Howdy, I'm looking for a web interface for OpenLDAP. I want something pretty simple since I won't need to reorganize the entire DIT through the web, only add, delete, and modify users and groups.
I'm using smbldap-tools which has it's own set of scripts that I can tap into. I will need to extend the web interface to modify the samba schema extensions to LDAP or run the smbldap-scripts.
With that in mind, I am interested in something written in PHP or Perl that can be easily modified or extended.
I'd love it if you can recommend a simple web interface for LDAP. If you can recommend something, please tell me what features appeal to you or work well for you. And how does it meet my criteria:
* Simple - minimal bells and whistles * add, delete, and modify users * add, delete, and modify groups * secure - using SSL/TLS * linux and apache friendly * written in perl, php, or python
Thanks for your help.
Wes Modes wrote:
WM> I'm looking for a web interface for OpenLDAP.
WM> * Simple - minimal bells and whistles WM> * add, delete, and modify users WM> * add, delete, and modify groups WM> * secure - using SSL/TLS WM> * linux and apache friendly WM> * written in perl, php, or python
Have a look at GOsa:
In its default configuration it's much more than you need, but it's very modular and hence straight forward to turn off all the functionality you don't want. It's also fairly simple to create new modules if you one day discover a requirement for functionality it doesn't have. It's written in PHP using the Smarty template engine.
You should be aware that it's not a pure GUI for an arbitrary OpenLDAP tree. You have to use its schemas and add its object classes to the things you want to manage. But that's a once-only effort, and if your OpenLDAP data is reasonably sane (or not rolled out yet because you're migrating from some previous technology), it shouldn't be too tricky to make it ready.
We've deployed GOsa on scales from a few hundred to tens of thousands of users - typically as a management GUI for an OpenLDAP-backed Samba/Exim/Mailscanner/Cyrus SME-type infrastructure, but also for less generic deployments founded on subsets of those technologies.
GOsa was originally developed for the Munich project (see the GOsa home page for info); for examples of other deployments, see:
http://www.siriusit.co.uk/clients/specsavers.html http://www.siriusit.co.uk/clients/carmarthenshire-county-council.html https://oss.gonicus.de/labs/gosa/wiki/References
Cheers
Duncan
Duncan Gibb wrote:
Wes Modes wrote:
WM> I'm looking for a web interface for OpenLDAP.
WM> * Simple - minimal bells and whistles WM> * add, delete, and modify users WM> * add, delete, and modify groups WM> * secure - using SSL/TLS WM> * linux and apache friendly WM> * written in perl, php, or python
Have a look at GOsa:
Also http://www.openldap.org/faq/data/cache/268.html lists some. Being the author of web2ldap I'm biased of course. Maybe GOsa should be added in this section with a short description.
Ciao, Michael.
It's not clear from my peripheral once over of web2ldap what it is written in. How configurable/modifiable is it? For instance, if I need to add functionality to allow it to hash the smb related ldap fields, are the hooks there?
Wes
Michael Ströder wrote:
Duncan Gibb wrote:
Wes Modes wrote:
WM> I'm looking for a web interface for OpenLDAP.
WM> * Simple - minimal bells and whistles WM> * add, delete, and modify users WM> * add, delete, and modify groups WM> * secure - using SSL/TLS WM> * linux and apache friendly WM> * written in perl, php, or python
Have a look at GOsa:
Also http://www.openldap.org/faq/data/cache/268.html lists some. Being the author of web2ldap I'm biased of course. Maybe GOsa should be added in this section with a short description.
Ciao, Michael.
--On Thursday, May 01, 2008 3:54 PM -0700 Wes Modes wmodes@ucsc.edu wrote:
It's not clear from my peripheral once over of web2ldap what it is written in.
That's odd. When I go to the FAQ entry Michael referred you to, I see:
web2ldap - Python based
Which to me is a very good indication that it is written in Python.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Wes Modes wrote:
It's not clear from my peripheral once over of web2ldap what it is written in.
Python
How configurable/modifiable is it?
1. Some forms can be customized with HTML templates.
2. Defaults for adding new entries can be configured with LDIF templates in a quick-list.
3. LDAP syntaxes and attribute types can have special Python plugin classes (written in Python) registered for them (by OID or name). Check out the various examples in etc/web2ldap/web2ldapcnf/plugins/. Many things can already be achieved by using exisiting base classes (static/dynamic select lists etc.).
There's currently no plugin API at entry-level for dealing with dependencies between attributes. -
For instance, if I need to add functionality to allow it to hash the smb related ldap fields,
Setting the SMB password hashes ntPassword/lmpassword and sambalmpassword/sambaNTPassword is directly supported when changing an entry's password if the entry has one of the Samba object classes attached to it.
are the hooks there?
Hmm, not sure I have a hook for hashing an attribute value right before adding it to the entry. Maybe some of the class methods could be used to achieve this.
Ciao, Michael.
openldap-technical@openldap.org
-
Duncan Gibb -
Michael Ströder -
Quanah Gibson-Mount -
Wes Modes