The document discusses the LinID Directory Manager, including its history, features, and LDAP integration. It provides a technical overview of the software, its management tools, and how to implement and customize it for various applications. Additionally, it highlights the role of Clément Oudot and the various open-source technologies involved in the project.

1. LinID Directory Manager
Clément OUDOT
RMLL 2013

2. 2
Table of contents
● LDAP Directories
● LDAP graphical interfaces
● LinID Directory Manager

3. 3
Resume

4. 4
Clément OUDOT
● Engineer since 2003 at LINAGORA company
● LinID Dream Team Manager: http://linid.org
● Founder of LDAP Tool Box project:
http://ltb-project.org
● Leader of LemonLDAP::NG project:
http://lemonldap-ng.org

5. 5
LDAP directories

6. 6
LDAP protocol
● Defined by standards (RFC)
● LDAPv2 in 1995, LDAPv3 in 1997
● TCP/IP, LBER, ASN1
● 9 core operations, and extended operations
● Schema define object classes, attributes, syntaxes
and matching rules
● Data organized hierarchically (tree)

7. 7
Directory Information Tree
dc=linid,dc=org
ou=people ou=groupsou=structures
uid=coudot cn=admin

8. Entry / Attribute / Value
Attribute Attribute
AttributeAttribute
Entry
Attribute
Value
Value
Value

9. 9
Interfaces

10. 10
Administration tools
● Command line interface (CLI):
● ldapsearch, ldapmodify
● ldapvi
● Perl scripts (Net::LDAP)
● Standalone clients:
● Jxplorer, LDAP browser
● Apache Directory Studio
● Web Interfaces:
● phpLDAPadmin
● web2ldap

11. 11
Apache Directory Studio

12. 12
LDAP directory management interfaces
● In the proprietary world:
● Calendra Directory Manager (Calendra)
● Meibo (Ilex)
● Some Identity Manager (Oracle, Novell, etc.)
● In the free software world:
● LDAP Account Manager
● ldapSaisie
● FusionDirectory (ex GOSA)
● LinID Directory Manager
● OpenIDM (ForgeRock)
● Janua white pages
● 90% of deployments: self made applications

13. 13
Main features
● Screen modelling (HTML templates)
● Specific displayer and editor for each attribute
● Tag choice and internationalization
● Authorization management with profiles
● No data adaptation needed

14. 14
LinID Directory Manager

15. 15
History
● Development started at UPMC in 2002. First version in
PHP, quickly rewritten in Java. The software is called
MetaLDAP
● Open Source release in 2003, under the name
InterLDAP
● Became an ObjectWeb project in 2006 inside the
FederID project
● Creation of LinID in 2008, it becomes LinID Content
Manager and then LinID Directory Manager
● The project is now hosted by Linagora and released
under AGPLv3

16. 16
Built with free software
● LinID Directory Manager is a web framework
Web built upon:
● Tapestry 5
● Spring, Spring LDAP
● Maven
● Xstream
● Rhino
● Ehcache
● jQuery, jQuery UI

17. 17
Technical overview

18. 18
Extended schema
● Based on LDAP technical schema (object classes,
attributes)
● Override some technical definitions (multi
valuation, mandatory/optional)
● Add a lot of new definitions:
● Labels
● Default value
● Visibility in creation/consultation/research
● Allowed value
● Type of displayer/editor

19. 19
Extended schema
<entry>
<string>givenName</string>
<attributedefinition>
<attributeName>givenName</attributeName>
<type>string</type>
<oid>2.5.4.42</oid>
<description>&apos;RFC2256: first name(s) for which the entity is known
by&apos;</description>
<largeLabel xml:lang="en">Givenname</largeLabel>
<largeLabel xml:lang="fr">Prénom</largeLabel>
<printLabel xml:lang="en">Givenname</printLabel>
<printLabel xml:lang="fr">Prenom</printLabel>
<shortLabel xml:lang="en">Givenname</shortLabel>
<shortLabel xml:lang="fr">Prénom</shortLabel>
<precedence>15</precedence>
<possibleValues>
<null/>
</possibleValues>
<visible>true</visible>
<multiValued>false</multiValued>
<mandatory>true</mandatory>
<filtrable>true</filtrable>
<chosenInList>false</chosenInList>
<operators>
<operator>CONTAINS</operator>
</operators>
<shownAtCreation>true</shownAtCreation>
</attributedefinition>
</entry>

20. 20
Authorization
● Authorization is based on:
● Relation between current user and target entry
● Attributes concerned
● Type of operation
● The relation is expressed trough LDAP Query
Language, a specific syntax to query LDAP
directories almost like SQL databases

21. 21
Authorization
<bean id="localadmin_users_manage" class="org.linid.dm.authorization.lql.LqlTextRule"
scope="prototype">
<property name="name" value="localadmin_users_manage" />
<property name="description" value="Manage users" />
<property name="module" value="" />
<property name="relation">
<value><![CDATA[
ldap.read( principalDN, "ssoRoles=$
{ldap.role.localadministrator.dn}");
]]></value>
</property>
<property name="targetDn" value="${ldap.user.dn}" />
<property name="rights" value="Wd" />
<property name="attributes">
<list>
<value>uid</value>
<value>cn</value>
<value>sn</value>
<value>givenName</value>
<value>telephoneNumber</value>
<value>facsimileTelephoneNumber</value>
<value>departmentNumber</value>
<value>o</value>
<value>ou</value>
<value>mail</value>
<value>ssoRoles</value>
<value>ssoLogonHours</value>
<value>userPassword</value>
<value>photo</value>
<value>entry</value>
</list>
</property>
</bean>

22. 22
LinID Directory Manager sample
● A demonstration application is provided with the
framework
● It includes an in-memory directory (OpenDJ) with
the following accounts:
● jdoe/secret : super administrator
● jsmith/secret : local administrator
● jbar/secret : user
● Run in Tomcat, Jetty
● Launch it from the sources:
$ mvn -Popends jetty:run

23. 23
Demonstration

24. 24
How to build your own application
● Know what you want:
● Which data should be managed in the interface
● Who can do what
● Import the sample application in Eclipse
● Generate the extended schema with the script
eschemaGenerator.pl
● Prepare your fingers to edit XML: Spring
configuration, extended schema, authorization
rules
● Redesign the templates

25. 25
Example: UPMC

26. 26
Example: Agriculture French Ministry

27. 27
Example: LinID OBM Manager

28. 28
Example: LinID OpenLDAP Manager

29. 29
Almost the end...

30. 30
18-19 November - PARIS
http://www.ldapcon.org

31. 31
Thanks
● Special thanks to:
● RMLL/LSM and their organizers
● Company LINAGORA
● All LiniD developers
● Keep in touch:
● Identica: @coudot
● Twitter: @clementoudot @LinID_FOSS
● IRC: KPTN #LinID@freenode
● Web: http://linid.org

32. 32
Questions?

33. Thanks for your attention
http://www.linid.org
Logiciels et services Open Source
80 rue Roque de Fillol l 92800 PUTEAUX
Tel : 0810 251 251 l Fax : +33 1 46 96 63 64
www.linagora.com