• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Build your LDAP Web Interface with LinID Directory Manager
 

Build your LDAP Web Interface with LinID Directory Manager

on

  • 999 views

 

Statistics

Views

Total Views
999
Views on SlideShare
885
Embed Views
114

Actions

Likes
4
Downloads
9
Comments
0

2 Embeds 114

http://lanyrd.com 112
https://twitter.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Build your LDAP Web Interface with LinID Directory Manager Build your LDAP Web Interface with LinID Directory Manager Presentation Transcript

    • Build your LDAP Web Interface with LinID Directory Manager Clément OUDOT
    • Table of contents LDAP graphical interfaces LinID Directory Manager 2
    • Resume 3
    • Clément OUDOT Engineer since 2003 at LINAGORA company LinID Dream Team Manager: http://linid.org Founder of LDAP Tool Box project: http://ltb-project.org Leader of LemonLDAP::NG project: http://lemonldap-ng.org 4
    • Interfaces 5
    • Administration tools Command line interface (CLI): – ldapsearch, ldapmodify – ldapvi – Perl scripts (Net::LDAP) Standalone clients: – Jxplorer, LDAP browser – Apache Directory Studio Web Interfaces: – phpLDAPadmin – web2ldap 6
    • Apache Directory Studio 7
    • LDAP directory management interfaces In the proprietary world: – Calendra Directory Manager (Calendra) – Meibo (Ilex) – Some Identity Manager (Oracle, Novell, etc.) In the free software world: – LDAP Account Manager – ldapSaisie – FusionDirectory (ex GOSA) – LinID Directory Manager – OpenIDM (ForgeRock) – Janua white pages 90% of deployments: self made applications 8
    • Main features Screen modelling (HTML templates) Specific displayer and editor for each attribute Tag choice and internationalization Authorization management with profiles No data adaptation needed 9
    • LinID Directory Manager 10
    • History Development started at UPMC in 2002. First version in PHP, quickly rewritten in Java. The software is called MetaLDAP Open Source release in 2003, under the name InterLDAP Became an ObjectWeb project in 2006 inside the FederID project Creation of LinID in 2008, it becomes LinID Content Manager and then LinID Directory Manager The project is now hosted by Linagora and released under AGPLv3 11
    • Built with free software LinID Directory Manager is a web framework Web built upon: – Tapestry 5 – Spring, Spring LDAP – Maven – Xstream – Rhino – Ehcache – jQuery, jQuery UI 12
    • Technical overview 13
    • Extended schema Based on LDAP technical schema (object classes, attributes) Override some technical definitions (multi valuation, mandatory/optional) Add a lot of new definitions: – Labels – Default value – Visibility in creation/consultation/research – Allowed value – Type of displayer/editor 14
    • Extended schema <entry> <string>givenName</string> <attributedefinition> <attributeName>givenName</attributeName> <type>string</type> <oid>2.5.4.42</oid> <description>&apos;RFC2256: first name(s) for which the entity is known by&apos;</description> <largeLabel xml:lang="en">Givenname</largeLabel> <largeLabel xml:lang="fr">Prénom</largeLabel> <printLabel xml:lang="en">Givenname</printLabel> <printLabel xml:lang="fr">Prenom</printLabel> <shortLabel xml:lang="en">Givenname</shortLabel> <shortLabel xml:lang="fr">Prénom</shortLabel> <precedence>15</precedence> <possibleValues> <null/> </possibleValues> <visible>true</visible> <multiValued>false</multiValued> <mandatory>true</mandatory> <filtrable>true</filtrable> <chosenInList>false</chosenInList> <operators> <operator>CONTAINS</operator> </operators> <shownAtCreation>true</shownAtCreation> </attributedefinition> </entry> 15
    • Authorization Authorization is based on: – Relation between current user and target entry – Attributes concerned – Type of operation The relation is expressed trough LDAP Query Language, a specific syntax to query LDAP directories almost like SQL databases 16
    • Authorization <bean id="localadmin_users_manage" class="org.linid.dm.authorization.lql.LqlTextRule" scope="prototype"> <property name="name" value="localadmin_users_manage" /> <property name="description" value="Manage users" /> <property name="module" value="" /> <property name="relation"> <value><![CDATA[ ldap.read( principalDN, "ssoRoles=$ {ldap.role.localadministrator.dn}"); ]]></value> </property> <property name="targetDn" value="${ldap.user.dn}" /> <property name="rights" value="Wd" /> <property name="attributes"> <list> <value>uid</value> <value>cn</value> <value>sn</value> <value>givenName</value> <value>telephoneNumber</value> <value>facsimileTelephoneNumber</value> <value>departmentNumber</value> <value>o</value> <value>ou</value> <value>mail</value> <value>ssoRoles</value> <value>ssoLogonHours</value> <value>userPassword</value> <value>photo</value> <value>entry</value> </list> </property> </bean> 17
    • LinID Directory Manager sample A demonstration application is provided with the framework It includes an in-memory directory (OpenDJ) with the following accounts: – jdoe/secret : super administrator – jsmith/secret : local administrator – jbar/secret : user Run in Tomcat, Jetty Launch it from the sources: $ mvn -Popends jetty:run 18
    • Demonstration 19
    • How to build your own application Know what you want: – Which data should be managed in the interface – Who can do what Import the sample application in Eclipse Generate the extended schema with the script eschemaGenerator.pl Prepare your fingers to edit XML: Spring configuration, extended schema, authorization rules Redesign the templates 20
    • Example: UPMC 21
    • Example: Agriculture French Ministry 22
    • Example: LinID OBM Manager 23
    • Example: LinID OpenLDAP Manager 24
    • Almost the end... 25
    • Thanks Special thanks to: – LDAPCon! – Company LINAGORA – All LiniD developers Keep in touch: – Identica: @coudot – Twitter: @clementoudot @LinID_FOSS – IRC: KPTN #LinID@freenode – Web: http://linid.org 26
    • Thanks!