LinID Directory Manager
Clément OUDOT
RMLL 2013
2
Table of contents
● LDAP Directories
● LDAP graphical interfaces
● LinID Directory Manager
3
Resume
4
Clément OUDOT
● Engineer since 2003 at LINAGORA company
● LinID Dream Team Manager: http://linid.org
● Founder of LDAP T...
5
LDAP directories
6
LDAP protocol
● Defined by standards (RFC)
● LDAPv2 in 1995, LDAPv3 in 1997
● TCP/IP, LBER, ASN1
● 9 core operations, an...
7
Directory Information Tree
dc=linid,dc=org
ou=people ou=groupsou=structures
uid=coudot cn=admin
Entry / Attribute / Value
Attribute Attribute
AttributeAttribute
Entry
Attribute
Value
Value
Value
9
Interfaces
10
Administration tools
● Command line interface (CLI):
● ldapsearch, ldapmodify
● ldapvi
● Perl scripts (Net::LDAP)
● Sta...
11
Apache Directory Studio
12
LDAP directory management interfaces
● In the proprietary world:
● Calendra Directory Manager (Calendra)
● Meibo (Ilex)...
13
Main features
● Screen modelling (HTML templates)
● Specific displayer and editor for each attribute
● Tag choice and i...
14
LinID Directory Manager
15
History
● Development started at UPMC in 2002. First version in
PHP, quickly rewritten in Java. The software is called
...
16
Built with free software
● LinID Directory Manager is a web framework
Web built upon:
● Tapestry 5
● Spring, Spring LDA...
17
Technical overview
18
Extended schema
● Based on LDAP technical schema (object classes,
attributes)
● Override some technical definitions (mu...
19
Extended schema
<entry>
<string>givenName</string>
<attributedefinition>
<attributeName>givenName</attributeName>
<type...
20
Authorization
● Authorization is based on:
● Relation between current user and target entry
● Attributes concerned
● Ty...
21
Authorization
<bean id="localadmin_users_manage" class="org.linid.dm.authorization.lql.LqlTextRule"
scope="prototype">
...
22
LinID Directory Manager sample
● A demonstration application is provided with the
framework
● It includes an in-memory ...
23
Demonstration
24
How to build your own application
● Know what you want:
● Which data should be managed in the interface
● Who can do wh...
25
Example: UPMC
26
Example: Agriculture French Ministry
27
Example: LinID OBM Manager
28
Example: LinID OpenLDAP Manager
29
Almost the end...
30
18-19 November - PARIS
http://www.ldapcon.org
31
Thanks
● Special thanks to:
● RMLL/LSM and their organizers
● Company LINAGORA
● All LiniD developers
● Keep in touch:
...
32
Questions?
Thanks for your attention
http://www.linid.org
Logiciels et services Open Source
80 rue Roque de Fillol l 92800 PUTEAUX
Te...
Upcoming SlideShare
Loading in...5
×

RMLL 2013 - Build your LDAP management web interface with LinID Directory Manager

1,830

Published on

Presentation of LinID Directory Manager, and how you can use it to build your own LDAP management web interface

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,830
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

RMLL 2013 - Build your LDAP management web interface with LinID Directory Manager

  1. 1. LinID Directory Manager Clément OUDOT RMLL 2013
  2. 2. 2 Table of contents ● LDAP Directories ● LDAP graphical interfaces ● LinID Directory Manager
  3. 3. 3 Resume
  4. 4. 4 Clément OUDOT ● Engineer since 2003 at LINAGORA company ● LinID Dream Team Manager: http://linid.org ● Founder of LDAP Tool Box project: http://ltb-project.org ● Leader of LemonLDAP::NG project: http://lemonldap-ng.org
  5. 5. 5 LDAP directories
  6. 6. 6 LDAP protocol ● Defined by standards (RFC) ● LDAPv2 in 1995, LDAPv3 in 1997 ● TCP/IP, LBER, ASN1 ● 9 core operations, and extended operations ● Schema define object classes, attributes, syntaxes and matching rules ● Data organized hierarchically (tree)
  7. 7. 7 Directory Information Tree dc=linid,dc=org ou=people ou=groupsou=structures uid=coudot cn=admin
  8. 8. Entry / Attribute / Value Attribute Attribute AttributeAttribute Entry Attribute Value Value Value
  9. 9. 9 Interfaces
  10. 10. 10 Administration tools ● Command line interface (CLI): ● ldapsearch, ldapmodify ● ldapvi ● Perl scripts (Net::LDAP) ● Standalone clients: ● Jxplorer, LDAP browser ● Apache Directory Studio ● Web Interfaces: ● phpLDAPadmin ● web2ldap
  11. 11. 11 Apache Directory Studio
  12. 12. 12 LDAP directory management interfaces ● In the proprietary world: ● Calendra Directory Manager (Calendra) ● Meibo (Ilex) ● Some Identity Manager (Oracle, Novell, etc.) ● In the free software world: ● LDAP Account Manager ● ldapSaisie ● FusionDirectory (ex GOSA) ● LinID Directory Manager ● OpenIDM (ForgeRock) ● Janua white pages ● 90% of deployments: self made applications
  13. 13. 13 Main features ● Screen modelling (HTML templates) ● Specific displayer and editor for each attribute ● Tag choice and internationalization ● Authorization management with profiles ● No data adaptation needed
  14. 14. 14 LinID Directory Manager
  15. 15. 15 History ● Development started at UPMC in 2002. First version in PHP, quickly rewritten in Java. The software is called MetaLDAP ● Open Source release in 2003, under the name InterLDAP ● Became an ObjectWeb project in 2006 inside the FederID project ● Creation of LinID in 2008, it becomes LinID Content Manager and then LinID Directory Manager ● The project is now hosted by Linagora and released under AGPLv3
  16. 16. 16 Built with free software ● LinID Directory Manager is a web framework Web built upon: ● Tapestry 5 ● Spring, Spring LDAP ● Maven ● Xstream ● Rhino ● Ehcache ● jQuery, jQuery UI
  17. 17. 17 Technical overview
  18. 18. 18 Extended schema ● Based on LDAP technical schema (object classes, attributes) ● Override some technical definitions (multi valuation, mandatory/optional) ● Add a lot of new definitions: ● Labels ● Default value ● Visibility in creation/consultation/research ● Allowed value ● Type of displayer/editor
  19. 19. 19 Extended schema <entry> <string>givenName</string> <attributedefinition> <attributeName>givenName</attributeName> <type>string</type> <oid>2.5.4.42</oid> <description>&apos;RFC2256: first name(s) for which the entity is known by&apos;</description> <largeLabel xml:lang="en">Givenname</largeLabel> <largeLabel xml:lang="fr">Prénom</largeLabel> <printLabel xml:lang="en">Givenname</printLabel> <printLabel xml:lang="fr">Prenom</printLabel> <shortLabel xml:lang="en">Givenname</shortLabel> <shortLabel xml:lang="fr">Prénom</shortLabel> <precedence>15</precedence> <possibleValues> <null/> </possibleValues> <visible>true</visible> <multiValued>false</multiValued> <mandatory>true</mandatory> <filtrable>true</filtrable> <chosenInList>false</chosenInList> <operators> <operator>CONTAINS</operator> </operators> <shownAtCreation>true</shownAtCreation> </attributedefinition> </entry>
  20. 20. 20 Authorization ● Authorization is based on: ● Relation between current user and target entry ● Attributes concerned ● Type of operation ● The relation is expressed trough LDAP Query Language, a specific syntax to query LDAP directories almost like SQL databases
  21. 21. 21 Authorization <bean id="localadmin_users_manage" class="org.linid.dm.authorization.lql.LqlTextRule" scope="prototype"> <property name="name" value="localadmin_users_manage" /> <property name="description" value="Manage users" /> <property name="module" value="" /> <property name="relation"> <value><![CDATA[ ldap.read( principalDN, "ssoRoles=$ {ldap.role.localadministrator.dn}"); ]]></value> </property> <property name="targetDn" value="${ldap.user.dn}" /> <property name="rights" value="Wd" /> <property name="attributes"> <list> <value>uid</value> <value>cn</value> <value>sn</value> <value>givenName</value> <value>telephoneNumber</value> <value>facsimileTelephoneNumber</value> <value>departmentNumber</value> <value>o</value> <value>ou</value> <value>mail</value> <value>ssoRoles</value> <value>ssoLogonHours</value> <value>userPassword</value> <value>photo</value> <value>entry</value> </list> </property> </bean>
  22. 22. 22 LinID Directory Manager sample ● A demonstration application is provided with the framework ● It includes an in-memory directory (OpenDJ) with the following accounts: ● jdoe/secret : super administrator ● jsmith/secret : local administrator ● jbar/secret : user ● Run in Tomcat, Jetty ● Launch it from the sources: $ mvn -Popends jetty:run
  23. 23. 23 Demonstration
  24. 24. 24 How to build your own application ● Know what you want: ● Which data should be managed in the interface ● Who can do what ● Import the sample application in Eclipse ● Generate the extended schema with the script eschemaGenerator.pl ● Prepare your fingers to edit XML: Spring configuration, extended schema, authorization rules ● Redesign the templates
  25. 25. 25 Example: UPMC
  26. 26. 26 Example: Agriculture French Ministry
  27. 27. 27 Example: LinID OBM Manager
  28. 28. 28 Example: LinID OpenLDAP Manager
  29. 29. 29 Almost the end...
  30. 30. 30 18-19 November - PARIS http://www.ldapcon.org
  31. 31. 31 Thanks ● Special thanks to: ● RMLL/LSM and their organizers ● Company LINAGORA ● All LiniD developers ● Keep in touch: ● Identica: @coudot ● Twitter: @clementoudot @LinID_FOSS ● IRC: KPTN #LinID@freenode ● Web: http://linid.org
  32. 32. 32 Questions?
  33. 33. Thanks for your attention http://www.linid.org Logiciels et services Open Source 80 rue Roque de Fillol l 92800 PUTEAUX Tel : 0810 251 251 l Fax : +33 1 46 96 63 64 www.linagora.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×