web2ldap is an open source generic LDAPv3 client which does not make any assumptions about the tree structure or LDAP schema.
web2ldap is kind of a swiss-army knife for accessing/manipulating LDAP servers without having to configure anything.
web2ldap is also:
· A secure LDAP client with clean login behaviour.
· A schema browser which displays references/dependencies within an LDAPv3 schema.
· A customizable platform for prototyping LDAP administration use-cases.
Here are some key features of "web2ldap":
· Runs on Unix-derived OS (e.g. Linux, Mac OS X, FreeBSD, Solaris etc.) and Windows 32-bit platforms.
· Runs multi-threaded either as stand-alone web server, FastCGI server or as SCGI server.
· Highly configurable on a per-host/-backend basis.
· Comfortable web interface for unexperienced users. If the user does something wrong a tersely error message is given which is most times based on the info field returned by the LDAP server. If it makes sense the user can retry immediately his/her action with corrected input parameters. One has to emphasize that no other web interface provides such a tolerant error handling in its user interface.
· Configuring the search root is most times unnecessary.
· Support for file upload of binary attributes, e.g. jpegPhoto or userCertificate.
· Efficient browsing in directory trees with paged displaying of search results. Honors attributes hasSubordinates, numSubordinates and subordinateCount if available for determining if entries have subordinate entries.
· Displays JPEG pictures in-line with reasonable performance by smart caching.
· Universal title attribute added to a lot of HTML tags to have sort of a bubble-help in browsers which support that.
· Attributes containing DNs, URLs or mail addresses are shown as links. DNs can be followed within web2ldap by simply pressing the link.
· If an error occurs during adding or modifying entries the user can edit and re-submit his input data.
· Trys to be friendly to all browsers by producing simple, but well-formed HTML 4.01 (almost strict).
· Recursive deletion of directory trees.
· User-friendly handling of LDAPv3 referrals with reconnecting directly to referred host after presenting a login form to the user (see RFC 3296).
· OIDs in RootDSE attributes are displayed with name and description.
· Some (configurable) quick-buttons for common actions.
· Process LDIF input even with URL support (if configured).
· HTML templates can be used for displaying LDAP entries.
· HTML header can be configured to include colors, background pictures or logos.
· ID params in main HTML tags for using Cascaded Style Sheets (CSS).
· Printer-friendly HTML output of search results based on a configurable HTML template string.
· Support for vCards - users of common browsers can easily add entries to their local address books.
· Bulk downloading of directory data as LDIF or LDIFv1 (see RFC 2849).
· Aware of UTF-8 character encoding for retrieving/storing non US-ASCII characters.
· Bulk downloading of directory data as DSMLv1 (XML namespace for directory data).
· Full LDAPv3 sub schema sub entry support when displaying an entry or input form with required and allowed attributes.
· Built-in schema browser displays all forward and backward references to other schema elements as links for all supported schema elements and allows a simple wildcard search by OID or NAME patterns.
· Schema support has reasonable performance since caching of parsed sub schema sub entries is done.
· Full support for inherited schema elements (object classes and attribute types).
· Fall-back to a local schema definition in configuration stored in LDIF file (for e.g. LDAPv2 servers).
· Special handling of collective attributes.
· Plugin modules for specific handling of attributes/syntaxes.
· Support for adding, modifying, deleting entries, deleting sub trees and renaming entries.
· Schema-aware to provide schema-matching input forms for add/modify.
· Octet strings can be directly edited as hex-bytes.
· Plugin-classes implement specific input fields for many vendor-specific attributes.
· Configurable LDIF templates for new entries.
· Automatic search for missing parent entries if adding of an entry fails with "no such object". (for reducing the same old boring questions on the LDAP-related mailing lists ;-).
· Input values for some attributes/syntaxes (e.g. jpegPhoto, certificates and CRLs) are automagically converted to the right format.
· Password Modify Extended Operation (see RFC 3062)
· Client-hashed passwords (see also RFC 2307, schemes {crypt}, {md5}, {sha}, {smd5}, {ssha}) for setting the userPassword attribute on Umich-derived LDAP servers (like OpenLDAP, Netscape/IPlanet server etc.).
· Synced setting of userPassword and Samba password attributes.
· Attribute shadowLastChange set if an entry has object class shadowAccount.
· Resetting the password attribute unicodePwd in MS AD.
· Uses namingContexts attribute from RootDSE to determine appropriate search root automatically.
· Displays new login mask to repeat current action after chasing a referral.
· Search continuations are displayed.
· Well known DNS aliases (kinda primitive anyway)
· LDAPv3 Referrals (knowledge references)
· Locate LDAP host via SRV RR (see also RFC 2782). This is automatically done if e.g a LDAP URL does not contain a host name but a dc-style DN or if an error response was received with error code NO_SUCH_OBJECT (somewhat inspired by RFC 3088).
· Downloading of binary attributes with appropriate mapping to MIME types.
· Optionally use gzip-encoding for saving network bandwidth if client has sent Accept-Encoding: gzip in the HTTP header.
· Optionally use the right character set for output according to the HTTP header Accept-Charset sent by the HTTP client.
· Support for SASL bind.
· Default configuration is quite strict. If you see this paradigm violated somewhere in a distributed package of web2ldap please let me know.
· Since the user logs in and opens a persistent LDAP connection storing or passing around passwords is not necessary.
· Security mechanisms to avoid hijacking web sessions.
· Maximum number of currently used web sessions can be limited.
· Smart login with automatic completion of bind DN.
· Nice displaying of X.509 certificates and CRLs stored in the directory including all X.509v3 extensions with links to e.g. CRL distribution points, policy documents etc.
What`s New in This Release: [ read full changelog ]
· Full support for DIT structure rules and name forms, various enhancements to user interface, many additions/improvements for plug-in classes/modules.