12. 12
LDAP directory management interfaces
● In the proprietary world:
● Calendra Directory Manager (Calendra)
● Meibo (Ilex)
● Some Identity Manager (Oracle, Novell, etc.)
● In the free software world:
● LDAP Account Manager
● ldapSaisie
● FusionDirectory (ex GOSA)
● LinID Directory Manager
● OpenIDM (ForgeRock)
● Janua white pages
● 90% of deployments: self made applications
13. 13
Main features
● Screen modelling (HTML templates)
● Specific displayer and editor for each attribute
● Tag choice and internationalization
● Authorization management with profiles
● No data adaptation needed
15. 15
History
● Development started at UPMC in 2002. First version in
PHP, quickly rewritten in Java. The software is called
MetaLDAP
● Open Source release in 2003, under the name
InterLDAP
● Became an ObjectWeb project in 2006 inside the
FederID project
● Creation of LinID in 2008, it becomes LinID Content
Manager and then LinID Directory Manager
● The project is now hosted by Linagora and released
under AGPLv3
16. 16
Built with free software
● LinID Directory Manager is a web framework
Web built upon:
● Tapestry 5
● Spring, Spring LDAP
● Maven
● Xstream
● Rhino
● Ehcache
● jQuery, jQuery UI
18. 18
Extended schema
● Based on LDAP technical schema (object classes,
attributes)
● Override some technical definitions (multi
valuation, mandatory/optional)
● Add a lot of new definitions:
● Labels
● Default value
● Visibility in creation/consultation/research
● Allowed value
● Type of displayer/editor
19. 19
Extended schema
<entry>
<string>givenName</string>
<attributedefinition>
<attributeName>givenName</attributeName>
<type>string</type>
<oid>2.5.4.42</oid>
<description>'RFC2256: first name(s) for which the entity is known
by'</description>
<largeLabel xml:lang="en">Givenname</largeLabel>
<largeLabel xml:lang="fr">Prénom</largeLabel>
<printLabel xml:lang="en">Givenname</printLabel>
<printLabel xml:lang="fr">Prenom</printLabel>
<shortLabel xml:lang="en">Givenname</shortLabel>
<shortLabel xml:lang="fr">Prénom</shortLabel>
<precedence>15</precedence>
<possibleValues>
<null/>
</possibleValues>
<visible>true</visible>
<multiValued>false</multiValued>
<mandatory>true</mandatory>
<filtrable>true</filtrable>
<chosenInList>false</chosenInList>
<operators>
<operator>CONTAINS</operator>
</operators>
<shownAtCreation>true</shownAtCreation>
</attributedefinition>
</entry>
20. 20
Authorization
● Authorization is based on:
● Relation between current user and target entry
● Attributes concerned
● Type of operation
● The relation is expressed trough LDAP Query
Language, a specific syntax to query LDAP
directories almost like SQL databases
22. 22
LinID Directory Manager sample
● A demonstration application is provided with the
framework
● It includes an in-memory directory (OpenDJ) with
the following accounts:
● jdoe/secret : super administrator
● jsmith/secret : local administrator
● jbar/secret : user
● Run in Tomcat, Jetty
● Launch it from the sources:
$ mvn -Popends jetty:run
24. 24
How to build your own application
● Know what you want:
● Which data should be managed in the interface
● Who can do what
● Import the sample application in Eclipse
● Generate the extended schema with the script
eschemaGenerator.pl
● Prepare your fingers to edit XML: Spring
configuration, extended schema, authorization
rules
● Redesign the templates
33. Thanks for your attention
http://www.linid.org
Logiciels et services Open Source
80 rue Roque de Fillol l 92800 PUTEAUX
Tel : 0810 251 251 l Fax : +33 1 46 96 63 64
www.linagora.com