Build your LDAP Web Interface with LinID Directory Manager
5 likes3,345 views
LinID Directory Manager is a web-based LDAP directory management interface built using free and open source software. It allows modelling LDAP directories through an extended schema and provides authorization management through profiles and LDAP Query Language rules. The software is highly customizable and samples are provided to demonstrate its features for managing user and organizational data stored in LDAP.
![Authorization
<bean id="localadmin_users_manage" class="org.linid.dm.authorization.lql.LqlTextRule"
scope="prototype">
<property name="name" value="localadmin_users_manage" />
<property name="description" value="Manage users" />
<property name="module" value="" />
<property name="relation">
<value><![CDATA[
ldap.read( principalDN, "ssoRoles=$
{ldap.role.localadministrator.dn}");
]]></value>
</property>
<property name="targetDn" value="${ldap.user.dn}" />
<property name="rights" value="Wd" />
<property name="attributes">
<list>
<value>uid</value>
<value>cn</value>
<value>sn</value>
<value>givenName</value>
<value>telephoneNumber</value>
<value>facsimileTelephoneNumber</value>
<value>departmentNumber</value>
<value>o</value>
<value>ou</value>
<value>mail</value>
<value>ssoRoles</value>
<value>ssoLogonHours</value>
<value>userPassword</value>
<value>photo</value>
<value>entry</value>
</list>
</property>
</bean>
17](https://image.slidesharecdn.com/ldapcon2013coudotliniddirectorymanager-131120050157-phpapp01/85/Build-your-LDAP-Web-Interface-with-LinID-Directory-Manager-17-320.jpg)
Build your LDAP Web Interface with LinID Directory Manager
- 1. Build your LDAP Web Interface with LinID Directory Manager Clément OUDOT
- 2. Table of contents LDAP graphical interfaces LinID Directory Manager 2
- 3. Resume 3
- 4. Clément OUDOT Engineer since 2003 at LINAGORA company LinID Dream Team Manager: http://linid.org Founder of LDAP Tool Box project: http://ltb-project.org Leader of LemonLDAP::NG project: http://lemonldap-ng.org 4
- 5. Interfaces 5
- 6. Administration tools Command line interface (CLI): – ldapsearch, ldapmodify – ldapvi – Perl scripts (Net::LDAP) Standalone clients: – Jxplorer, LDAP browser – Apache Directory Studio Web Interfaces: – phpLDAPadmin – web2ldap 6
- 8. LDAP directory management interfaces In the proprietary world: – Calendra Directory Manager (Calendra) – Meibo (Ilex) – Some Identity Manager (Oracle, Novell, etc.) In the free software world: – LDAP Account Manager – ldapSaisie – FusionDirectory (ex GOSA) – LinID Directory Manager – OpenIDM (ForgeRock) – Janua white pages 90% of deployments: self made applications 8
- 9. Main features Screen modelling (HTML templates) Specific displayer and editor for each attribute Tag choice and internationalization Authorization management with profiles No data adaptation needed 9
- 11. History Development started at UPMC in 2002. First version in PHP, quickly rewritten in Java. The software is called MetaLDAP Open Source release in 2003, under the name InterLDAP Became an ObjectWeb project in 2006 inside the FederID project Creation of LinID in 2008, it becomes LinID Content Manager and then LinID Directory Manager The project is now hosted by Linagora and released under AGPLv3 11
- 12. Built with free software LinID Directory Manager is a web framework Web built upon: – Tapestry 5 – Spring, Spring LDAP – Maven – Xstream – Rhino – Ehcache – jQuery, jQuery UI 12
- 14. Extended schema Based on LDAP technical schema (object classes, attributes) Override some technical definitions (multi valuation, mandatory/optional) Add a lot of new definitions: – Labels – Default value – Visibility in creation/consultation/research – Allowed value – Type of displayer/editor 14
- 15. Extended schema <entry> <string>givenName</string> <attributedefinition> <attributeName>givenName</attributeName> <type>string</type> <oid>2.5.4.42</oid> <description>'RFC2256: first name(s) for which the entity is known by'</description> <largeLabel xml:lang="en">Givenname</largeLabel> <largeLabel xml:lang="fr">Prénom</largeLabel> <printLabel xml:lang="en">Givenname</printLabel> <printLabel xml:lang="fr">Prenom</printLabel> <shortLabel xml:lang="en">Givenname</shortLabel> <shortLabel xml:lang="fr">Prénom</shortLabel> <precedence>15</precedence> <possibleValues> <null/> </possibleValues> <visible>true</visible> <multiValued>false</multiValued> <mandatory>true</mandatory> <filtrable>true</filtrable> <chosenInList>false</chosenInList> <operators> <operator>CONTAINS</operator> </operators> <shownAtCreation>true</shownAtCreation> </attributedefinition> </entry> 15
- 16. Authorization Authorization is based on: – Relation between current user and target entry – Attributes concerned – Type of operation The relation is expressed trough LDAP Query Language, a specific syntax to query LDAP directories almost like SQL databases 16
- 17. Authorization <bean id="localadmin_users_manage" class="org.linid.dm.authorization.lql.LqlTextRule" scope="prototype"> <property name="name" value="localadmin_users_manage" /> <property name="description" value="Manage users" /> <property name="module" value="" /> <property name="relation"> <value><![CDATA[ ldap.read( principalDN, "ssoRoles=$ {ldap.role.localadministrator.dn}"); ]]></value> </property> <property name="targetDn" value="${ldap.user.dn}" /> <property name="rights" value="Wd" /> <property name="attributes"> <list> <value>uid</value> <value>cn</value> <value>sn</value> <value>givenName</value> <value>telephoneNumber</value> <value>facsimileTelephoneNumber</value> <value>departmentNumber</value> <value>o</value> <value>ou</value> <value>mail</value> <value>ssoRoles</value> <value>ssoLogonHours</value> <value>userPassword</value> <value>photo</value> <value>entry</value> </list> </property> </bean> 17
- 18. LinID Directory Manager sample A demonstration application is provided with the framework It includes an in-memory directory (OpenDJ) with the following accounts: – jdoe/secret : super administrator – jsmith/secret : local administrator – jbar/secret : user Run in Tomcat, Jetty Launch it from the sources: $ mvn -Popends jetty:run 18
- 19. Demonstration 19
- 20. How to build your own application Know what you want: – Which data should be managed in the interface – Who can do what Import the sample application in Eclipse Generate the extended schema with the script eschemaGenerator.pl Prepare your fingers to edit XML: Spring configuration, extended schema, authorization rules Redesign the templates 20
- 21. Example: UPMC 21
- 22. Example: Agriculture French Ministry 22
- 23. Example: LinID OBM Manager 23
- 24. Example: LinID OpenLDAP Manager 24
- 26. Thanks Special thanks to: – LDAPCon! – Company LINAGORA – All LiniD developers Keep in touch: – Identica: @coudot – Twitter: @clementoudot @LinID_FOSS – IRC: KPTN #LinID@freenode – Web: http://linid.org 26
- 27. Thanks!