About Site Map Submit Contact Us Log in | Create an account
Create an account Log In
Average Rating
User Rating:
Visitors Rating:
My rating:

Write review
See full specifications

linux default iconweb2ldap Publisher's description

web2ldap - WWW gateway to LDAP server

web2ldap - WWW gateway to LDAP server

What is web2ldap?
* A generic LDAPv3 client which does not make any assumptions about the tree structure or LDAP schema.
* Kind of a swiss-army knife for accessing/manipulating LDAP servers without having to configure anything.
* A secure LDAP client with clean login behaviour.
* A schema browser which displays references/dependencies within an LDAPv3 schema.
* A customizable platform for prototyping LDAP administration use-cases.
* For me it is a platform for implementing cutting edge LDAP features.
* Continously maintained software since September 1998!

Running Mode
* Runs on Unix-derived OS (e.g. Linux, FreeBSD, Solaris etc.) and Windows 32-bit platforms.
* Runs multi-threaded either as stand-alone web server, FastCGI server or as SCGI server.
* Highly configurable on a per-host/-backend basis.

User Interface

* Comfortable web interface for unexperienced users. If the user does something wrong a tersely error message is given which is most times based on the info field returned by the LDAP server. If it makes sense the user can retry immediately his/her action with corrected input parameters. One has to emphasize that no other web interface provides such a tolerant error handling in its user interface.
* Configuring the search root is most times unnecessary.
* Support for file upload of binary attributes, e.g. jpegPhoto or userCertificate.
* Efficient browsing in directory trees with paged displaying of search results. Honors attributes hasSubordinates, numSubordinates and subordinateCount if available for determining if entries have subordinate entries.
* Displays JPEG pictures in-line with reasonable performance by smart caching.
* Universal title attribute added to a lot of HTML tags to have sort of a bubble-help in browsers which support that.
* Attributes containing DNs, URLs or mail addresses are shown as links. DNs can be followed within web2ldap by simply pressing the link.
* If an error occurs during adding or modifying entries the user can edit and re-submit his input data.
* Trys to be friendly to all browsers by producing simple, but well-formed HTML 4.01 (almost strict).
* Recursive deletion of directory trees.
* Three different search forms:

Static search form based on customizable HTML template.
Build search filter by choosing options from select lists.
Direct use of LDAP filter expressions.

* User-friendly handling of LDAPv3 referrals with reconnecting directly to referred host after presenting a login form to the user (see RFC 3296).
* OIDs in RootDSE attributes are displayed with name and description.
* Some (configurable) quick-buttons for common actions.
* Process LDIF input even with URL support (if configured).

Many Output Formats
* HTML templates can be used for displaying LDAP entries.
* HTML header can be configured to include colors, background pictures or logos.
* ID params in main HTML tags for using Cascaded Style Sheets (CSS).
* Printer-friendly HTML output of search results based on a configurable HTML template string.
* Support for vCards - users of common browsers can easily add entries to their local address books.
* Bulk downloading of directory data as LDIF or LDIFv1 (see RFC 2849).
* Aware of UTF-8 character encoding for retrieving/storing non US-ASCII characters.
* Bulk downloading of directory data as DSMLv1 (XML namespace for directory data).

Plug-in modules/classes for specific handling of attributes/syntaxes. The following plug-in modules currently exist:

mainly LDAP syntaxes defined for ACP 133 with simple select lists and not tested
For MS AD and Samba 4
Class which can dump BER objects as ASN.1 with module pisces
Various attributes with dynamic select lists
Configuration attributes of Siemens DirX
Various syntaxes found in draft-sermersheim-nds-ldap-schema
for attributes defined eduPerson
Some small syntax quirks for Entrust PKI schema
Some small quirks for Exchange 5.5
Some small quirks for IBM Directory Server
for heimdal and MIT Kerberos schema
LDAP-based naming service
for attributes in Lotus Domino's LDAP service
See stroeder.com.schema
Microsoft System Services for Unix 3.0
NIS attributes (see also RFC 2307)
mainly some configuration attributes used in OpenDS
some attributes used in OpenLDAP for configuration and accesslog (see also draft-chu-ldap-logschema)
Multi-line fields for PGP keys
for attributes defined in RFC 1274
for attributes defined in draft-ietf-pkix-ldap-pkc-schema
for attributes defined in draft-behera-ldap-password-policy
Various quirks for very misbehaving servers
for Samba 3
for attributes defined in SCHAC
for attributes defined for subentries (see RFC 3672)
covering central password policy configuration attributes defined in draft-vchu-ldap-pwd-policy
for attributes defined in VPIM (see RFC 4237)
for attributes available on real X.500 DSAs

Advanced LDAP features
Schema support
* Full LDAPv3 sub schema sub entry support when displaying an entry or input form with required and allowed attributes.
* Built-in schema browser displays all forward and backward references to other schema elements as links for all supported schema elements and allows a simple wildcard search by OID or NAME patterns.
* Supported and used schema attributes:
o attributeTypes
o dITContentRules
o ldapSyntaxes
o matchingRuleUse
o matchingRules
o objectClasses
o dITStructureRules
o nameForms
* Schema support has reasonable performance since caching of parsed sub schema sub entries is done.
* Full support for inherited schema elements (object classes and attribute types).
* Fall-back to a local schema definition in configuration stored in LDIF file (for e.g. LDAPv2 servers).
* Special handling of collective attributes.

Write Access
* Support for adding, modifying, deleting entries, deleting sub trees and renaming entries.
* Schema-aware to provide schema-matching input forms for add/modify.
* Octet strings can be directly edited as hex-bytes.
* Plug-in classes implement specific input fields for many vendor-specific attributes.
* Configurable LDIF templates for new entries.
* Automatic search for missing parent entries if adding of an entry fails with "no such object". (for reducing the same old boring questions on the LDAP-related mailing lists ;-).
* Input values for some attributes/syntaxes (e.g. jpegPhoto, certificates and CRLs) are automagically converted to the right format.

Changing/Resetting passwords
* Password Modify Extended Operation (see RFC 3062)
* Client-hashed passwords (see also RFC 2307, schemes {crypt}, {md5}, {sha}, {smd5}, {ssha}) for setting the userPassword attribute on Umich-derived LDAP servers (like OpenLDAP, Netscape/IPlanet server etc.).
* Synced setting of userPassword and Samba NT password attribute (support for old LAN manager hash was dropped in 1.1).
* Attribute shadowLastChange set if an entry has object class shadowAccount.
* Resetting the password attribute unicodePwd in MS AD.

Group administration feature
Convenient, secure and efficient way to add/remove an entry to/from a group entry. Many common group object classes are automagically supported:

* groupOfNames
* groupOfUniqueNames
* rfc822MailGroup
* mailGroup
* posixGroup (see RFC 2307)
* accessGroup (found in IBM SecureWay)

Even large groups (>100000 members) are handled with reasonable performance. Security problems even with distributed management are avoided by "just doing it right".
LDAP connection handling
Automatically determine the protocol version and features supported by the LDAP server. Falls back to reasonable defaults if features are not available.
It it possible to directly use LDAP URLs (see RFC 4516) to reference LDAP entries and LDAP search results. Example: http://demo.web2ldap.de:1760/web2ldap/ldapurl?ldap://ldap.openldap.org/dc=openldap,dc=org Note: Although most LDAP URLs will work you should use URL-quoted LDAP URLs.
Root DSE

* Uses namingContexts attribute from RootDSE to determine appropriate search root automatically.

LDAPv3 Referrals

* Displays new login mask to repeat current action after chasing a referral.
* Search continuations are displayed.

Locating LDAP service
Try to locate a LDAP host for a specific domain, dc-style DN (RFC 2247, RFC 2377) or e-mail address. (see also the Internet Draft "A Taxonomy of Methods for LDAP Clients Finding Servers" on LDAPEXT page)

* Well known DNS aliases (kinda primitive anyway)
* LDAPv3 Referrals (knowledge references)
* Locate LDAP host via SRV RR (see also RFC 2782). This is automatically done if e.g a LDAP URL does not contain a host name but a dc-style DN or if an error response was received with error code NO_SUCH_OBJECT (somewhat inspired by RFC 3088).

LDAPv3 extended controls

Manage DSA IT mode
For editing referral entries (see RFC 3296).
Two different controls for searching subentries (see RFC 3672 and draft-ietf-ldup-subentry-07.txt)
Relax Rules Control (formerly Manage DIT control)
For editing operational attributes (see draft-zeilenga-ldap-relax).
Tree Delete
deletion of whole subtrees with a single DeleteRequest (see draft-armijo-ldap-treedelete).
Assertion Control
is used when sending a modify request if the seems to support it to prevent the server to process the request if the entry has been changed in between (see RFC 4528). Host-specific parameter modify_constant_attrs is used to generate the assertion filter.

LDAPv3 extended operations

provides transport layer security with TLS (see RFC 4513).
"Who am I?"
this operation shows which bind-DN is in effect e.g. when using SASL bind (see RFC 4532).
Password Modify Extended Operation
for server-side password setting (see RFC 3062).

LDAPv3 extensions
All Operational Attributes
Request the server to return all operational attributes in a search response. (See rootDSE attribute supportedFeatures, OID, see also RFC 3673)

Advanced HTTP options
* Downloading of binary attributes with appropriate mapping to MIME types.
* Optionally use gzip-encoding for saving network bandwidth if client has sent Accept-Encoding: gzip in the HTTP header.
* Optionally use the right character set for output according to the HTTP header Accept-Charset sent by the HTTP client.

Please also check out the security page.
* Support for SASL bind.
* Default configuration is quite strict. If you see this paradigm violated somewhere in a distributed package of web2ldap please let me know.
* Since the user logs in and opens a persistent LDAP connection storing or passing around passwords is not necessary.
* Security mechanisms to avoid hijacking web sessions.
* Maximum number of currently used web sessions can be limited.
* Smart login with automatic completion of bind DN.
* Nice displaying of X.509 certificates and CRLs stored in the directory including all X.509v3 extensions with links to e.g. CRL distribution points, policy documents etc.

What's New in This Release:

В· Fixes for validating uniqueMember attribute values.
В· Registers various attribute types of OpenLDAP's cn=config with the plugin class MultilineText.
В· Some small fixes for plugin classes and referral handling.

System Requirements:

No special requirements.
Program Release Status: Minor Update
Program Install Support: Install and Uninstall

Is web2ldap your software?

Manage your software
There are no related downloads.

Most Popular

linux default icon Infatech Enhanced Forum 101
Infatech Enhanced Google friendly Forum.
linux default icon Hotscripts Clone 2010
HotScripts.com is an Internet directory that compiles and disseminates Web programming-related resources.
linux default icon Community-ID 1.2.1
An OpenID implementation
linux default icon Swoopo Clone 2010 2010
Swoopo Clone 2010 - Swoopo Clone is written in Object Oriented Programming in PHP and mySQL which is usually... Read more
linux default icon PHD Help Desk 2.12
PHD Help Desk provides help desk registry and follow-up software.

Related Category

» ASP & PHP (26)
» E-Commerce (9)
» Flash Tools (3)
» HTML Tools (63)
» Other (127)