "sudo -l" will show all possible sudo commands of the current
+  user.</para>

-      <para><emphasis role="bold">Attention:</emphasis> Please do not use the
-      options "Defaults requiretty" and "Defaults env_reset" in /etc/sudoers.
-      Otherwise you might get errors like "you must have a tty to run sudo" or
-      "no tty present and no askpass program specified".</para>
-    </section>
+  <para><emphasis role="bold">Attention:</emphasis> Please do not use the
+  options "Defaults requiretty" and "Defaults env_reset" in /etc/sudoers.
+  Otherwise you might get errors like "you must have a tty to run sudo" or "no
+  tty present and no askpass program specified".</para>

-    <section>
-      <title>Setup Perl</title>
+  <para><emphasis role="bold">Setup Perl</emphasis></para>

-      <para>We need an extra Perl module - Quota. To install it, run:</para>
+  <para>We need an extra Perl module - Quota. To install it, run:</para>
+
+  <simplelist>
+    <member>perl -MCPAN -e shell</member>
+
+    <member>install Quota</member>
+  </simplelist>
+
+  <para>If your Perl executable is not located in /usr/bin/perl you will have
+  to edit the path in the first line of lamdaemon.pl. If you have problems
+  compiling the Perl modules try installing a newer release of your GCC
+  compiler and the "make" application.</para>
+
+  <para>Several Linux distributions already include a quota package for
+  Perl.</para>
+
+  <para><emphasis role="bold">Set up SSH</emphasis></para>
+
+  <para>Your SSH daemon must offer the password authentication method. To
+  activate it just use this configuration option in
+  /etc/ssh/sshd_config:</para>
+
+  <para>PasswordAuthentication yes</para>
+
+  <para><emphasis role="bold">Calling of external scripts</emphasis></para>
+
+  <para>The following extra scripts are called if they exist:</para>
+
+  <itemizedlist>
+    <listitem>
+      <para>Create home directory: /usr/sbin/useradd.local &lt;USER NAME&gt;
+      (after directory was created)</para>
+    </listitem>
+
+    <listitem>
+      <para>Delete home directory: /usr/sbin/userdel.local &lt;USER NAME&gt;
+      (before directory is removed)</para>
+    </listitem>
+  </itemizedlist>
+
+  <para><emphasis role="bold">Troubleshooting</emphasis></para>
+
+  <para>If you have problems managing quotas and home directories then these
+  points might help:</para>
+
+  <itemizedlist>
+    <listitem>
+      <para>There is a test page for lamdaemon: Login to LAM and open Tools
+      -&gt; Tests -&gt; Lamdaemon test</para>
+    </listitem>
+
+    <listitem>
+      <para>Check /var/log/auth.log or its equivalent on your system. This
+      file contains messages about all logins. If the ssh login failed then
+      you will find a description about the reason here.</para>
+    </listitem>
+
+    <listitem>
+      <para>Set sshd in debug mode. In /etc/ssh/sshd_conf add these
+      lines:</para>

      <simplelist>
-        <member>perl -MCPAN -e shell</member>
+        <member>SyslogFacility AUTH</member>

-        <member>install Quota</member>
+        <member>LogLevel DEBUG3</member>
      </simplelist>

-      <para>If your Perl executable is not located in /usr/bin/perl you will
-      have to edit the path in the first line of lamdaemon.pl. If you have
-      problems compiling the Perl modules try installing a newer release of
-      your GCC compiler and the "make" application.</para>
+      <para>Now check /var/log/syslog for messages from sshd.</para>
+    </listitem>
+  </itemizedlist>

-      <para>Several Linux distributions already include a quota package for
-      Perl.</para>
-    </section>
-
-    <section>
-      <title>Set up SSH</title>
-
-      <para>Your SSH daemon must offer the password authentication method. To
-      activate it just use this configuration option in
-      /etc/ssh/sshd_config:</para>
-
-      <para>PasswordAuthentication yes</para>
-    </section>
-
-    <section>
-      <title>Troubleshooting</title>
-
-      <para>If you have problems managing quotas and home directories then
-      these points might help:</para>
-
-      <itemizedlist>
-        <listitem>
-          <para>There is a test page for lamdaemon: Login to LAM and open
-          Tools -&gt; Tests -&gt; Lamdaemon test</para>
-        </listitem>
-
-        <listitem>
-          <para>Check /var/log/auth.log or its equivalent on your system. This
-          file contains messages about all logins. If the ssh login failed
-          then you will find a description about the reason here.</para>
-        </listitem>
-
-        <listitem>
-          <para>Set sshd in debug mode. In /etc/ssh/sshd_conf add these
-          lines:</para>
-
-          <simplelist>
-            <member>SyslogFacility AUTH</member>
-
-            <member>LogLevel DEBUG3</member>
-          </simplelist>
-
-          <para>Now check /var/log/syslog for messages from sshd.</para>
-        </listitem>
-      </itemizedlist>
-
-      <para>Error message <emphasis role="bold">"Your LAM admin user (...)
-      must be a valid Unix account to work with lamdaemon!"</emphasis>: This
-      happens if you use the default LDAP admin/manager user to login to LAM.
-      Please see <link linkend="a_lamdaemonConf">here</link> and setup a Unix
-      account.</para>
-    </section>
-  </appendix> 
+  <para>Error message <emphasis role="bold">"Your LAM admin user (...) must be
+  a valid Unix account to work with lamdaemon!"</emphasis>: This happens if
+  you use the default LDAP admin/manager user to login to LAM. Please see
+  <link linkend="a_lamdaemonConf">here</link> and setup a Unix account.</para>
+</appendix>
--- a/lam/docs/manual-sources/appendix-schema.xml
+++ b/lam/docs/manual-sources/appendix-schema.xml
@ -467,12 +467,30 @@

          <entry>dhcp.schema</entry>

-          <entry>docs/schema/dhcp.schema</entry>
+          <entry>Part of LAM installation: docs/schema/dhcp.schema</entry>

          <entry>The LDAP suffix should be set to your dhcpServer
          entry.</entry>
        </row>

+        <row>
+          <entry><inlinemediaobject>
+              <imageobject>
+                <imagedata fileref="images/schema_bind9.png" width="16"/>
+              </imageobject>
+            </inlinemediaobject></entry>
+
+          <entry>Bind dyndb-ldap</entry>
+
+          <entry>idnsZone, idnsRecord</entry>
+
+          <entry>schema.ldif</entry>
+
+          <entry>Part of bind-dyndb-ldap</entry>
+
+          <entry>LAM Pro only</entry>
+        </row>
+
        <row>
          <entry><inlinemediaobject>
              <imageobject>
@ -487,7 +505,7 @@

          <entry>dlz.schema</entry>

-          <entry>part of <ulink url="http://bind-dlz.sourceforge.net/">Bind
+          <entry>Part of <ulink url="http://bind-dlz.sourceforge.net/">Bind
          DLZ patch</ulink></entry>

          <entry>LAM Pro only</entry>
@ -803,6 +821,24 @@
          <entry>LAM Pro only, requires DDS extension on LDAP server
          side</entry>
        </row>
+
+        <row>
+          <entry><inlinemediaobject>
+              <imageobject>
+                <imagedata fileref="images/schema_tak.png" width="16px"/>
+              </imageobject>
+            </inlinemediaobject></entry>
+
+          <entry>TAK</entry>
+
+          <entry>takUser</entry>
+
+          <entry>tak-*.ldif</entry>
+
+          <entry>Part of LAM installation: docs/schema/tak-*.ldif</entry>
+
+          <entry/>
+        </row>
      </tbody>
    </tgroup>
  </table>
--- a/lam/docs/manual-sources/appendix-troubleshooting.xml
+++ b/lam/docs/manual-sources/appendix-troubleshooting.xml
@ -28,27 +28,23 @@
        <orderedlist>
          <listitem>
            <para>Locate config.cfg: On DEB/RPM installations it is in
-            /usr/share/ldap-account-manager/config and for tar.bz2 in config
+            <emphasis
+            role="bold">/usr/share/ldap-account-manager/config</emphasis> and
+            for tar.bz2 in <emphasis role="bold">config</emphasis>
            folder.</para>
          </listitem>

          <listitem>
-            <para>Locate the "password" entry in the file</para>
+            <para>Locate the "password" line in the file</para>
          </listitem>

          <listitem>
-            <para>Replace the password hash after "password: " with your new
-            clear-text password (e.g. "secret")</para>
+            <para>Remove the password line in the configuration file</para>
          </listitem>
        </orderedlist>

-        <para>After the change the line should look like this:</para>
-
-        <literallayout>password: secret</literallayout>
-
-        <para>You can now login using your new password. Set the password once
-        again via GUI in main configuration settings. This will then put again
-        a hash value in the config.cfg file.</para>
+        <para>When you open LAM's start page you will now be asked to set a
+        new password.</para>
      </section>

      <section>
--- a/lam/docs/manual-sources/chapter-accessLevel.xml
+++ b/lam/docs/manual-sources/chapter-accessLevel.xml
@ -1,184 +1,179 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
-  <chapter id="a_accessLevelPasswordReset">
-    <title>Access levels and password reset page (LAM Pro)</title>
+<chapter id="a_accessLevelPasswordReset">
+  <title>Access levels and password reset page (LAM Pro)</title>

-    <para>You can define different access levels for each profile to allow or
-    disallow write access. The password reset page helps your deskside support
-    staff to reset user passwords.</para>
+  <para>You can define different access levels for each profile to allow or
+  disallow write access. The password reset page helps your deskside support
+  staff to reset user passwords.</para>

-    <section>
-      <title id="s_accessLevel">Access levels</title>
+  <section>
+    <title id="s_accessLevel">Access levels</title>

-      <para>There are three access levels:</para>
+    <para>There are three access levels:</para>

-      <itemizedlist>
-        <listitem>
-          <para><emphasis role="bold">Write access (default)</emphasis></para>
+    <itemizedlist>
+      <listitem>
+        <para><emphasis role="bold">Write access (default)</emphasis></para>

-          <para>There are no restrictions. LAM admin users can manage account,
-          create profiles and set passwords.</para>
-        </listitem>
+        <para>There are no restrictions. LAM admin users can manage account,
+        create profiles and set passwords.</para>
+      </listitem>

-        <listitem>
-          <para><emphasis role="bold">Change passwords</emphasis></para>
+      <listitem>
+        <para><emphasis role="bold">Change passwords</emphasis></para>

-          <para>Similar to "Read only" except that the <link
-          linkend="s_pwdReset">password reset page</link> is available.</para>
-        </listitem>
+        <para>Similar to "Read only" except that the <link
+        linkend="s_pwdReset">password reset page</link> is available.</para>
+      </listitem>

-        <listitem>
-          <para><emphasis role="bold">Read only</emphasis></para>
+      <listitem>
+        <para><emphasis role="bold">Read only</emphasis></para>

-          <para>No write access to the LDAP database is allowed. It is also
-          impossible to manage account and PDF profiles.</para>
+        <para>No write access to the LDAP database is allowed. It is also
+        impossible to manage account and PDF profiles.</para>

-          <para>Accounts may be viewed but no changes can be saved.</para>
-        </listitem>
-      </itemizedlist>
+        <para>Accounts may be viewed but no changes can be saved.</para>
+      </listitem>
+    </itemizedlist>

-      <para>The access level can be set on the server configuration
-      page:</para>
+    <para>The access level can be set on the server configuration page:</para>

-      <para><screenshot>
-          <mediaobject>
-            <imageobject>
-              <imagedata fileref="images/accessLevel.png" />
-            </imageobject>
-          </mediaobject>
-        </screenshot></para>
-    </section>
-
-    <section id="s_pwdReset">
-      <title>Password reset page</title>
-
-      <para>This special page allows your deskside support staff to reset the
-      Unix and Samba passwords of your users. Account may also be (un)locked
-      If you set the <link linkend="s_accessLevel">access level</link> to
-      "Change passwords" then LAM will not allow any changes to the LDAP
-      database except password changes via this page. The account pages will
-      be still available in read-only mode.</para>
-
-      <para>You can open the password reset page by clicking on the key symbol
-      on each user account:</para>
-
-      <para><screenshot>
-          <mediaobject>
-            <imageobject>
-              <imagedata fileref="images/passwordReset1.png" />
-            </imageobject>
-          </mediaobject>
-        </screenshot>There are three different options to set a new password.
-      You can further restrict these options in server profile
-      settings.</para>
-
-      <itemizedlist>
-        <listitem>
-          <para><emphasis role="bold">set random password and display it on
-          screen</emphasis></para>
-
-          <para>This will set the user's password to a random value. The
-          password will be 11 characters long with a random combination of
-          letters, digits and ".-_".</para>
-
-          <para>You may want to use this method to tell users their new
-          passwords via phone.</para>
-        </listitem>
-
-        <listitem>
-          <para><emphasis role="bold">set random password and mail it to
-          user</emphasis></para>
-
-          <para>If the user account has set the mail attribute then LAM can
-          send your user a mail with the new password. You can change the mail
-          template to fit your needs. Please configure your LAM server profile
-          to setup the sender address, subject and mail body. See <link linkend="mailSetup">here</link> for setting up your
-          SMTP server.</para>
-
-          <para>Using this method will prevent that your support staff knows
-          the new password.</para>
-        </listitem>
-
-        <listitem>
-          <para><emphasis role="bold">set specific password</emphasis></para>
-
-          <para>Here you can specify your own password.</para>
-        </listitem>
-      </itemizedlist>
-
-      <screenshot>
+    <para><screenshot>
        <mediaobject>
          <imageobject>
-            <imagedata fileref="images/passwordReset2.png" />
+            <imagedata fileref="images/accessLevel.png"/>
          </imageobject>
        </mediaobject>
-      </screenshot>
+      </screenshot></para>
+  </section>

-      <para>LAM will display contact information about the user like the
-      user's name, email address and telephone number. This will help your
-      deskside support to easily contact your users.</para>
+  <section id="s_pwdReset">
+    <title>Password reset page</title>

-      <para><emphasis role="bold">Options:</emphasis></para>
+    <para>This special page allows your deskside support staff to reset the
+    Unix and Samba passwords of your users. Account may also be (un)locked If
+    you set the <link linkend="s_accessLevel">access level</link> to "Change
+    passwords" then LAM will not allow any changes to the LDAP database except
+    password changes via this page. The account pages will be still available
+    in read-only mode.</para>

-      <para>Depending on the account there may be additional options
-      available.</para>
+    <para>You can open the password reset page by clicking on the key symbol
+    on each user account:</para>

-      <itemizedlist>
-        <listitem>
-          <para><emphasis role="bold">Sync Samba NT/LM password with Unix
-          password:</emphasis> If a user account has Samba passwords set then
-          LAM will offer to synchronize the passwords.</para>
-        </listitem>
+    <para><screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/passwordReset1.png"/>
+          </imageobject>
+        </mediaobject>
+      </screenshot>There are different options to set a new password - either
+    set a random password or specify the new password. You can further
+    restrict these options in server profile settings.</para>

-        <listitem>
-          <para><emphasis role="bold">Unlock Samba account:</emphasis> Locked
-          Samba accounts can be unlocked with the password change.</para>
-        </listitem>
+    <itemizedlist>
+      <listitem>
+        <para><emphasis role="bold">Generate random password</emphasis></para>

-        <listitem>
-          <para><emphasis role="bold">Update Samba password
-          timestamps:</emphasis> This will set the timestamps when the
-          password was changed (sambaPwdLastSet). Only existing attributes are
-          updated. No new attributes are added.</para>
-        </listitem>
+        <para>This will set the user's password to a random value. The
+        password will be 14 characters long with a random combination of
+        letters, digits and ".-_".</para>

-        <listitem>
-          <para><emphasis role="bold">Sync Kerberos password with Unix
-          password:</emphasis> This will also update the Heimdal Kerberos
-          password.</para>
-        </listitem>
+        <para>You can send the password via <link
+        linkend="mailSetup">email</link> or <link
+        linkend="smsSetup">SMS</link> if the user account has set the
+        mail/mobile phone attribute. You can change the email template to fit
+        your needs. Please configure your LAM server profile to setup the
+        sender address, subject and mail body. See <link
+        linkend="mailSetup">here</link> for setting up your SMTP server. Using
+        this method will prevent that your support staff knows the new
+        password.</para>

-        <listitem>
-          <para><emphasis role="bold">Sync Asterisk (voicemail) password with
-          Unix password:</emphasis> Changes also the Asterisk
-          passwords.</para>
-        </listitem>
+        <para>The password can be shown on screen, too. You may want to use
+        this method to tell users their new password via phone.</para>
+      </listitem>

-        <listitem>
-          <para><emphasis role="bold">Force password change:</emphasis> This
-          will force the user to change his password at next login. This
-          option supports Shadow, Samba 3 and PPolicy (automatically
-          detected).</para>
-        </listitem>
-      </itemizedlist>
+      <listitem>
+        <para><emphasis role="bold">Set specific password</emphasis></para>

-      <literallayout>
+        <para>Here you can specify your own password. It can also be sent via
+        <link linkend="mailSetup">email</link> or <link
+        linkend="smsSetup">SMS</link> if the user account has set the
+        mail/mobile phone attribute.</para>
+      </listitem>
+    </itemizedlist>
+
+    <screenshot>
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="images/passwordReset2.png"/>
+        </imageobject>
+      </mediaobject>
+    </screenshot>
+
+    <para>LAM will display contact information about the user like the user's
+    name, email address and telephone number. This will help your deskside
+    support to easily contact your users.</para>
+
+    <para><emphasis role="bold">Options:</emphasis></para>
+
+    <para>Depending on the account there may be additional options
+    available.</para>
+
+    <itemizedlist>
+      <listitem>
+        <para><emphasis role="bold">Sync Samba NT/LM password with Unix
+        password:</emphasis> If a user account has Samba passwords set then
+        LAM will offer to synchronize the passwords.</para>
+      </listitem>
+
+      <listitem>
+        <para><emphasis role="bold">Unlock Samba account:</emphasis> Locked
+        Samba accounts can be unlocked with the password change.</para>
+      </listitem>
+
+      <listitem>
+        <para><emphasis role="bold">Update Samba password
+        timestamps:</emphasis> This will set the timestamps when the password
+        was changed (sambaPwdLastSet). Only existing attributes are updated.
+        No new attributes are added.</para>
+      </listitem>
+
+      <listitem>
+        <para><emphasis role="bold">Sync Kerberos password with Unix
+        password:</emphasis> This will also update the Heimdal Kerberos
+        password.</para>
+      </listitem>
+
+      <listitem>
+        <para><emphasis role="bold">Sync Asterisk (voicemail) password with
+        Unix password:</emphasis> Changes also the Asterisk passwords.</para>
+      </listitem>
+
+      <listitem>
+        <para><emphasis role="bold">Force password change:</emphasis> This
+        will force the user to change his password at next login. This option
+        supports Shadow, Samba 3 and PPolicy (automatically detected).</para>
+      </listitem>
+    </itemizedlist>
+
+    <literallayout>
 </literallayout>

-      <para><emphasis role="bold">Account (un)locking:</emphasis></para>
+    <para><emphasis role="bold">Account (un)locking:</emphasis></para>

-      <para>Depending if the account includes a Unix/Samba extension and
-      PPolicy is activated the page will show options to (un)lock the account.
-      E.g. if the account is fully unlocked then there will be no unlocking
-      options printed.</para>
+    <para>Depending if the account includes a Unix/Samba extension and PPolicy
+    is activated the page will show options to (un)lock the account. E.g. if
+    the account is fully unlocked then there will be no unlocking options
+    printed.</para>

-      <screenshot>
-        <mediaobject>
-          <imageobject>
-            <imagedata fileref="images/passwordReset3.png" />
-          </imageobject>
-        </mediaobject>
-      </screenshot>
-    </section>
-  </chapter>
+    <screenshot>
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="images/passwordReset3.png"/>
+        </imageobject>
+      </mediaobject>
+    </screenshot>
+  </section>
+</chapter>
--- a/lam/docs/manual-sources/chapter-configuration.xml
+++ b/lam/docs/manual-sources/chapter-configuration.xml
@ -44,11 +44,6 @@
  <section id="generalSettings">
    <title>General settings</title>

-    <para>After selecting "Edit general settings" you will need to enter the
-    <link linkend="a_configPasswords">master configuration password</link>.
-    The default password for new installations is "lam". Now you can edit the
-    general settings.</para>
-
    <section>
      <title>Configuration Database</title>

@ -301,6 +296,124 @@
      </screenshot>
    </section>

+    <section id="smsSetup">
+      <title>SMS options (LAM Pro)</title>
+
+      <para>You can send SMS messages to your users for password resets. To
+      activate this feature you need to have an account at one of the
+      supported SMS providers.</para>
+
+      <para>After all options are filled you can test your settings and check
+      if you get an SMS delivered to the entered mobile number.</para>
+
+      <screenshot>
+        <graphic fileref="images/configGeneral12.png"/>
+      </screenshot>
+
+      <para><emphasis role="bold">Common options</emphasis></para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Default country prefix: please enter your country prefix for
+          telephone numbers. It will be applied whenever no country prefix is
+          part of the user's telephone number.</para>
+        </listitem>
+
+        <listitem>
+          <para>Mobile phone attributes: LAM will check these attributes to
+          find the user's mobile telephone number. The first number that is
+          found will be used.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para><ulink url="https://aws.amazon.com/sns/"><emphasis role="bold">AWS
+      SNS</emphasis></ulink></para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Region: this is your AWS region (e.g. eu-central-1)</para>
+        </listitem>
+
+        <listitem>
+          <para>Account id: please enter the access key id of your IMS user
+          that is allowed to send SMS (e.g. AKIAIOSFODNN7EXAMPLE)</para>
+        </listitem>
+
+        <listitem>
+          <para>Token: this is the secret value of your access key (e.g.
+          wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY)</para>
+        </listitem>
+      </itemizedlist>
+
+      <para><emphasis role="bold">Email2SMS</emphasis></para>
+
+      <para>This service can be used for all SMS gateways that allow to send
+      SMS via email. This means LAM sends out an email to the gateway and they
+      convert it to an SMS.</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Account id: please enter the receiving email address at your
+          email2SMS gateway. The address must contain the wildcard "$number"
+          for the user's phone number. E.g. "$number@sms.clicksend.com".
+          "$number" will be replaced with the actual mobile phone
+          number.</para>
+        </listitem>
+
+        <listitem>
+          <para>From: this is the email FROM address. Typically, email2SMS
+          gateways require that the email comes from a specific email
+          address.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para><emphasis role="bold"><ulink
+      url="https://gatewayapi.com/">GatewayAPI</ulink></emphasis></para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Token: please enter your API token (not key/secret)</para>
+        </listitem>
+      </itemizedlist>
+
+      <para><emphasis role="bold"><ulink
+      url="https://www.smsapi.com">SMSAPI</ulink></emphasis></para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Token: please enter your API token</para>
+        </listitem>
+      </itemizedlist>
+
+      <para><emphasis role="bold"><ulink
+      url="https://www.smsbox.net/">SMSBOX</ulink></emphasis></para>
+
+      <itemizedlist>
+        <listitem>
+          <para>API key: please enter your API key (pub-...)</para>
+        </listitem>
+      </itemizedlist>
+
+      <para><emphasis role="bold"><ulink
+      url="https://www.twilio.com/">Twilio</ulink></emphasis></para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Account id: this is your account SID (e.g. AC...)</para>
+        </listitem>
+
+        <listitem>
+          <para>Token: please enter your API token (not API SID/secret)</para>
+        </listitem>
+
+        <listitem>
+          <para>From: this can be a mobile number (needs to be registered in
+          Twilio) or the ID of a messaging service (MG...). The messaging
+          service allows to define a textual sender name.</para>
+        </listitem>
+      </itemizedlist>
+    </section>
+
    <section id="confmain_webauthn">
      <title>WebAuthn/FIDO2 devices</title>

@ -546,6 +659,10 @@
        will then query LDAP to return results in chunks of 999
        entries.</para>

+        <para>Show deleted entries: This is for Active Directory and Samba 4
+        only. It will unhide LDAP entries in "CN=Deleted Objects,DC=...". You
+        can use this to browse and restore these entries in tree view.</para>
+
        <para>Referential integrity overlay: Activate this checkbox if you
        have any server side extension for referential integrity in place. In
        this case the server will cleanup references to LDAP entries that are
--- a/lam/docs/manual-sources/chapter-installation.xml
+++ b/lam/docs/manual-sources/chapter-installation.xml
@ -608,6 +608,62 @@
      version. Unless explicitly noticed there is no need to install an
      intermediate release.</para>

+      <section>
+        <title>9.3 -&gt; 9.4</title>
+
+        <para><emphasis role="bold">New configuration format for main
+        configuration and server profiles is enforced.</emphasis> Please save your main
+        configuration and all server profiles with LAM 9.0 - 9.3 before
+        upgrading. You can also export your configuration and import all
+        server profiles and main configuration. This format change does not
+        apply if you use MySQL for configuration
+        storage.</para>
+      </section>
+
+      <section>
+        <title>9.2 -&gt; 9.3</title>
+
+        <para>No actions required.</para>
+      </section>
+
+      <section>
+        <title>9.1 -&gt; 9.2</title>
+
+        <para>LAM Pro:</para>
+
+        <itemizedlist>
+          <listitem>
+            <para>Custom scripts: The settings in server profile were split by
+            account type. If you use custom scripts then you need to perform
+            these steps for each server profile that uses them (no scripts
+            will be executed till migration was done):</para>
+
+            <itemizedlist>
+              <listitem>
+                <para>Open server profile and switch to tab "Module
+                settings"</para>
+              </listitem>
+
+              <listitem>
+                <para>Review the automated migration of the custom scripts
+                settings (complex configurations will need manual
+                adaptions)</para>
+              </listitem>
+
+              <listitem>
+                <para>Save the server profile</para>
+              </listitem>
+            </itemizedlist>
+          </listitem>
+        </itemizedlist>
+      </section>
+
+      <section>
+        <title>9.0 -&gt; 9.1</title>
+
+        <para>No actions required.</para>
+      </section>
+
      <section>
        <title>8.9 -&gt; 9.0</title>

--- a/lam/docs/manual-sources/chapter-modules.xml
+++ b/lam/docs/manual-sources/chapter-modules.xml
@ -293,8 +293,9 @@

    <para>If a module supports to enforce a password change then you will see
    the appropriate checkbox. LAM Pro also offers to send the password via
-    email after the account is saved. Email options are specified in your
-    <link linkend="profile_mail">LAM server profile</link>.</para>
+    email/SMS after the account is saved. Email options are specified in your
+    <link linkend="profile_mail">LAM server profile</link> and SMS options in
+    <link linkend="smsSetup">main configuration</link>.</para>

    <screenshot>
      <mediaobject>
@ -2510,6 +2511,56 @@ AuthorizedKeysCommandUser root</literallayout>
        <graphic fileref="images/mod_lastBind3.png"/>
      </screenshot>
    </section>
+
+    <section>
+      <title>TAK</title>
+
+      <para>The <ulink url="https://www.civtak.org/">TAK</ulink> module
+      supports the Team Awareness Kit or Tactical Assault Kit (TAK) with the
+      Android Team Awareness Kit (ATAK).</para>
+
+      <para>You can define callsigns, team roles and colors for users.</para>
+
+      <para><emphasis role="bold">LDAP schema</emphasis></para>
+
+      <para>The module expects that TAK users use the object class "takUser"
+      and the attributes "takCallsign", "takRole" and "takColor". You can find
+      matching schema files in /usr/share/ldap-account-manager/docs/schema
+      (DEB/RPM) or docs/schema (tar.bz2). Please see the beginning of the
+      files for installation instructions.</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>OpenLDAP: tak-OpenLDAP.ldif</para>
+        </listitem>
+
+        <listitem>
+          <para>Samba 4: tak-Samba4-attributes.ldif and
+          tak-Samba4-objectClass.ldif</para>
+        </listitem>
+
+        <listitem>
+          <para>Windows (AD): tak-Windows.ldif</para>
+        </listitem>
+      </itemizedlist>
+
+      <para><emphasis role="bold">Configuration</emphasis></para>
+
+      <para>Add the TAK module for users in your server profile:</para>
+
+      <screenshot>
+        <graphic fileref="images/mod_tak1.png"/>
+      </screenshot>
+
+      <para>Now you can manage the TAK attributes for users.</para>
+
+      <para>LAM Pro users can add these attributes to the self-service profile
+      if needed.</para>
+
+      <screenshot>
+        <graphic fileref="images/mod_tak2.png"/>
+      </screenshot>
+    </section>
  </section>

  <section>
@ -4324,6 +4375,289 @@ Run slapindex to rebuild the index.
    </screenshot>
  </section>

+  <section>
+    <title>Bind dyndb-ldap (LAM Pro)</title>
+
+    <para>The <ulink
+    url="https://pagure.io/bind-dyndb-ldap">bind-dyndb-ldap</ulink> plugin for
+    <ulink url="https://www.isc.org/bind/">Bind</ulink> allows you to manage
+    DNS entries in LDAP. Please install the bind-dyndb-ldap schema file on
+    your LDAP server. It is part of the bind-dyndb-ldap download. LAM Pro can
+    manage DNS zones and the following record types:<itemizedlist>
+        <listitem>
+          <para>A/AAAA: IP addresses</para>
+        </listitem>
+
+        <listitem>
+          <para>CNAME: alias names</para>
+        </listitem>
+
+        <listitem>
+          <para>DNAME: delegation name</para>
+        </listitem>
+
+        <listitem>
+          <para>MX: mail servers</para>
+        </listitem>
+
+        <listitem>
+          <para>NS: name servers</para>
+        </listitem>
+
+        <listitem>
+          <para>PTR: reverse DNS entries</para>
+        </listitem>
+
+        <listitem>
+          <para>SRV: service entries</para>
+        </listitem>
+
+        <listitem>
+          <para>TXT: text records</para>
+        </listitem>
+      </itemizedlist></para>
+
+    <section>
+      <title>Configuration</title>
+
+      <para>Please open your LAM server profile configuration and add two
+      instances of the "Bind dyndb" account type. One for records and one for
+      zones.</para>
+
+      <screenshot>
+        <graphic fileref="images/mod_bind-dyndb-1.png"/>
+      </screenshot>
+
+      <para>The recommended settings are as follows. Please adapt if
+      needed.</para>
+
+      <para>DNS records:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>LDAP suffix: if you manage a single domain then use the DN of
+          the zone entry. If you manage multiple domains then use the DN under
+          which they are stored (e.g. the "nsContainer").</para>
+        </listitem>
+
+        <listitem>
+          <para>List attributes:
+          #idnsName;#aRecord;#aAAARecord;#cNAMERecord;#dNameRecord;#tXTRecord;#mxrecord;#srvrecord;#ptrrecord;#dnsttl</para>
+        </listitem>
+
+        <listitem>
+          <para>Custom label: DNS records</para>
+        </listitem>
+      </itemizedlist>
+
+      <para>DNS zones:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>LDAP suffix: use the DN under which the domains are stored
+          (e.g. the "nsContainer").</para>
+        </listitem>
+
+        <listitem>
+          <para>List attributes:
+          #idnsName;#aRecord;#aAAARecord;#cNAMERecord;#dNameRecord;#tXTRecord;#idnssoaserial</para>
+        </listitem>
+
+        <listitem>
+          <para>Custom label: DNS zones</para>
+        </listitem>
+      </itemizedlist>
+
+      <screenshot>
+        <graphic fileref="images/mod_bind-dyndb-2.png"/>
+      </screenshot>
+
+      <para>Next, switch to the modules tab. Here, select DNS records for your
+      record type and DNS zone for your zone type. Then you can save the
+      server profile and login to LAM.</para>
+
+      <screenshot>
+        <graphic fileref="images/mod_bind-dyndb-3.png"/>
+      </screenshot>
+    </section>
+
+    <section>
+      <title>DNS zones</title>
+
+      <para>This allows you to manage your DNS zones (SOA+NS records). You can
+      e.g. specify timeouts and name servers.</para>
+
+      <screenshot>
+        <graphic fileref="images/mod_bind-dyndb-4.png"/>
+      </screenshot>
+    </section>
+
+    <section>
+      <title>DNS entries</title>
+
+      <para>LAM supports the following DNS record types:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>A/AAAA: IP addresses</para>
+        </listitem>
+
+        <listitem>
+          <para>CNAME: alias names</para>
+        </listitem>
+
+        <listitem>
+          <para>DNAME: delegation name</para>
+        </listitem>
+
+        <listitem>
+          <para>MX: mail servers</para>
+        </listitem>
+
+        <listitem>
+          <para>PTR: reverse DNS entries</para>
+        </listitem>
+
+        <listitem>
+          <para>SRV: service entries</para>
+        </listitem>
+
+        <listitem>
+          <para>TXT: text records</para>
+        </listitem>
+      </itemizedlist>
+
+      <literallayout>
+</literallayout>
+
+      <para><emphasis role="bold">IP addresses (A/AAAA)</emphasis></para>
+
+      <para>Here you can enter IPv4 (A) or IPv6 (AAAA) addresses for a DNS
+      name.</para>
+
+      <screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/mod_bind-dyndb-5.png"/>
+          </imageobject>
+        </mediaobject>
+      </screenshot>
+
+      <literallayout>
+</literallayout>
+
+      <para><emphasis role="bold">Alias names (CNAME)</emphasis></para>
+
+      <para>Sometimes a DNS entry should simply point to a different DNS entry
+      (e.g. for migrations). This can be done by adding an alias name.</para>
+
+      <screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/mod_bind-dyndb-7.png"/>
+          </imageobject>
+        </mediaobject>
+      </screenshot>
+
+      <literallayout>
+</literallayout>
+
+      <para><emphasis role="bold">Alias names (DNAME)</emphasis></para>
+
+      <para>You can delegate a DNS zone to a different server.</para>
+
+      <screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/mod_bind-dyndb-11.png"/>
+          </imageobject>
+        </mediaobject>
+      </screenshot>
+
+      <literallayout>
+</literallayout>
+
+      <para><emphasis role="bold">Mail servers (MX)</emphasis></para>
+
+      <para>The mail server entries define where mails to a domain should be
+      delivered. The server with the lowest preference has the highest
+      priority.</para>
+
+      <screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/mod_bind-dyndb-8.png"/>
+          </imageobject>
+        </mediaobject>
+      </screenshot>
+
+      <literallayout>
+</literallayout>
+
+      <para><emphasis role="bold">Reverse DNS entries (PTR)</emphasis></para>
+
+      <para>Reverse DNS entries are important when you need to find the DNS
+      name that is associated with a given IP address. Reverse DNS entries are
+      stored in a separate DNS zone.</para>
+
+      <screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/mod_bind-dyndb-6.png"/>
+          </imageobject>
+        </mediaobject>
+      </screenshot>
+
+      <literallayout>
+</literallayout>
+
+      <para><emphasis role="bold">Services (SRV)</emphasis></para>
+
+      <para>Service records can be used to specify which servers provide
+      common services such as LDAP. Please note that the host name must be
+      _SERVICE._PROTOCOL (e.g. _ldap._tcp).</para>
+
+      <literallayout>
+</literallayout>
+
+      <para>Priority: The priority of the target host, lower value means more
+      preferred.</para>
+
+      <para>Weight: A relative weight for records with the same priority. E.g.
+      weights 20 and 80 for a service will result in 20% queries to the one
+      server and 80% to the other.</para>
+
+      <para>Port: The port number that is used for your service.</para>
+
+      <para>Server: DNS name where service can be reached (relative without or
+      absolute with dot at the end).</para>
+
+      <screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/mod_bind-dyndb-10.png"/>
+          </imageobject>
+        </mediaobject>
+      </screenshot>
+
+      <literallayout>
+</literallayout>
+
+      <para><emphasis role="bold">Text records (TXT)</emphasis></para>
+
+      <para>Text records can be added to store a description or other data
+      (e.g. SPF information).</para>
+
+      <screenshot>
+        <mediaobject>
+          <imageobject>
+            <imagedata fileref="images/mod_bind-dyndb-9.png"/>
+          </imageobject>
+        </mediaobject>
+      </screenshot>
+    </section>
+  </section>
+
  <section>
    <title>Bind DLZ (LAM Pro)</title>

@ -6033,13 +6367,15 @@ OK (10 msec)</programlisting>
    </screenshot>

    <para>In "Module settings" you can specify multiple scripts for each
-    action type (e.g. modify) and account type (e.g. user). The scripts need
-    to be located on the filesystem of your webserver and will be executed in
-    its user environment. E.g. if you webserver runs as user www-data with the
-    group www-data then the custom scripts will be run under this user with
-    his rights. The output of the scripts will be shown in LAM.</para>
+    action type (e.g. preModify) and account type (e.g. user). The scripts
+    need to be located on the filesystem of your webserver and will be
+    executed in its user environment. E.g. if you webserver runs as user
+    www-data with the group www-data then the custom scripts will be run under
+    this user with his rights. The output of the scripts will be shown in
+    LAM.</para>

-    <para>You can specify the scripts on the LAM configuration pages.</para>
+    <para>You can specify the scripts on the LAM configuration pages. Please
+    note that the syntax changed with version 9.2 (see below).</para>

    <screenshot>
      <mediaobject>
@ -6057,15 +6393,21 @@ OK (10 msec)</programlisting>
    <para><emphasis role="bold">Syntax:</emphasis></para>

    <para>Please enter one script per line. Each line has the following
-    format: &lt;account type&gt; &lt;action&gt; &lt;script&gt;</para>
+    format: &lt;action&gt; &lt;script&gt;</para>
+
+    <para>E.g.: preModify /usr/bin/myCustomScript -u $uid$</para>
+
+    <para><emphasis role="bold">Syntax (pre 9.2):</emphasis></para>
+
+    <para>Please enter one script per line. Each line has the following
+    format: <emphasis role="bold">&lt;account type&gt;</emphasis>
+    &lt;action&gt; &lt;script&gt;</para>

    <para>E.g.: user preModify /usr/bin/myCustomScript -u $uid$</para>

-    <para><emphasis role="bold">Account types:</emphasis></para>
-
-    <para>You can setup scripts for all available account types (e.g. user,
-    group, host, ...). Please see the help on the configuration page about
-    your current active account types.</para>
+    <para>Account types: You can setup scripts for all available account types
+    (e.g. user, group, host, ...). Please see the help on the configuration
+    page about your current active account types.</para>

    <para><emphasis role="bold">Actions:</emphasis></para>

@ -6242,6 +6584,11 @@ OK (10 msec)</programlisting>
        send password via email (yes|no)</para>
      </listitem>

+      <listitem>
+        <para><emphasis role="bold">$INFO.sendPasswordViaSms$:</emphasis> send
+        password via SMS (yes|no)</para>
+      </listitem>
+
      <listitem>
        <para><emphasis
        role="bold">$INFO.sendPasswordAlternateAddress$:</emphasis> alternate
@ -6282,14 +6629,10 @@ OK (10 msec)</programlisting>

    <para>Example:</para>

-    <literallayout>user preModify /opt/myapp/preModify.sh -u $uid$
-group postDelete /opt/myapp/postDelete.sh -g $gid$
+    <literallayout>preModify /opt/myapp/preModify.sh -u $uid$
 LAM_GROUP: Mail actions
-user manual LAMLABEL="Clean" /bin/myscripts/cleanMailbox -u $uid$
-user manual LAMLABEL="Extend" /bin/myscripts/extendMailbox -u $uid$
-LAM_GROUP: Sync actions
-user manual /bin/myscripts/syncWithCRM -u $uid$
-user manual LAMLABEL="Some app" /bin/myscripts/syncWithSomeApp -u $uid$
+manual LAMLABEL="Clean" /bin/myscripts/cleanMailbox -u $uid$
+manual LAMLABEL="Extend" /bin/myscripts/extendMailbox -u $uid$

 </literallayout>

@ -6350,10 +6693,10 @@ user manual LAMLABEL="Some app" /bin/myscripts/syncWithSomeApp -u $uid$
 LAM_SELECTION_TENANT: Tenant=foo;bar
 LAM_TEXT_COMMENT: Comment=no comment
 LAM_TEXT_AMOUNT: Amount
-user manual LAMLABEL="Clean" /bin/myscripts/cleanMailbox -u $uid$ -e $LAM_SELECTION_ENV$
-user manual LAMLABEL="Extend" /bin/myscripts/extendMailbox -u $uid$ -e $LAM_SELECTION_TENANT$
-user manual /bin/myscripts/syncWithCRM -u $uid$ -c $LAM_TEXT_COMMENT$
-user manual LAMLABEL="Some app" /bin/myscripts/syncWithSomeApp -u $uid$ -a $LAM_TEXT_AMOUNT$</literallayout>
+manual LAMLABEL="Clean" /bin/myscripts/cleanMailbox -u $uid$ -e $LAM_SELECTION_ENV$
+manual LAMLABEL="Extend" /bin/myscripts/extendMailbox -u $uid$ -e $LAM_SELECTION_TENANT$
+manual /bin/myscripts/syncWithCRM -u $uid$ -c $LAM_TEXT_COMMENT$
+manual LAMLABEL="Some app" /bin/myscripts/syncWithSomeApp -u $uid$ -a $LAM_TEXT_AMOUNT$</literallayout>

    <screenshot>
      <graphic fileref="images/customScripts4.png"/>
--- a/lam/docs/manual-sources/chapter-selfService.xml
+++ b/lam/docs/manual-sources/chapter-selfService.xml
@ -1457,20 +1457,25 @@

      <literallayout> </literallayout>

-      <para>LAM Pro can send your users an email with a confirmation link to
-      validate their email address. Of course, this should only be used if the
-      email account is independent from the user password (e.g. at external
-      provider) or you use the backup email address feature. The mail body
-      must include the confirmation link by using the special wildcard
-      "@@resetLink@@". Additionally, you may want to insert other wildcards
-      that are replaced by the corresponding LDAP attributes. E.g. "@@uid@@"
-      will be replaced by the user name.</para>
+      <para>LAM Pro can send your users an SMS/email with a confirmation link
+      to validate their SMS/email address. If you select to send an SMS then
+      the email mechanism will only be used if no mobile phone number was
+      found for this user. You also need to setup the <link
+      linkend="smsSetup">SMS settings</link>.</para>
+
+      <para>Confirmation mails should only be used if the email account is
+      independent from the user password (e.g. at external provider) or you
+      use the backup email address feature. The mail body must include the
+      confirmation link by using the special wildcard "@@resetLink@@".
+      Additionally, you may want to insert other wildcards that are replaced
+      by the corresponding LDAP attributes. E.g. "@@uid@@" will be replaced by
+      the user name.</para>

      <para>There is also an option to skip the security question at all if
      email verification is enabled. In this case the password can be reset
      directly after clicking on the confirmation link. Please handle with
-      care since anybody with access to the user's mail account can reset the
-      password.</para>
+      care since anybody with access to the user's SMS/mail account can reset
+      the password.</para>

      <para><emphasis role="bold">Captcha support</emphasis></para>

@ -1703,11 +1708,12 @@

              <entry>Label that is displayed on page</entry>

-              <entry>optional regular expression for validation (e.g.
-              "/^[0-9a-zA-Z]+$/")</entry>
+              <entry>Optional regular expression for validation (e.g.
+              "/^[0-9a-zA-Z]+$/"). For binary fields the file name will be
+              checked.</entry>

-              <entry>validation message if value does not match validation
-              expression</entry>
+              <entry>Validation message if value does not match validation
+              expression.</entry>
            </row>

            <row>
@ -1721,11 +1727,12 @@

              <entry>Label that is displayed on page</entry>

-              <entry>optional regular expression for validation (e.g.
-              "/^[0-9a-zA-Z]+$/")</entry>
+              <entry>Optional regular expression for validation (e.g.
+              "/^[0-9a-zA-Z]+$/"). For binary fields the file name will be
+              checked.</entry>

-              <entry>validation message if value does not match validation
-              expression</entry>
+              <entry>Validation message if value does not match validation
+              expression.</entry>
            </row>

            <row>
@ -1800,6 +1807,14 @@

      <para>constant::userAccountControl::512</para>

+      <literallayout>
+</literallayout>
+
+      <para>Binary file:</para>
+
+      <para>required::jpegPhoto;binary::Photo::/.jp(e)?g$/i::Please select a
+      JPG file</para>
+
      <literallayout>
 </literallayout>

--- a/lam/docs/manual-sources/images/configGeneral12.png
+++ b/lam/docs/manual-sources/images/configGeneral12.png
--- a/lam/docs/manual-sources/images/configProfiles4.png
+++ b/lam/docs/manual-sources/images/configProfiles4.png
--- a/lam/docs/manual-sources/images/customScripts.png
+++ b/lam/docs/manual-sources/images/customScripts.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-1.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-1.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-10.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-10.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-11.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-11.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-2.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-2.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-3.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-3.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-4.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-4.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-5.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-5.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-6.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-6.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-7.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-7.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-8.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-8.png
--- a/lam/docs/manual-sources/images/mod_bind-dyndb-9.png
+++ b/lam/docs/manual-sources/images/mod_bind-dyndb-9.png
--- a/lam/docs/manual-sources/images/mod_tak1.png
+++ b/lam/docs/manual-sources/images/mod_tak1.png
--- a/lam/docs/manual-sources/images/mod_tak2.png
+++ b/lam/docs/manual-sources/images/mod_tak2.png
--- a/lam/docs/manual-sources/images/password1.png
+++ b/lam/docs/manual-sources/images/password1.png
--- a/lam/docs/manual-sources/images/passwordReset2.png
+++ b/lam/docs/manual-sources/images/passwordReset2.png
--- a/lam/docs/manual-sources/images/passwordSelfReset1.png
+++ b/lam/docs/manual-sources/images/passwordSelfReset1.png
--- a/lam/docs/manual-sources/images/schema_bind9.png
+++ b/lam/docs/manual-sources/images/schema_bind9.png
--- a/lam/docs/manual-sources/images/schema_tak.png
+++ b/lam/docs/manual-sources/images/schema_tak.png
--- a/lam/docs/manual-sources/images/tree1.png
+++ b/lam/docs/manual-sources/images/tree1.png
--- a/lam/docs/manual-sources/overview.xml
+++ b/lam/docs/manual-sources/overview.xml
@ -16,7 +16,7 @@
  <para><ulink
  url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>

-  <para>Copyright (C) 2003 - 2024 Roland Gruber
+  <para>Copyright (C) 2003 - 2025 Roland Gruber
  &lt;post@rolandgruber.de&gt;</para>

  <para><emphasis role="bold">Key features:</emphasis></para>
@ -87,26 +87,15 @@
        <listitem>
          <para>Edge (max. 2 years old)</para>
        </listitem>
-
-        <listitem>
-          <para>Opera (max. 2 years old)</para>
-        </listitem>
      </itemizedlist>
    </listitem>
  </itemizedlist>

-  <para>The default password to edit the configuration options is
-  "lam".</para>
-
  <para><emphasis role="bold">License:</emphasis></para>

  <para>LAM is published under the GNU General Public License. The complete
  list of licenses can be found in the copyright file.</para>

-  <para><emphasis role="bold">Default password:</emphasis></para>
-
-  <para>The default password for the LAM configuration is "lam".</para>
-
  <literallayout>
 Have fun!
     The LAM development team</literallayout>
--- a/lam/docs/schema/tak-OpenLDAP.ldif
+++ b/lam/docs/schema/tak-OpenLDAP.ldif
@ -0,0 +1,33 @@
+#
+#  LDAP schema for LAM TAK functionality
+#
+#  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
+#  Copyright (C) 2025  Roland Gruber
+#
+#
+#  OID bases:
+#   1.3.6.1.4.1.34955   Roland Gruber Softwareentwicklung
+#   1.3.6.1.4.1.34955.1 attributes
+#   1.3.6.1.4.1.34955.2 object classes
+#
+#  Installation:
+#  ldapadd -x -W -H ldap://localhost -D "cn=admin,dc=company,dc=com" -f tak-OpenLDAP.ldif
+#
+#  Please replace "localhost" with your LDAP server and "cn=admin,dc=company,dc=com" with your LDAP admin user (usually starts with cn=admin or cn=manager).
+#
+#  In some cases you might need to import directly on the OpenLDAP server as root:
+#  ldapadd -Y EXTERNAL -H ldapi:/// -f tak-OpenLDAP.ldif
+#
+#  Version: 1
+#
+#  Changelog:
+#   1: initial release (LAM 9.2)
+#
+
+dn: cn=tak,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: tak
+olcAttributeTypes: ( 1.3.6.1.4.1.34955.1.100 NAME 'takCallsign' DESC 'TAK callsign' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.34955.1.101 NAME 'takRole' DESC 'TAK team role' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.34955.1.102 NAME 'takColor' DESC 'TAK team color' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.4.1.34955.2.10 NAME 'takUser' DESC 'TAK user' SUP top AUXILIARY MAY ( takCallsign $ takRole $ takColor ) MUST ( cn ) )
--- a/lam/docs/schema/tak-Samba4-attributes.ldif
+++ b/lam/docs/schema/tak-Samba4-attributes.ldif
@ -0,0 +1,58 @@
+#
+#  LDAP schema for LAM TAK functionality
+#
+#  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
+#  Copyright (C) 2025  Roland Gruber
+#
+#
+#  OID bases:
+#   1.3.6.1.4.1.34955   Roland Gruber Softwareentwicklung
+#   1.3.6.1.4.1.34955.1 attributes
+#   1.3.6.1.4.1.34955.2 object classes
+#
+#  Please replace DOMAIN_TOP_DN with your LDAP suffix (e.g. dc=samba4,dc=test).
+#  This file must be installed first.
+#
+#  Installation: ldbmodify -H /var/lib/samba/private/sam.ldb tak-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
+#
+#
+#  Version: 1
+#   1: initial release (LAM 9.2)
+#
+
+dn: CN=takCallsign,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.3.6.1.4.1.34955.1.100
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+rangeLower: 4
+cn: takCallsign
+name: takCallsign
+lDAPDisplayName: takCallsign
+description: TAK callsign
+
+dn: CN=takRole,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.3.6.1.4.1.34955.1.101
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+cn: takRole
+name: takRole
+lDAPDisplayName: takRole
+description: TAK team role
+
+dn: CN=takColor,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.3.6.1.4.1.34955.1.102
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+cn: takColor
+name: takColor
+LDAPDisplayName: takColor
+Description: TAK team color
--- a/lam/docs/schema/tak-Samba4-objectClass.ldif
+++ b/lam/docs/schema/tak-Samba4-objectClass.ldif
@ -0,0 +1,36 @@
+#
+#  LDAP schema for LAM TAK functionality
+#
+#  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
+#  Copyright (C) 2025  Roland Gruber
+#
+#
+#  OID bases:
+#   1.3.6.1.4.1.34955   Roland Gruber Softwareentwicklung
+#   1.3.6.1.4.1.34955.1 attributes
+#   1.3.6.1.4.1.34955.2 object classes
+#
+#  Please replace DOMAIN_TOP_DN with your LDAP suffix (e.g. dc=samba4,dc=test).
+#  This file must be installed second.
+#
+#  Installation: ldbmodify -H /var/lib/samba/private/sam.ldb tak-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true
+#
+#
+#  Version: 1
+#   1: initial release (LAM 9.2)
+#
+
+dn: CN=takUser,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+objectClass: top
+objectClass: classSchema
+governsID: 1.3.6.1.4.1.34955.2.10
+cn: takUser
+lDAPDisplayName: takUser
+subClassOf: top
+objectClassCategory: 3
+mustContain: cn
+mayContain: takCallsign
+mayContain: takRole
+mayContain: takColor
+description: TAK user
+possSuperiors: top
--- a/lam/docs/schema/tak-Windows.ldif
+++ b/lam/docs/schema/tak-Windows.ldif
@ -0,0 +1,100 @@
+#
+#  LDAP schema for LAM TAK functionality
+#
+#  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
+#  Copyright (C) 2025  Roland Gruber
+#
+#
+#  OID bases:
+#   1.3.6.1.4.1.34955   Roland Gruber Softwareentwicklung
+#   1.3.6.1.4.1.34955.1 attributes
+#   1.3.6.1.4.1.34955.2 object classes
+#
+#  Please replace DOMAIN_TOP_DN with your LDAP suffix (e.g. dc=windows,dc=test).
+#
+#  Installation: ldifde -v -i -f tak-Windows.ldif
+#
+#
+#  Version: 1
+#   1: initial release (LAM 9.2)
+#
+
+dn: CN=takCallsign,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.3.6.1.4.1.34955.1.100
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+rangeLower: 4
+cn: takCallsign
+name: takCallsign
+lDAPDisplayName: takCallsign
+description: TAK callsign
+
+dn: CN=takRole,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.3.6.1.4.1.34955.1.101
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+cn: takRole
+name: takRole
+lDAPDisplayName: takRole
+description: TAK team role
+
+dn: CN=takColor,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.3.6.1.4.1.34955.1.102
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+cn: takColor
+name: takColor
+LDAPDisplayName: takColor
+Description: TAK team color
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=takUser,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+changetype: add
+objectClass: top
+objectClass: classSchema
+governsID: 1.3.6.1.4.1.34955.2.10
+cn: takUser
+lDAPDisplayName: takUser
+subClassOf: top
+objectClassCategory: 3
+mustContain: cn
+mayContain: takCallsign
+mayContain: takRole
+mayContain: takColor
+description: TAK user
+possSuperiors: top
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DOMAIN_TOP_DN
+changetype: modify
+add: auxiliaryClass
+auxiliaryClass: takUser
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
--- a/lam/graphics/bind9.png
+++ b/lam/graphics/bind9.png
--- a/lam/graphics/compare.svg
+++ b/lam/graphics/compare.svg
@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-files" viewBox="0 0 16 16">
+  <path d="M13 0H6a2 2 0 0 0-2 2 2 2 0 0 0-2 2v10a2 2 0 0 0 2 2h7a2 2 0 0 0 2-2 2 2 0 0 0 2-2V2a2 2 0 0 0-2-2m0 13V4a2 2 0 0 0-2-2H5a1 1 0 0 1 1-1h7a1 1 0 0 1 1 1v10a1 1 0 0 1-1 1M3 4a1 1 0 0 1 1-1h7a1 1 0 0 1 1 1v10a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1z"/>
+</svg>
--- a/lam/graphics/list-add.svg
+++ b/lam/graphics/list-add.svg
@ -0,0 +1,8 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" version="1.1" viewBox="0 0 16 16">
+ <defs>
+  <style id="current-color-scheme" type="text/css">
+   .ColorScheme-Text { color:#444444; } .ColorScheme-Highlight { color:#4285f4; } .ColorScheme-NeutralText { color:#ff9800; } .ColorScheme-PositiveText { color:#4caf50; } .ColorScheme-NegativeText { color:#f44336; }
+  </style>
+ </defs>
+ <path style="fill:currentColor" class="ColorScheme-Text" d="M 4,0 C 4,0 3,0 3,1 V 15 L 8,12 13,15 V 1 C 13,1 13,0 12,0 Z M 7,3 H 9 V 5 H 11 V 7 H 9 V 9 H 7 V 7 H 5 V 5 H 7 Z"/>
+</svg>
--- a/lam/graphics/list-remove.svg
+++ b/lam/graphics/list-remove.svg
@ -0,0 +1,8 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" version="1.1">
+ <defs>
+  <style id="current-color-scheme" type="text/css">
+   .ColorScheme-Text { color:#444444; } .ColorScheme-Highlight { color:#4285f4; } .ColorScheme-NeutralText { color:#ff9800; } .ColorScheme-PositiveText { color:#4caf50; } .ColorScheme-NegativeText { color:#f44336; }
+  </style>
+ </defs>
+ <path style="fill:currentColor" class="ColorScheme-Text" d="M 4 0 C 4 0 3 0 3 1 L 3 15 L 8 12 L 13 15 L 13 1 C 13 1 13 0 12 0 L 4 0 z M 5 5 L 11 5 L 11 7 L 5 7 L 5 5 z"/>
+</svg>
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@ -5,7 +5,7 @@ use \LAM\TYPES\TypeManager;

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006 Michael Duergner
-                2003 - 2024 Roland Gruber
+                2003 - 2025 Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -42,9 +42,9 @@ if (isset($_SESSION['conf_config'])) {
 		$entry206Example .= "<b>" . $type->getAlias() . ":</b><br>\n";
 		$descriptions = $type->getBaseType()->getListAttributeDescriptions();
 		$attributes = array_keys($descriptions);
-		for ($a = 0; $a < sizeof($attributes); $a++) {
+		for ($a = 0; $a < count($attributes); $a++) {
 			$entry206Example .= "#" . $attributes[$a] . ": " . $descriptions[$attributes[$a]];
-			if ($a < (sizeof($attributes) - 1)) {
+			if ($a < (count($attributes) - 1)) {
 				$entry206Example .= ", ";
 			}
 		}
@ -239,7 +239,7 @@ $helpArray = [
 					"Text" => _("Please select if the connection should be encrypted via TLS, SSL or not at all.")
 				],
 				"257" => ["Headline" => _("Hide LDAP details on failed login"),
-					"Text" => _("If activated, LAM will not display and details why the login to LAM failed. Use this if you have high security requirements and want to prevent e.g. user name guessing.")
+					"Text" => _("If activated, LAM will not display any details why the login to LAM failed. Use this if you have high security requirements and want to prevent e.g. user name guessing.")
 				],
 				"258" => ["Headline" => _("Mail attribute"),
 					"Text" => _("This LDAP attribute contains the account's primary mail address.")
@ -300,6 +300,9 @@ $helpArray = [
 				"276" => ["Headline" => _('Database name'),
 					"Text" => _('This is the database name on the server.')
 				],
+				"277" => ["Headline" => _('CA certificate path'),
+					"Text" => _('For SSL-secured connections please enter the path to your CA certificate file.')
+				],
 				'280' => ["Headline" => _('Allow setting specific passwords'),
 					"Text" => _('Allows to set a specific password via input field.')
 				],
@ -333,7 +336,7 @@ $helpArray = [
 				'289' => ["Headline" => _('From address'),
 					"Text" => _('This email address will be set as sender address of the mails.')
 				],
-				'290' => ["Headline" => _('TO address'),
+				'290' => ["Headline" => _('To address'),
 					"Text" => _('This email address will be set as TO address for the mails.') . ' '
 						. _("Multiple values are separated by semicolon.")
 				],
@ -349,6 +352,33 @@ $helpArray = [
 				"294" => ["Headline" => _('Cron command'),
 					"Text" => _('Run this for global cleanup tasks. See manual for details.')
 				],
+				"295" => ["Headline" => _("Show deleted entries"),
+					"Text" => _("This enables to show deleted entries in \"CN=Deleted Objects\" for Active Directory.")
+				],
+				"296" => ["Headline" => _("SMS provider"),
+					"Text" => _("Please select the SMS provider that should be used for password and reset link sending.")
+				],
+				"297" => ["Headline" => _("API key"),
+					"Text" => _("Please enter the API key of your SMS provider.")
+				],
+				"298" => ["Headline" => _("Token"),
+					"Text" => _("Please enter the API token of your SMS provider.")
+				],
+				"298a" => ["Headline" => _("Account id"),
+					"Text" => _("Please enter the account id of your SMS provider.")
+				],
+				"299" => ["Headline" => _("Mobile phone attributes"),
+					"Text" => _("Please enter the LDAP attributes that should be checked to identify the user's mobile phone number.") . ' ' . _("Multiple values are separated by semicolon.")
+				],
+				"299a" => ["Headline" => _("Default country prefix"),
+					"Text" => _("Please enter the default country prefix for your phone numbers (e.g. '+49').")
+				],
+				"299b" => ["Headline" => _("From"),
+					"Text" => _("Please enter the phone number or messaging service ID that acts as the source of the message.")
+				],
+				"299c" => ["Headline" => _("Region"),
+					"Text" => _("Please enter the region ID for the SMS service.")
+				],
 				// 300 - 399
 				// profile/PDF editor, file upload
 				"301" => ["Headline" => _("RDN identifier"),
@ -408,6 +438,9 @@ $helpArray = [
 				"411" => ["Headline" => _("Font"),
 					"Text" => _("Please select the font for the PDF file. Dejavu will work on all systems but does not support e.g. Chinese and Japanese. The other fonts require that an appropriate font is installed on the system where the PDF is opened.")
 				],
+				"412" => ["Headline" => _("Send via SMS"),
+					"Text" => _("Sends the password to the user via SMS.")
+				],
 				// 500 - 599
 				// LAM Pro
 				"501" => ["Headline" => _("LDAP suffix"),
@ -539,6 +572,9 @@ $helpArray = [
 					"Text" => _('This email address will be set as To address of all mails.') . ' '
 						. _('Multiple values are separated by comma.')
 				],
+				"558" => ["Headline" => _("Send SMS"),
+					"Text" => _('Sends the confirmation link by SMS. If no phone number is found then an email will be sent.')
+				],
 				"560" => ["Headline" => _("Remember device"),
 					"Text" => _('This will remember your current device. You will not need to provide your 2nd factor for a configured period of time.')
 				],
--- a/lam/lib/2factor.inc
+++ b/lam/lib/2factor.inc
@ -7,8 +7,14 @@ use DateTime;
 use Duo\DuoUniversal\Client;
 use Duo\DuoUniversal\DuoException;
 use Exception;
+use Facile\OpenIDClient\Client\ClientBuilder;
+use Facile\OpenIDClient\Client\ClientInterface;
+use Facile\OpenIDClient\Client\Metadata\ClientMetadata;
+use Facile\OpenIDClient\Issuer\IssuerBuilder;
+use GuzzleHttp\Psr7\ServerRequest;
 use htmlResponsiveRow;
 use LAM\LOGIN\WEBAUTHN\WebauthnManager;
+use LAM_INTERFACE;
 use SelfServiceLoginHandler;
 use selfServiceProfile;
 use LAMConfig;
@ -23,7 +29,7 @@ use Webauthn\PublicKeyCredentialCreationOptions;

 /*
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2017 - 2024  Roland Gruber
+  Copyright (C) 2017 - 2025  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -65,7 +71,7 @@ interface TwoFactorProvider {
 	 * @param string $password password
 	 * @param string $serial serial number of token
 	 * @param string $twoFactorInput input for 2nd factor
-	 * @return boolean true if verified and false if verification failed
+	 * @return bool true if verified and false if verification failed
 	 * @throws Exception error during check
 	 */
 	public function verify2ndFactor($user, $password, $serial, $twoFactorInput);
@ -74,7 +80,7 @@ interface TwoFactorProvider {
 	 * Returns if the service has a custom input form.
 	 * In this case the token field is not displayed.
 	 *
-	 * @return has custom input form
+	 * @return bool has custom input form
 	 */
 	public function hasCustomInputForm();

@ -130,7 +136,7 @@ abstract class BaseProvider implements TwoFactorProvider {
 	 * Returns the value of the user attribute in LDAP.
 	 *
 	 * @param string $userDn user DN
-	 * @return string user name
+	 * @return string|null user name
 	 */
 	protected function getLoginAttributeValue($userDn) {
 		$attrName = $this->config->twoFactorAuthenticationSerialAttributeName;
@ -456,7 +462,7 @@ class DuoProvider extends BaseProvider {
 	 * @see BaseProvider::addCustomInput
 	 */
 	public function addCustomInput(&$row, $userDn) {
-		$pathPrefix = $this->config->isSelfService ? '../' : '';
+		$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/duo.png'));
 		if (!empty($_GET['duo_code'])) {
 			// authentication is verified
@ -607,7 +613,7 @@ class OktaProvider extends BaseProvider {
 			return;
 		}

-		$pathPrefix = $this->config->isSelfService ? '../' : '';
+		$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/okta.png'));
 		$_SESSION['okta_state'] = bin2hex(random_bytes(10));
 		$_SESSION['okta_code_verifier'] = bin2hex(random_bytes(50));
@ -792,7 +798,7 @@ class OpenIdProvider extends BaseProvider {
 			return;
 		}
 		$content = new htmlResponsiveRow();
-		$pathPrefix = $this->config->isSelfService ? '../' : '';
+		$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/openid.png'));
 		include_once __DIR__ . '/3rdParty/composer/autoload.php';
 		try {
@ -831,10 +837,10 @@ class OpenIdProvider extends BaseProvider {
 	/**
 	 * Returns the client object.
 	 *
-	 * @return \Facile\OpenIDClient\Client\Client client
+	 * @return ClientInterface client
 	 */
-	private function getOpenIdClient(): \Facile\OpenIDClient\Client\Client {
-		$issuer = (new \Facile\OpenIDClient\Issuer\IssuerBuilder())->build($this->config->twoFactorAuthenticationURL . '/.well-known/openid-configuration');
+	private function getOpenIdClient(): ClientInterface {
+		$issuer = (new IssuerBuilder())->build($this->config->twoFactorAuthenticationURL . '/.well-known/openid-configuration');
 		$meta = [
 			'client_id' => $this->config->twoFactorAuthenticationClientId,
 			'client_secret' => $this->config->twoFactorAuthenticationSecretKey,
@ -843,8 +849,8 @@ class OpenIdProvider extends BaseProvider {
 		if (!empty($_GET['redirect_uri'])) {
 			$meta['redirect_uri'] = $_GET['redirect_uri'];
 		}
-		$clientMetadata = \Facile\OpenIDClient\Client\Metadata\ClientMetadata::fromArray($meta);
-		return (new \Facile\OpenIDClient\Client\ClientBuilder())
+		$clientMetadata = ClientMetadata::fromArray($meta);
+		return (new ClientBuilder())
 			->setIssuer($issuer)
 			->setClientMetadata($clientMetadata)
 			->build();
@ -874,7 +880,7 @@ class OpenIdProvider extends BaseProvider {
 		include_once __DIR__ . '/3rdParty/composer/autoload.php';
 		$client = $this->getOpenIdClient();
 		$authorizationService = $this->getAuthorizationService();
-		$serverRequest = \GuzzleHttp\Psr7\ServerRequest::fromGlobals();
+		$serverRequest = ServerRequest::fromGlobals();
 		try {
 			$callbackParams = $authorizationService->getCallbackParams($serverRequest, $client);
 			$tokenSet = $authorizationService->callback($client, $callbackParams, $_GET['redirect_uri']);
@ -971,8 +977,8 @@ class WebauthnProvider extends BaseProvider {
 			$row->add(new htmlStatusMessage('INFO', _('Please register a security device.')));
 		}
 		$row->addVerticalSpacer('2rem');
-		$pathPrefix = $this->config->isSelfService ? '../' : '';
-		$selfServiceParam = $this->config->isSelfService ? 'true' : 'false';
+		$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
+		$selfServiceParam = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? 'selfservice=true' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg', '50%'));
 		$row->addVerticalSpacer('1rem');
 		$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.'));
@ -990,7 +996,9 @@ class WebauthnProvider extends BaseProvider {
 		$errorMessageDiv->addDataAttribute('button', _('Ok'));
 		$errorMessageDiv->addDataAttribute('title', _('WebAuthn failed'));
 		$row->add($errorMessageDiv);
-		$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', ' . $selfServiceParam . ');'), 0);
+		$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', \'' . $selfServiceParam . '\',' .
+			' \'' . _('Do you want to set a name for this device?') . '\', \'' . _('Name') . '\',' .
+			' \'' . _('Ok') . '\', \'' . _('Cancel') . '\');'), 0);
 	}

 	/**
@ -1024,7 +1032,14 @@ class WebauthnProvider extends BaseProvider {
 			}
 			$response = base64_decode($_POST['sig_response']);
 			$registrationObject = PublicKeyCredentialCreationOptions::createFromString($_SESSION['webauthn_registration']);
-			return $webauthnManager->storeNewRegistration($registrationObject, $response);
+			if (!$webauthnManager->storeNewRegistration($registrationObject, $response)) {
+				return false;
+			}
+			if (!empty($_POST['newName'])) {
+				$deviceList = $webauthnManager->getDatabase()->findAllForUserDn($userDn);
+				$webauthnManager->getDatabase()->updateDeviceName($userDn, base64_encode($deviceList[0]->getPublicKeyCredentialId()), $_POST['newName']);
+			}
+			return true;
 		}
 		else {
 			logNewMessage(LOG_DEBUG, 'Checking WebAuthn response of ' . $userDn);
@ -1072,7 +1087,7 @@ class TwoFactorProviderService {
 	 *
 	 * @param selfServiceProfile|LAMConfig $configObj profile
 	 */
-	public function __construct(&$configObj) {
+	public function __construct(selfServiceProfile|LAMConfig $configObj) {
 		if ($configObj instanceof selfServiceProfile) {
 			$this->config = $this->getConfigSelfService($configObj);
 		}
@ -1084,7 +1099,6 @@ class TwoFactorProviderService {
 	/**
 	 * Returns the provider for the given type.
 	 *
-	 * @param string $type authentication type
 	 * @return TwoFactorProvider provider
 	 * @throws Exception unable to get provider
 	 */
@ -1231,7 +1245,7 @@ class TwoFactorProviderService {
 	 */
 	private function getConfigSelfService(&$profile): TwoFactorConfiguration {
 		$tfConfig = new TwoFactorConfiguration();
-		$tfConfig->isSelfService = true;
+		$tfConfig->interface = LAM_INTERFACE::SELF_SERVICE;
 		$tfConfig->twoFactorAuthentication = $profile->twoFactorAuthentication;
 		$tfConfig->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
 		$tfConfig->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
@ -1281,7 +1295,7 @@ class TwoFactorProviderService {
 	 */
 	private function getConfigAdmin($conf): TwoFactorConfiguration {
 		$tfConfig = new TwoFactorConfiguration();
-		$tfConfig->isSelfService = false;
+		$tfConfig->interface = LAM_INTERFACE::ADMIN;
 		$tfConfig->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
 		$tfConfig->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
 		$tfConfig->twoFactorAuthenticationOptional = $conf->getTwoFactorAuthenticationOptional();
@ -1327,10 +1341,8 @@ class TwoFactorProviderService {
 */
 class TwoFactorConfiguration {

-	/**
-	 * @var bool is self service
-	 */
-	public bool $isSelfService = false;
+	/** LAM UI */
+	public LAM_INTERFACE $interface = LAM_INTERFACE::ADMIN;

 	/**
 	 * @var ?string provider id
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/CODE_OF_CONDUCT.md
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/CODE_OF_CONDUCT.md
@ -0,0 +1,4 @@
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+opensource-codeofconduct@amazon.com with any additional questions or comments.
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/LICENSE
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/LICENSE
@ -0,0 +1,175 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/NOTICE
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/NOTICE
@ -0,0 +1 @@
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/README.md
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/README.md
@ -0,0 +1,117 @@
+# AWS Common Runtime PHP bindings
+
+## Requirements
+
+* PHP 5.5+ on UNIX platforms, 7.2+ on Windows
+* CMake 3.x
+* GCC 4.4+, clang 3.8+ on UNIX, Visual Studio build tools on Windows
+* Tests require [Composer](https://getcomposer.org)
+
+## Installing with Composer and PECL
+
+The package has two different package published to [composer](https://packagist.org/packages/aws/aws-crt-php) and [PECL](https://pecl.php.net/package/awscrt).
+
+On UNIX, you can get the package from package manager or build from source:
+
+```
+pecl install awscrt
+composer require aws/aws-crt-php
+```
+
+On Windows, you need to build from source as instruction written below for the native extension `php_awscrt.dll` . And, follow https://www.php.net/manual/en/install.pecl.windows.php#install.pecl.windows.loading to load extension. After that:
+
+```
+composer require aws/aws-crt-php
+```
+
+## Building from Github source
+
+```sh
+$ git clone --recursive https://github.com/awslabs/aws-crt-php.git
+$ cd aws-crt-php
+$ phpize
+$ ./configure
+$ make
+$ ./dev-scripts/run_tests.sh
+```
+
+## Building on Windows
+
+### Requirements for Windows
+
+* Ensure you have the [windows PHP SDK](https://github.com/microsoft/php-sdk-binary-tools) (this example assumes installation of the SDK to C:\php-sdk and that you've checked out the PHP source to php-src within the build directory) and it works well on your machine.
+
+* Ensure you have "Development package (SDK to develop PHP extensions)" and PHP available from your system path. You can download them from https://windows.php.net/download/. You can check if they are available by running `phpize -v` and `php -v`
+
+### Instructions
+
+From Command Prompt (not powershell). The instruction is based on Visual Studio 2019 on 64bit Windows.
+
+```bat
+> git clone --recursive https://github.com/awslabs/aws-crt-php.git
+> git clone https://github.com/microsoft/php-sdk-binary-tools.git C:\php-sdk
+> C:\php-sdk\phpsdk-vs16-x64.bat
+
+C:\php-sdk\
+$ cd <your-path-to-aws-crt-php>
+
+<your-path-to-aws-crt-php>\
+$ phpize
+
+# --with-prefix only required when your php runtime in system path is different than the runtime you wish to use.
+<your-path-to-aws-crt-php>\
+$ configure --enable-awscrt=shared --with-prefix=<your-path-to-php-prefix>
+
+<your-path-to-aws-crt-php>\
+$ nmake
+
+<your-path-to-aws-crt-php>\
+$ nmake generate-php-ini
+
+# check .\php-win.ini, it now has the full path to php_awscrt.dll that you can manually load to your php runtime, or you can run the following command to run tests and load the required native extension for awscrt.
+<your-path-to-aws-crt-php>\
+$ .\dev-scripts\run_tests.bat <your-path-to-php-binary>
+```
+
+Note: for VS2017, Cmake will default to build for Win32, refer to [here](https://cmake.org/cmake/help/latest/generator/Visual%20Studio%2015%202017.html). If you are building for x64 php, you can set environment variable as follow to let cmake pick x64 compiler.
+
+```bat
+set CMAKE_GENERATOR=Visual Studio 15 2017
+set CMAKE_GENERATOR_PLATFORM=x64
+```
+
+## Debugging
+
+Using [PHPBrew](https://github.com/phpbrew/phpbrew) to build/manage multiple versions of PHP is helpful.
+
+Note: You must use a debug build of PHP to debug native extensions.
+See the [PHP Internals Book](https://www.phpinternalsbook.com/php7/build_system/building_php.html) for more info
+
+```shell
+# PHP 8 example
+$ phpbrew install --stdout -j 8 8.0 +default -- CFLAGS=-Wno-error --disable-cgi --enable-debug
+# PHP 5.5 example
+$ phpbrew install --stdout -j 8 5.5 +default -openssl -mbstring -- CFLAGS="-w -Wno-error" --enable-debug --with-zlib=/usr/local/opt/zlib
+$ phpbrew switch php-8.0.6 # or whatever version is current, it'll be at the end of the build output
+$ phpize
+$ ./configure
+$ make CMAKE_BUILD_TYPE=Debug
+```
+
+Ensure that the php you launch from your debugger is the result of `which php` , not just
+the system default php.
+
+## Security
+
+See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
+
+## Known OpenSSL related issue (Unix only)
+
+* When your php loads a different version of openssl than your system openssl version, awscrt may fail to load or weirdly crash. You can find the openssl version php linked via: `php -i | grep 'OpenSSL'`, and awscrt linked from the build log, which will be `Found OpenSSL: * (found version *)`
+
+The easiest workaround to those issue is to build from source and get aws-lc for awscrt to depend on instead.
+TO do that, same instructions as [here](#building-from-github-source), but use `USE_OPENSSL=OFF make` instead of `make`
+
+## License
+
+This project is licensed under the Apache-2.0 License.
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/composer.json
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/composer.json
@ -0,0 +1,35 @@
+{
+    "name": "aws/aws-crt-php",
+    "homepage": "https://github.com/awslabs/aws-crt-php",
+    "description": "AWS Common Runtime for PHP",
+    "keywords": ["aws","amazon","sdk","crt"],
+    "type": "library",
+    "authors": [
+        {
+            "name": "AWS SDK Common Runtime Team",
+            "email": "aws-sdk-common-runtime@amazon.com"
+        }
+    ],
+    "minimum-stability": "alpha",
+    "require": {
+        "php": ">=5.5"
+    },
+    "require-dev": {
+        "phpunit/phpunit":"^4.8.35||^5.6.3||^9.5",
+        "yoast/phpunit-polyfills": "^1.0"
+    },
+    "autoload": {
+        "classmap": [
+            "src/"
+        ]
+    },
+    "suggest": {
+        "ext-awscrt": "Make sure you install awscrt native extension to use any of the functionality."
+    },
+    "scripts": {
+        "test": "./dev-scripts/run_tests.sh",
+        "test-extension": "@test",
+        "test-win": ".\\dev-scripts\\run_tests.bat"
+    },
+    "license": "Apache-2.0"
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/format-check.py
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/format-check.py
@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+import argparse
+import os
+from pathlib import Path
+import re
+from subprocess import list2cmdline, run
+from tempfile import NamedTemporaryFile
+
+CLANG_FORMAT_VERSION = '18.1.6'
+
+INCLUDE_REGEX = re.compile(r'^ext/.*\.(c|h|inl)$')
+EXCLUDE_REGEX = re.compile(r'^$')
+
+arg_parser = argparse.ArgumentParser(description="Check with clang-format")
+arg_parser.add_argument('-i', '--inplace-edit', action='store_true',
+                        help="Edit files inplace")
+args = arg_parser.parse_args()
+
+os.chdir(Path(__file__).parent)
+
+# create file containing list of all files to format
+filepaths_file = NamedTemporaryFile(delete=False)
+for dirpath, dirnames, filenames in os.walk('.'):
+    for filename in filenames:
+        # our regexes expect filepath to use forward slash
+        filepath = Path(dirpath, filename).as_posix()
+        if not INCLUDE_REGEX.match(filepath):
+            continue
+        if EXCLUDE_REGEX.match(filepath):
+            continue
+
+        filepaths_file.write(f"{filepath}\n".encode())
+filepaths_file.close()
+
+# use pipx to run clang-format from PyPI
+# this is a simple way to run the same clang-format version regardless of OS
+cmd = ['pipx', 'run', f'clang-format=={CLANG_FORMAT_VERSION}',
+       f'--files={filepaths_file.name}']
+if args.inplace_edit:
+    cmd += ['-i']
+else:
+    cmd += ['--Werror', '--dry-run']
+
+print(f"{Path.cwd()}$ {list2cmdline(cmd)}")
+if run(cmd).returncode:
+    exit(1)
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/AwsCredentials.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/AwsCredentials.php
@ -0,0 +1,69 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+use AWS\CRT\NativeResource as NativeResource;
+use AWS\CRT\Options as Options;
+
+/**
+ * Represents a set of AWS credentials
+ *
+ * @param array options:
+ * - string access_key_id - AWS Access Key Id
+ * - string secret_access_key - AWS Secret Access Key
+ * - string session_token - Optional STS session token
+ * - int expiration_timepoint_seconds - Optional time to expire these credentials
+ */
+final class AwsCredentials extends NativeResource {
+
+    static function defaults() {
+        return [
+            'access_key_id' => '',
+            'secret_access_key' => '',
+            'session_token' => '',
+            'expiration_timepoint_seconds' => 0,
+        ];
+    }
+
+    private $access_key_id;
+    private $secret_access_key;
+    private $session_token;
+    private $expiration_timepoint_seconds = 0;
+
+    public function __get($name) {
+        return $this->$name;
+    }
+
+    function __construct(array $options = []) {
+        parent::__construct();
+
+        $options = new Options($options, self::defaults());
+        $this->access_key_id = $options->access_key_id->asString();
+        $this->secret_access_key = $options->secret_access_key->asString();
+        $this->session_token = $options->session_token ? $options->session_token->asString() : null;
+        $this->expiration_timepoint_seconds = $options->expiration_timepoint_seconds->asInt();
+
+        if (strlen($this->access_key_id) == 0) {
+            throw new \InvalidArgumentException("access_key_id must be provided");
+        }
+        if (strlen($this->secret_access_key) == 0) {
+            throw new \InvalidArgumentException("secret_access_key must be provided");
+        }
+
+        $creds_options = self::$crt->aws_credentials_options_new();
+        self::$crt->aws_credentials_options_set_access_key_id($creds_options, $this->access_key_id);
+        self::$crt->aws_credentials_options_set_secret_access_key($creds_options, $this->secret_access_key);
+        self::$crt->aws_credentials_options_set_session_token($creds_options, $this->session_token);
+        self::$crt->aws_credentials_options_set_expiration_timepoint_seconds($creds_options, $this->expiration_timepoint_seconds);
+        $this->acquire(self::$crt->aws_credentials_new($creds_options));
+        self::$crt->aws_credentials_options_release($creds_options);
+    }
+
+    function __destruct() {
+        self::$crt->aws_credentials_release($this->release());
+        parent::__destruct();
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/CredentialsProvider.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/CredentialsProvider.php
@ -0,0 +1,23 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+use AWS\CRT\NativeResource as NativeResource;
+
+/**
+ * Base class for credentials providers
+ */
+abstract class CredentialsProvider extends NativeResource {
+
+    function __construct(array $options = []) {
+        parent::__construct();
+    }
+
+    function __destruct() {
+        self::$crt->credentials_provider_release($this->release());
+        parent::__destruct();
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/Signable.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/Signable.php
@ -0,0 +1,43 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+use AWS\CRT\IO\InputStream;
+use AWS\CRT\NativeResource as NativeResource;
+
+class Signable extends NativeResource {
+
+    public static function fromHttpRequest($http_message) {
+        return new Signable(function() use ($http_message) {
+            return self::$crt->signable_new_from_http_request($http_message->native);
+        });
+    }
+
+    public static function fromChunk($chunk_stream, $previous_signature="") {
+        if (!($chunk_stream instanceof InputStream)) {
+            $chunk_stream = new InputStream($chunk_stream);
+        }
+        return new Signable(function() use($chunk_stream, $previous_signature) {
+            return self::$crt->signable_new_from_chunk($chunk_stream->native, $previous_signature);
+        });
+    }
+
+    public static function fromCanonicalRequest($canonical_request) {
+        return new Signable(function() use($canonical_request) {
+            return self::$crt->signable_new_from_canonical_request($canonical_request);
+        });
+    }
+
+    protected function __construct($ctor) {
+        parent::__construct();
+        $this->acquire($ctor());
+    }
+
+    function __destruct() {
+        self::$crt->signable_release($this->release());
+        parent::__destruct();
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SignatureType.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SignatureType.php
@ -0,0 +1,15 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+class SignatureType {
+    const HTTP_REQUEST_HEADERS = 0;
+    const HTTP_REQUEST_QUERY_PARAMS = 1;
+    const HTTP_REQUEST_CHUNK = 2;
+    const HTTP_REQUEST_EVENT = 3;
+    const CANONICAL_REQUEST_HEADERS = 4;
+    const CANONICAL_REQUEST_QUERY_PARAMS = 5;
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SignedBodyHeaderType.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SignedBodyHeaderType.php
@ -0,0 +1,11 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+class SignedBodyHeaderType {
+    const NONE = 0;
+    const X_AMZ_CONTENT_SHA256 = 1;
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/Signing.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/Signing.php
@ -0,0 +1,22 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+use AWS\CRT\NativeResource;
+
+abstract class Signing extends NativeResource {
+    static function signRequestAws($signable, $signing_config, $on_complete) {
+        return self::$crt->sign_request_aws($signable->native, $signing_config->native,
+            function($result, $error_code) use ($on_complete) {
+                $signing_result = SigningResult::fromNative($result);
+                $on_complete($signing_result, $error_code);
+            }, null);
+    }
+
+    static function testVerifySigV4ASigning($signable, $signing_config, $expected_canonical_request, $signature, $ecc_key_pub_x, $ecc_key_pub_y) {
+        return self::$crt->test_verify_sigv4a_signing($signable, $signing_config, $expected_canonical_request, $signature, $ecc_key_pub_x, $ecc_key_pub_y);
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningAlgorithm.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningAlgorithm.php
@ -0,0 +1,11 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+class SigningAlgorithm {
+    const SIGv4 = 0;
+    const SIGv4_ASYMMETRIC = 1;
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningConfigAWS.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningConfigAWS.php
@ -0,0 +1,75 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+use AWS\CRT\NativeResource as NativeResource;
+use AWS\CRT\Options as Options;
+
+class SigningConfigAWS extends NativeResource {
+
+    public static function defaults() {
+        return [
+            'algorithm' => SigningAlgorithm::SIGv4,
+            'signature_type' => SignatureType::HTTP_REQUEST_HEADERS,
+            'credentials_provider' => null,
+            'region' => null,
+            'service' => null,
+            'use_double_uri_encode' => false,
+            'should_normalize_uri_path' => false,
+            'omit_session_token' => false,
+            'signed_body_value' => null,
+            'signed_body_header_type' => SignedBodyHeaderType::NONE,
+            'expiration_in_seconds' => 0,
+            'date' => time(),
+            'should_sign_header' => null,
+        ];
+    }
+
+    private $options;
+
+    public function __construct(array $options = []) {
+        parent::__construct();
+        $this->options = $options = new Options($options, self::defaults());
+        $sc = $this->acquire(self::$crt->signing_config_aws_new());
+        self::$crt->signing_config_aws_set_algorithm($sc, $options->algorithm->asInt());
+        self::$crt->signing_config_aws_set_signature_type($sc, $options->signature_type->asInt());
+        if ($credentials_provider = $options->credentials_provider->asObject()) {
+            self::$crt->signing_config_aws_set_credentials_provider(
+                $sc,
+                $credentials_provider->native);
+        }
+        self::$crt->signing_config_aws_set_region(
+            $sc, $options->region->asString());
+        self::$crt->signing_config_aws_set_service(
+            $sc, $options->service->asString());
+        self::$crt->signing_config_aws_set_use_double_uri_encode(
+            $sc, $options->use_double_uri_encode->asBool());
+        self::$crt->signing_config_aws_set_should_normalize_uri_path(
+            $sc, $options->should_normalize_uri_path->asBool());
+        self::$crt->signing_config_aws_set_omit_session_token(
+            $sc, $options->omit_session_token->asBool());
+        self::$crt->signing_config_aws_set_signed_body_value(
+            $sc, $options->signed_body_value->asString());
+        self::$crt->signing_config_aws_set_signed_body_header_type(
+            $sc, $options->signed_body_header_type->asInt());
+        self::$crt->signing_config_aws_set_expiration_in_seconds(
+            $sc, $options->expiration_in_seconds->asInt());
+        self::$crt->signing_config_aws_set_date($sc, $options->date->asInt());
+        if ($should_sign_header = $options->should_sign_header->asCallable()) {
+            self::$crt->signing_config_aws_set_should_sign_header_fn($sc, $should_sign_header);
+        }
+    }
+
+    function __destruct()
+    {
+        self::$crt->signing_config_aws_release($this->release());
+        parent::__destruct();
+    }
+
+    public function __get($name) {
+        return $this->options->get($name);
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningResult.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/SigningResult.php
@ -0,0 +1,33 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+use AWS\CRT\NativeResource;
+use AWS\CRT\HTTP\Request;
+
+class SigningResult extends NativeResource {
+    protected function __construct($native) {
+        parent::__construct();
+
+        $this->acquire($native);
+    }
+
+    function __destruct() {
+        // No destruction necessary, SigningResults are transient, just release
+        $this->release();
+        parent::__destruct();
+    }
+
+    public static function fromNative($ptr) {
+        return new SigningResult($ptr);
+    }
+
+    public function applyToHttpRequest(&$http_request) {
+        self::$crt->signing_result_apply_to_http_request($this->native, $http_request->native);
+        // Update http_request from native
+        $http_request = Request::unmarshall($http_request->toBlob());
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/StaticCredentialsProvider.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/Auth/StaticCredentialsProvider.php
@ -0,0 +1,35 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\Auth;
+
+/**
+ * Provides a static set of AWS credentials
+ *
+ * @param array options:
+ * - string access_key_id - AWS Access Key Id
+ * - string secret_access_key - AWS Secret Access Key
+ * - string session_token - Optional STS session token
+ */
+final class StaticCredentialsProvider extends CredentialsProvider {
+
+    private $credentials;
+
+    public function __get($name) {
+        return $this->$name;
+    }
+
+    function __construct(array $options = []) {
+        parent::__construct();
+        $this->credentials = new AwsCredentials($options);
+
+        $provider_options = self::$crt->credentials_provider_static_options_new();
+        self::$crt->credentials_provider_static_options_set_access_key_id($provider_options, $this->credentials->access_key_id);
+        self::$crt->credentials_provider_static_options_set_secret_access_key($provider_options, $this->credentials->secret_access_key);
+        self::$crt->credentials_provider_static_options_set_session_token($provider_options, $this->credentials->session_token);
+        $this->acquire(self::$crt->credentials_provider_static_new($provider_options));
+        self::$crt->credentials_provider_static_options_release($provider_options);
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/CRT.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/CRT.php
@ -0,0 +1,358 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT;
+
+use AWS\CRT\Internal\Extension;
+
+use \RuntimeException;
+
+/**
+ * Wrapper for the interface to the CRT. There only ever needs to be one of these, but
+ * additional instances won't cost anything other than their memory.
+ * Creating an instance of any NativeResource will activate the CRT binding. User code
+ * should only need to create one of these if they are only accessing CRT:: static functions.
+ */
+final class CRT {
+
+    private static $impl = null;
+    private static $refcount = 0;
+
+    function __construct() {
+        if (is_null(self::$impl)) {
+            try {
+                self::$impl = new Extension();
+            } catch (RuntimeException $rex) {
+                throw new RuntimeException("Unable to initialize AWS CRT via awscrt extension: \n$rex", -1);
+            }
+        }
+        ++self::$refcount;
+    }
+
+    function __destruct() {
+        if (--self::$refcount == 0) {
+            self::$impl = null;
+        }
+    }
+
+    /**
+     * @return bool whether or not the CRT is currently loaded
+     */
+    public static function isLoaded() {
+        return !is_null(self::$impl);
+    }
+
+    /**
+     * @return bool whether or not the CRT is available via one of the possible backends
+     */
+    public static function isAvailable() {
+        try {
+            new CRT();
+            return true;
+        } catch (RuntimeException $ex) {
+            return false;
+        }
+    }
+
+    /**
+     * @return integer last error code reported within the CRT
+     */
+    public static function last_error() {
+        return self::$impl->aws_crt_last_error();
+    }
+
+    /**
+     * @param integer $error Error code from the CRT, usually delivered via callback or {@see last_error}
+     * @return string Human-readable description of the provided error code
+     */
+    public static function error_str($error) {
+        return self::$impl->aws_crt_error_str((int) $error);
+    }
+
+    /**
+     * @param integer $error Error code from the CRT, usually delivered via callback or {@see last_error}
+     * @return string Name/enum identifier for the provided error code
+     */
+    public static function error_name($error) {
+        return self::$impl->aws_crt_error_name((int) $error);
+    }
+
+    public static function log_to_stdout() {
+        return self::$impl->aws_crt_log_to_stdout();
+    }
+
+    public static function log_to_stderr() {
+        return self::$impl->aws_crt_log_to_stderr();
+    }
+
+    public static function log_to_file($filename) {
+        return self::$impl->aws_crt_log_to_file($filename);
+    }
+
+    public static function log_to_stream($stream) {
+        return self::$impl->aws_crt_log_to_stream($stream);
+    }
+
+    public static function log_set_level($level) {
+        return self::$impl->aws_crt_log_set_level($level);
+    }
+
+    public static function log_stop() {
+        return self::$impl->aws_crt_log_stop();
+    }
+
+    public static function log_message($level, $message) {
+        return self::$impl->aws_crt_log_message($level, $message);
+    }
+
+    /**
+     * @return object Pointer to native event_loop_group_options
+     */
+    function event_loop_group_options_new() {
+        return self::$impl->aws_crt_event_loop_group_options_new();
+    }
+
+    /**
+     * @param object $elg_options Pointer to native event_loop_group_options
+     */
+    function event_loop_group_options_release($elg_options) {
+        self::$impl->aws_crt_event_loop_group_options_release($elg_options);
+    }
+
+    /**
+     * @param object $elg_options Pointer to native event_loop_group_options
+     * @param integer $max_threads Maximum number of threads to allow the event loop group to use, default: 0/1 per CPU core
+     */
+    function event_loop_group_options_set_max_threads($elg_options, $max_threads) {
+        self::$impl->aws_crt_event_loop_group_options_set_max_threads($elg_options, (int)$max_threads);
+    }
+
+    /**
+     * @param object Pointer to event_loop_group_options, {@see event_loop_group_options_new}
+     * @return object Pointer to the new event loop group
+     */
+    function event_loop_group_new($options) {
+        return self::$impl->aws_crt_event_loop_group_new($options);
+    }
+
+    /**
+     * @param object $elg Pointer to the event loop group to release
+     */
+    function event_loop_group_release($elg) {
+        self::$impl->aws_crt_event_loop_group_release($elg);
+    }
+
+    /**
+     * return object Pointer to native AWS credentials options
+     */
+    function aws_credentials_options_new() {
+        return self::$impl->aws_crt_credentials_options_new();
+    }
+
+    function aws_credentials_options_release($options) {
+        self::$impl->aws_crt_credentials_options_release($options);
+    }
+
+    function aws_credentials_options_set_access_key_id($options, $access_key_id) {
+        self::$impl->aws_crt_credentials_options_set_access_key_id($options, $access_key_id);
+    }
+
+    function aws_credentials_options_set_secret_access_key($options, $secret_access_key) {
+        self::$impl->aws_crt_credentials_options_set_secret_access_key($options, $secret_access_key);
+    }
+
+    function aws_credentials_options_set_session_token($options, $session_token) {
+        self::$impl->aws_crt_credentials_options_set_session_token($options, $session_token);
+    }
+
+    function aws_credentials_options_set_expiration_timepoint_seconds($options, $expiration_timepoint_seconds) {
+        self::$impl->aws_crt_credentials_options_set_expiration_timepoint_seconds($options, $expiration_timepoint_seconds);
+    }
+
+    function aws_credentials_new($options) {
+        return self::$impl->aws_crt_credentials_new($options);
+    }
+
+    function aws_credentials_release($credentials) {
+        self::$impl->aws_crt_credentials_release($credentials);
+    }
+
+    function credentials_provider_release($provider) {
+        self::$impl->aws_crt_credentials_provider_release($provider);
+    }
+
+    function credentials_provider_static_options_new() {
+        return self::$impl->aws_crt_credentials_provider_static_options_new();
+    }
+
+    function credentials_provider_static_options_release($options) {
+        self::$impl->aws_crt_credentials_provider_static_options_release($options);
+    }
+
+    function credentials_provider_static_options_set_access_key_id($options, $access_key_id) {
+        self::$impl->aws_crt_credentials_provider_static_options_set_access_key_id($options, $access_key_id);
+    }
+
+    function credentials_provider_static_options_set_secret_access_key($options, $secret_access_key) {
+        self::$impl->aws_crt_credentials_provider_static_options_set_secret_access_key($options, $secret_access_key);
+    }
+
+    function credentials_provider_static_options_set_session_token($options, $session_token) {
+        self::$impl->aws_crt_credentials_provider_static_options_set_session_token($options, $session_token);
+    }
+
+    function credentials_provider_static_new($options) {
+        return self::$impl->aws_crt_credentials_provider_static_new($options);
+    }
+
+    function input_stream_options_new() {
+        return self::$impl->aws_crt_input_stream_options_new();
+    }
+
+    function input_stream_options_release($options) {
+        self::$impl->aws_crt_input_stream_options_release($options);
+    }
+
+    function input_stream_options_set_user_data($options, $user_data) {
+        self::$impl->aws_crt_input_stream_options_set_user_data($options, $user_data);
+    }
+
+    function input_stream_new($options) {
+        return self::$impl->aws_crt_input_stream_new($options);
+    }
+
+    function input_stream_release($stream) {
+        self::$impl->aws_crt_input_stream_release($stream);
+    }
+
+    function input_stream_seek($stream, $offset, $basis) {
+        return self::$impl->aws_crt_input_stream_seek($stream, $offset, $basis);
+    }
+
+    function input_stream_read($stream, $length) {
+        return self::$impl->aws_crt_input_stream_read($stream, $length);
+    }
+
+    function input_stream_eof($stream) {
+        return self::$impl->aws_crt_input_stream_eof($stream);
+    }
+
+    function input_stream_get_length($stream) {
+        return self::$impl->aws_crt_input_stream_get_length($stream);
+    }
+
+    function http_message_new_from_blob($blob) {
+        return self::$impl->aws_crt_http_message_new_from_blob($blob);
+    }
+
+    function http_message_to_blob($message) {
+        return self::$impl->aws_crt_http_message_to_blob($message);
+    }
+
+    function http_message_release($message) {
+        self::$impl->aws_crt_http_message_release($message);
+    }
+
+    function signing_config_aws_new() {
+        return self::$impl->aws_crt_signing_config_aws_new();
+    }
+
+    function signing_config_aws_release($signing_config) {
+        return self::$impl->aws_crt_signing_config_aws_release($signing_config);
+    }
+
+    function signing_config_aws_set_algorithm($signing_config, $algorithm) {
+        self::$impl->aws_crt_signing_config_aws_set_algorithm($signing_config, (int)$algorithm);
+    }
+
+    function signing_config_aws_set_signature_type($signing_config, $signature_type) {
+        self::$impl->aws_crt_signing_config_aws_set_signature_type($signing_config, (int)$signature_type);
+    }
+
+    function signing_config_aws_set_credentials_provider($signing_config, $credentials_provider) {
+        self::$impl->aws_crt_signing_config_aws_set_credentials_provider($signing_config, $credentials_provider);
+    }
+
+    function signing_config_aws_set_region($signing_config, $region) {
+        self::$impl->aws_crt_signing_config_aws_set_region($signing_config, $region);
+    }
+
+    function signing_config_aws_set_service($signing_config, $service) {
+        self::$impl->aws_crt_signing_config_aws_set_service($signing_config, $service);
+    }
+
+    function signing_config_aws_set_use_double_uri_encode($signing_config, $use_double_uri_encode) {
+        self::$impl->aws_crt_signing_config_aws_set_use_double_uri_encode($signing_config, $use_double_uri_encode);
+    }
+
+    function signing_config_aws_set_should_normalize_uri_path($signing_config, $should_normalize_uri_path) {
+        self::$impl->aws_crt_signing_config_aws_set_should_normalize_uri_path($signing_config, $should_normalize_uri_path);
+    }
+
+    function signing_config_aws_set_omit_session_token($signing_config, $omit_session_token) {
+        self::$impl->aws_crt_signing_config_aws_set_omit_session_token($signing_config, $omit_session_token);
+    }
+
+    function signing_config_aws_set_signed_body_value($signing_config, $signed_body_value) {
+        self::$impl->aws_crt_signing_config_aws_set_signed_body_value($signing_config, $signed_body_value);
+    }
+
+    function signing_config_aws_set_signed_body_header_type($signing_config, $signed_body_header_type) {
+        self::$impl->aws_crt_signing_config_aws_set_signed_body_header_type($signing_config, $signed_body_header_type);
+    }
+
+    function signing_config_aws_set_expiration_in_seconds($signing_config, $expiration_in_seconds) {
+        self::$impl->aws_crt_signing_config_aws_set_expiration_in_seconds($signing_config, $expiration_in_seconds);
+    }
+
+    function signing_config_aws_set_date($signing_config, $timestamp) {
+        self::$impl->aws_crt_signing_config_aws_set_date($signing_config, $timestamp);
+    }
+
+    function signing_config_aws_set_should_sign_header_fn($signing_config, $should_sign_header_fn) {
+        self::$impl->aws_crt_signing_config_aws_set_should_sign_header_fn($signing_config, $should_sign_header_fn);
+    }
+
+    function signable_new_from_http_request($http_message) {
+        return self::$impl->aws_crt_signable_new_from_http_request($http_message);
+    }
+
+    function signable_new_from_chunk($chunk_stream, $previous_signature) {
+        return self::$impl->aws_crt_signable_new_from_chunk($chunk_stream, $previous_signature);
+    }
+
+    function signable_new_from_canonical_request($canonical_request) {
+        return self::$impl->aws_crt_signable_new_from_canonical_request($canonical_request);
+    }
+
+    function signable_release($signable) {
+        self::$impl->aws_crt_signable_release($signable);
+    }
+
+    function signing_result_release($signing_result) {
+        self::$impl->aws_crt_signing_result_release($signing_result);
+    }
+
+    function signing_result_apply_to_http_request($signing_result, $http_message) {
+        return self::$impl->aws_crt_signing_result_apply_to_http_request(
+            $signing_result, $http_message);
+    }
+
+    function sign_request_aws($signable, $signing_config, $on_complete, $user_data) {
+        return self::$impl->aws_crt_sign_request_aws($signable, $signing_config, $on_complete, $user_data);
+    }
+
+    function test_verify_sigv4a_signing($signable, $signing_config, $expected_canonical_request, $signature, $ecc_key_pub_x, $ecc_key_pub_y) {
+        return self::$impl->aws_crt_test_verify_sigv4a_signing($signable, $signing_config, $expected_canonical_request, $signature, $ecc_key_pub_x, $ecc_key_pub_y);
+    }
+
+    public static function crc32($input, $previous = 0) {
+        return self::$impl->aws_crt_crc32($input, $previous);
+    }
+
+    public static function crc32c($input, $previous = 0) {
+        return self::$impl->aws_crt_crc32c($input, $previous);
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Headers.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Headers.php
@ -0,0 +1,50 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\HTTP;
+
+use AWS\CRT\Internal\Encoding;
+
+final class Headers {
+    private $headers;
+
+    public function __construct($headers = []) {
+        $this->headers = $headers;
+    }
+
+    public static function marshall($headers) {
+        $buf = "";
+        foreach ($headers->headers as $header => $value) {
+            $buf .= Encoding::encodeString($header);
+            $buf .= Encoding::encodeString($value);
+        }
+        return $buf;
+    }
+
+    public static function unmarshall($buf) {
+        $strings = Encoding::readStrings($buf);
+        $headers = [];
+        for ($idx = 0; $idx < count($strings);) {
+            $headers[$strings[$idx++]] = $strings[$idx++];
+        }
+        return new Headers($headers);
+    }
+
+    public function count() {
+        return count($this->headers);
+    }
+
+    public function get($header) {
+        return isset($this->headers[$header]) ? $this->headers[$header] : null;
+    }
+
+    public function set($header, $value) {
+        $this->headers[$header] = $value;
+    }
+
+    public function toArray() {
+        return $this->headers;
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Message.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Message.php
@ -0,0 +1,95 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\HTTP;
+
+use AWS\CRT\NativeResource;
+use AWS\CRT\Internal\Encoding;
+
+abstract class Message extends NativeResource {
+    private $method;
+    private $path;
+    private $query;
+    private $headers;
+
+    public function __construct($method, $path, $query = [], $headers = []) {
+        parent::__construct();
+        $this->method = $method;
+        $this->path = $path;
+        $this->query = $query;
+        $this->headers = new Headers($headers);
+        $this->acquire(self::$crt->http_message_new_from_blob(self::marshall($this)));
+    }
+
+    public function __destruct() {
+        self::$crt->http_message_release($this->release());
+        parent::__destruct();
+    }
+
+    public function toBlob() {
+        return self::$crt->http_message_to_blob($this->native);
+    }
+
+    protected static function marshall($msg) {
+        $buf = "";
+        $buf .= Encoding::encodeString($msg->method);
+        $buf .= Encoding::encodeString($msg->pathAndQuery());
+        $buf .= Headers::marshall($msg->headers);
+        return $buf;
+    }
+
+    protected static function _unmarshall($buf, $class=Message::class) {
+        $method = Encoding::readString($buf);
+        $path_and_query = Encoding::readString($buf);
+        $parts = explode("?", $path_and_query, 2);
+        $path = isset($parts[0]) ? $parts[0] : "";
+        $query = isset($parts[1]) ? $parts[1] : "";
+        $headers = Headers::unmarshall($buf);
+
+        // Turn query params back into a dictionary
+        if (strlen($query)) {
+            $query = rawurldecode($query);
+            $query = explode("&", $query);
+            $query = array_reduce($query, function($params, $pair) {
+                list($param, $value) = explode("=", $pair, 2);
+                $params[$param] = $value;
+                return $params;
+            }, []);
+        } else {
+            $query = [];
+        }
+
+        return new $class($method, $path, $query, $headers->toArray());
+    }
+
+    public function pathAndQuery() {
+        $path = $this->path;
+        $queries = [];
+        foreach ($this->query as $param => $value) {
+            $queries []= urlencode($param) . "=" . urlencode($value);
+        }
+        $query = implode("&", $queries);
+        if (strlen($query)) {
+            $path = implode("?", [$path, $query]);
+        }
+        return $path;
+    }
+
+    public function method() {
+        return $this->method;
+    }
+
+    public function path() {
+        return $this->path;
+    }
+
+    public function query() {
+        return $this->query;
+    }
+
+    public function headers() {
+        return $this->headers;
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Request.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Request.php
@ -0,0 +1,32 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\HTTP;
+
+use AWS\CRT\IO\InputStream;
+
+class Request extends Message {
+    private $body_stream = null;
+
+    public function __construct($method, $path, $query = [], $headers = [], $body_stream = null) {
+        parent::__construct($method, $path, $query, $headers);
+        if (!is_null($body_stream) && !($body_stream instanceof InputStream)) {
+            throw new \InvalidArgumentException('body_stream must be an instance of ' . InputStream::class);
+        }
+        $this->body_stream = $body_stream;
+    }
+
+    public static function marshall($request) {
+        return parent::marshall($request);
+    }
+
+    public static function unmarshall($buf) {
+        return parent::_unmarshall($buf, Request::class);
+    }
+
+    public function body_stream() {
+        return $this->body_stream;
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Response.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/HTTP/Response.php
@ -0,0 +1,27 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\HTTP;
+
+class Response extends Message {
+    private $status_code;
+
+    public function __construct($method, $path, $query, $headers, $status_code) {
+        parent::__construct($method, $path, $query, $headers);
+        $this->status_code = $status_code;
+    }
+
+    public static function marshall($response) {
+        return parent::marshall($response);
+    }
+
+    public static function unmarshall($buf) {
+        return parent::_unmarshall($buf, Response::class);
+    }
+
+    public function status_code() {
+        return $this->status_code;
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/IO/EventLoopGroup.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/IO/EventLoopGroup.php
@ -0,0 +1,39 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\IO;
+
+use AWS\CRT\NativeResource as NativeResource;
+use AWS\CRT\Options as Options;
+
+/**
+ * Represents 1 or more event loops (1 per thread) for doing I/O and background tasks.
+ * Typically, every application has one EventLoopGroup.
+ *
+ * @param array options:
+ * - int num_threads - Number of worker threads in the EventLoopGroup. Defaults to 0/1 per logical core.
+ */
+final class EventLoopGroup extends NativeResource {
+
+    static function defaults() {
+        return [
+            'max_threads' => 0,
+        ];
+    }
+
+    function __construct(array $options = []) {
+        parent::__construct();
+        $options = new Options($options, self::defaults());
+        $elg_options = self::$crt->event_loop_group_options_new();
+        self::$crt->event_loop_group_options_set_max_threads($elg_options, $options->getInt('max_threads'));
+        $this->acquire(self::$crt->event_loop_group_new($elg_options));
+        self::$crt->event_loop_group_options_release($elg_options);
+    }
+
+    function __destruct() {
+        self::$crt->event_loop_group_release($this->release());
+        parent::__destruct();
+    }
+}
--- a/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/IO/InputStream.php
+++ b/lam/lib/3rdParty/composer/aws/aws-crt-php/src/AWS/CRT/IO/InputStream.php
@ -0,0 +1,50 @@
+<?php
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+namespace AWS\CRT\IO;
+
+use AWS\CRT\NativeResource as NativeResource;
+
+final class InputStream extends NativeResource {
+    private $stream = null;
+
+    const SEEK_BEGIN = 0;
+    const SEEK_END = 2;
+
+    public function __construct($stream) {
+        parent::__construct();
+        $this->stream = $stream;
+        $options = self::$crt->input_stream_options_new();
+        // The stream implementation in native just converts the PHP stream into
+        // a native php_stream* and executes operations entirely in native
+        self::$crt->input_stream_options_set_user_data($options, $stream);
+        $this->acquire(self::$crt->input_stream_new($options));
+        self::$crt->input_stream_options_release($options);
+    }
+
+    public function __destruct() {
+        $this->release();
+        parent::__destruct();
+    }
+
+    public function eof() {
+        return self::$crt->input_stream_eof($this->native);
+    }
+
+    public function length() {
+        return self::$crt->input_stream_get_length($this->native);
+    }
+
+    public function read($length = 0) {
+        if ($length == 0) {
+            $length = $this->length();
+        }
+        return self::$crt->input_stream_read($this->native, $length);
+    }
+
+    public function seek($offset, $basis) {
+        return self::$crt->input_stream_seek($this->native, $offset, $basis);
+    }
+}
--- a/Show more
+++ b/Show more
 @ -1 +1 @@
 .0.RC1
 .3
				`@ -0,0 +1 @@`
				`Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.`