SlideShare a Scribd company logo
1 of 27
Download to read offline
Build your LDAP Web Interface
with LinID Directory Manager
Clément OUDOT
Table of contents
LDAP graphical interfaces
LinID Directory Manager

2
Resume

3
Clément OUDOT
Engineer since 2003 at LINAGORA company
LinID Dream Team Manager: http://linid.org
Founder of LDAP Tool Box project:
http://ltb-project.org
Leader of LemonLDAP::NG project:
http://lemonldap-ng.org

4
Interfaces

5
Administration tools
Command line interface (CLI):
– ldapsearch, ldapmodify
– ldapvi
– Perl scripts (Net::LDAP)

Standalone clients:
– Jxplorer, LDAP browser
– Apache Directory Studio

Web Interfaces:
– phpLDAPadmin
– web2ldap

6
Apache Directory Studio

7
LDAP directory management interfaces
In the proprietary world:
– Calendra Directory Manager (Calendra)
– Meibo (Ilex)
– Some Identity Manager (Oracle, Novell, etc.)

In the free software world:
– LDAP Account Manager
– ldapSaisie
– FusionDirectory (ex GOSA)
– LinID Directory Manager
– OpenIDM (ForgeRock)
– Janua white pages

90% of deployments: self made applications

8
Main features
Screen modelling (HTML templates)
Specific displayer and editor for each attribute
Tag choice and internationalization
Authorization management with profiles
No data adaptation needed

9
LinID Directory Manager

10
History
Development started at UPMC in 2002. First version in PHP, quickly
rewritten in Java. The software is called MetaLDAP
Open Source release in 2003, under the name InterLDAP
Became an ObjectWeb project in 2006 inside the FederID project
Creation of LinID in 2008, it becomes LinID Content Manager and
then LinID Directory Manager
The project is now hosted by Linagora and released under AGPLv3

11
Built with free software
LinID Directory Manager is a web framework Web
built upon:
– Tapestry 5
– Spring, Spring LDAP
– Maven
– Xstream
– Rhino
– Ehcache
– jQuery, jQuery UI

12
Technical overview

13
Extended schema
Based on LDAP technical schema (object classes,
attributes)
Override some technical definitions (multi valuation,
mandatory/optional)
Add a lot of new definitions:
– Labels
– Default value
– Visibility in creation/consultation/research
– Allowed value
– Type of displayer/editor

14
Extended schema
<entry>
<string>givenName</string>
<attributedefinition>
<attributeName>givenName</attributeName>
<type>string</type>
<oid>2.5.4.42</oid>
<description>&apos;RFC2256: first name(s) for which the entity is known
by&apos;</description>
<largeLabel xml:lang="en">Givenname</largeLabel>
<largeLabel xml:lang="fr">Prénom</largeLabel>
<printLabel xml:lang="en">Givenname</printLabel>
<printLabel xml:lang="fr">Prenom</printLabel>
<shortLabel xml:lang="en">Givenname</shortLabel>
<shortLabel xml:lang="fr">Prénom</shortLabel>
<precedence>15</precedence>
<possibleValues>
<null/>
</possibleValues>
<visible>true</visible>
<multiValued>false</multiValued>
<mandatory>true</mandatory>
<filtrable>true</filtrable>
<chosenInList>false</chosenInList>
<operators>
<operator>CONTAINS</operator>
</operators>
<shownAtCreation>true</shownAtCreation>
</attributedefinition>
</entry>

15
Authorization
Authorization is based on:
– Relation between current user and target entry
– Attributes concerned
– Type of operation

The relation is expressed trough LDAP Query
Language, a specific syntax to query LDAP
directories almost like SQL databases

16
Authorization
<bean id="localadmin_users_manage" class="org.linid.dm.authorization.lql.LqlTextRule"
scope="prototype">
<property name="name" value="localadmin_users_manage" />
<property name="description" value="Manage users" />
<property name="module" value="" />
<property name="relation">
<value><![CDATA[
ldap.read( principalDN, "ssoRoles=$
{ldap.role.localadministrator.dn}");
]]></value>
</property>
<property name="targetDn" value="${ldap.user.dn}" />
<property name="rights" value="Wd" />
<property name="attributes">
<list>
<value>uid</value>
<value>cn</value>
<value>sn</value>
<value>givenName</value>
<value>telephoneNumber</value>
<value>facsimileTelephoneNumber</value>
<value>departmentNumber</value>
<value>o</value>
<value>ou</value>
<value>mail</value>
<value>ssoRoles</value>
<value>ssoLogonHours</value>
<value>userPassword</value>
<value>photo</value>
<value>entry</value>
</list>
</property>
</bean>

17
LinID Directory Manager sample
A demonstration application is provided with the framework
It includes an in-memory directory (OpenDJ) with the following
accounts:
– jdoe/secret : super administrator
– jsmith/secret : local administrator
– jbar/secret : user

Run in Tomcat, Jetty
Launch it from the sources:
$ mvn -Popends jetty:run

18
Demonstration

19
How to build your own application
Know what you want:
– Which data should be managed in the interface
– Who can do what

Import the sample application in Eclipse
Generate the extended schema with the script
eschemaGenerator.pl
Prepare your fingers to edit XML: Spring configuration,
extended schema, authorization rules
Redesign the templates

20
Example: UPMC

21
Example: Agriculture French Ministry

22
Example: LinID OBM Manager

23
Example: LinID OpenLDAP Manager

24
Almost the end...

25
Thanks
Special thanks to:
– LDAPCon!
– Company LINAGORA
– All LiniD developers

Keep in touch:
– Identica: @coudot
– Twitter: @clementoudot @LinID_FOSS
– IRC: KPTN #LinID@freenode
– Web: http://linid.org

26
Thanks!

More Related Content

What's hot

Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory servicesLDAPCon
 
Open source identity management 20121106 - apache con eu
Open source identity management   20121106 - apache con euOpen source identity management   20121106 - apache con eu
Open source identity management 20121106 - apache con euFrancesco Chicchiriccò
 
Directories for the REST of Us: REST to LDAP in OpenDJ 2.6
Directories for the REST of Us: REST to LDAP in OpenDJ 2.6Directories for the REST of Us: REST to LDAP in OpenDJ 2.6
Directories for the REST of Us: REST to LDAP in OpenDJ 2.6ForgeRock
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ projectLDAPCon
 
Building Restful Applications Using Php
Building Restful Applications Using PhpBuilding Restful Applications Using Php
Building Restful Applications Using PhpSudheer Satyanarayana
 
Mime Magic With Apache Tika
Mime Magic With Apache TikaMime Magic With Apache Tika
Mime Magic With Apache TikaJukka Zitting
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesMongoDB
 
Document Databases & RavenDB
Document Databases & RavenDBDocument Databases & RavenDB
Document Databases & RavenDBBrian Ritchie
 
OpenIDM - Flexible Provisioning Platform - April 28 Webinar
OpenIDM - Flexible Provisioning Platform - April 28 WebinarOpenIDM - Flexible Provisioning Platform - April 28 Webinar
OpenIDM - Flexible Provisioning Platform - April 28 WebinarForgeRock
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Survey of restful web services frameworks
Survey of restful web services frameworksSurvey of restful web services frameworks
Survey of restful web services frameworksVijay Prasad Gupta
 
Beyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationBeyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationMongoDB
 
Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley - Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley - Talent42
 
Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)Lucas Jellema
 

What's hot (20)

Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory services
 
Open source identity management 20121106 - apache con eu
Open source identity management   20121106 - apache con euOpen source identity management   20121106 - apache con eu
Open source identity management 20121106 - apache con eu
 
Spring Ldap
Spring LdapSpring Ldap
Spring Ldap
 
Directories for the REST of Us: REST to LDAP in OpenDJ 2.6
Directories for the REST of Us: REST to LDAP in OpenDJ 2.6Directories for the REST of Us: REST to LDAP in OpenDJ 2.6
Directories for the REST of Us: REST to LDAP in OpenDJ 2.6
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ project
 
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
 
Building Restful Applications Using Php
Building Restful Applications Using PhpBuilding Restful Applications Using Php
Building Restful Applications Using Php
 
Mime Magic With Apache Tika
Mime Magic With Apache TikaMime Magic With Apache Tika
Mime Magic With Apache Tika
 
The RDBMS You Should Be Using
The RDBMS You Should Be UsingThe RDBMS You Should Be Using
The RDBMS You Should Be Using
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security Features
 
Document Databases & RavenDB
Document Databases & RavenDBDocument Databases & RavenDB
Document Databases & RavenDB
 
Introduction to RavenDB
Introduction to RavenDBIntroduction to RavenDB
Introduction to RavenDB
 
Rest overview briefing
Rest  overview briefingRest  overview briefing
Rest overview briefing
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
 
OpenIDM - Flexible Provisioning Platform - April 28 Webinar
OpenIDM - Flexible Provisioning Platform - April 28 WebinarOpenIDM - Flexible Provisioning Platform - April 28 Webinar
OpenIDM - Flexible Provisioning Platform - April 28 Webinar
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Survey of restful web services frameworks
Survey of restful web services frameworksSurvey of restful web services frameworks
Survey of restful web services frameworks
 
Beyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationBeyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and Authentication
 
Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley - Talent42 2014 Sam Wholley -
Talent42 2014 Sam Wholley -
 
Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)Introduction to Node (15th May 2017)
Introduction to Node (15th May 2017)
 

Similar to Build your LDAP Web Interface with LinID Directory Manager

RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...Clément OUDOT
 
LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)Fran Fabrizio
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01SANE Ibrahima
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?Wong Hoi Sing Edison
 
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)sparkfabrik
 
Asian Spirit 3 Day Dba On Ubl
Asian Spirit 3 Day Dba On UblAsian Spirit 3 Day Dba On Ubl
Asian Spirit 3 Day Dba On Ublnewrforce
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckRundeck
 
Drupal Theme Development - DrupalCon Chicago 2011
Drupal Theme Development - DrupalCon Chicago 2011Drupal Theme Development - DrupalCon Chicago 2011
Drupal Theme Development - DrupalCon Chicago 2011Ryan Price
 
Drupal 8 preview_slideshow
Drupal 8 preview_slideshowDrupal 8 preview_slideshow
Drupal 8 preview_slideshowTee Malapela
 
Red Hat Certified engineer course
  Red Hat Certified engineer course   Red Hat Certified engineer course
Red Hat Certified engineer course Ali Abdo
 
Automating Your Workflow with Gulp.js - php[world] 2016
Automating Your Workflow with Gulp.js - php[world] 2016Automating Your Workflow with Gulp.js - php[world] 2016
Automating Your Workflow with Gulp.js - php[world] 2016Colin O'Dell
 
Créer et gérer une scratch org avec Visual Studio Code
Créer et gérer une scratch org avec Visual Studio CodeCréer et gérer une scratch org avec Visual Studio Code
Créer et gérer une scratch org avec Visual Studio CodeThierry TROUIN ☁
 
Holy PowerShell, BATman! - dogfood edition
Holy PowerShell, BATman! - dogfood editionHoly PowerShell, BATman! - dogfood edition
Holy PowerShell, BATman! - dogfood editionDave Diehl
 
Power shell training
Power shell trainingPower shell training
Power shell trainingDavid Brabant
 

Similar to Build your LDAP Web Interface with LinID Directory Manager (20)

RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
 
LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
 
Software Development with PHP & Laravel
Software Development  with PHP & LaravelSoftware Development  with PHP & Laravel
Software Development with PHP & Laravel
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
 
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
 
Asian Spirit 3 Day Dba On Ubl
Asian Spirit 3 Day Dba On UblAsian Spirit 3 Day Dba On Ubl
Asian Spirit 3 Day Dba On Ubl
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in Rundeck
 
Knolx session
Knolx sessionKnolx session
Knolx session
 
Drupal Theme Development - DrupalCon Chicago 2011
Drupal Theme Development - DrupalCon Chicago 2011Drupal Theme Development - DrupalCon Chicago 2011
Drupal Theme Development - DrupalCon Chicago 2011
 
Drupal 8 preview_slideshow
Drupal 8 preview_slideshowDrupal 8 preview_slideshow
Drupal 8 preview_slideshow
 
Mini-Training: Redis
Mini-Training: RedisMini-Training: Redis
Mini-Training: Redis
 
Red Hat Certified engineer course
  Red Hat Certified engineer course   Red Hat Certified engineer course
Red Hat Certified engineer course
 
01 html-introduction
01 html-introduction01 html-introduction
01 html-introduction
 
Automating Your Workflow with Gulp.js - php[world] 2016
Automating Your Workflow with Gulp.js - php[world] 2016Automating Your Workflow with Gulp.js - php[world] 2016
Automating Your Workflow with Gulp.js - php[world] 2016
 
NLP Project Full Circle
NLP Project Full CircleNLP Project Full Circle
NLP Project Full Circle
 
Créer et gérer une scratch org avec Visual Studio Code
Créer et gérer une scratch org avec Visual Studio CodeCréer et gérer une scratch org avec Visual Studio Code
Créer et gérer une scratch org avec Visual Studio Code
 
Holy PowerShell, BATman! - dogfood edition
Holy PowerShell, BATman! - dogfood editionHoly PowerShell, BATman! - dogfood edition
Holy PowerShell, BATman! - dogfood edition
 
Power shell training
Power shell trainingPower shell training
Power shell training
 
Best practices tekx
Best practices tekxBest practices tekx
Best practices tekx
 

More from LDAPCon

Benchmarks on LDAP directories
Benchmarks on LDAP directoriesBenchmarks on LDAP directories
Benchmarks on LDAP directoriesLDAPCon
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCLDAPCon
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAPCon
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAPLDAPCon
 
What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...LDAPCon
 
Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAPLDAPCon
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioLDAPCon
 
Making Research "Social" using LDAP
Making Research "Social" using LDAPMaking Research "Social" using LDAP
Making Research "Social" using LDAPLDAPCon
 
eSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebeSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebLDAPCon
 
IAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementIAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementLDAPCon
 

More from LDAPCon (10)

Benchmarks on LDAP directories
Benchmarks on LDAP directoriesBenchmarks on LDAP directories
Benchmarks on LDAP directories
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSC
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAP
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAP
 
What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...
 
Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAP
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory Studio
 
Making Research "Social" using LDAP
Making Research "Social" using LDAPMaking Research "Social" using LDAP
Making Research "Social" using LDAP
 
eSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebeSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over Web
 
IAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementIAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship Management
 

Recently uploaded

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 

Recently uploaded (20)

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 

Build your LDAP Web Interface with LinID Directory Manager

  • 1. Build your LDAP Web Interface with LinID Directory Manager Clément OUDOT
  • 2. Table of contents LDAP graphical interfaces LinID Directory Manager 2
  • 4. Clément OUDOT Engineer since 2003 at LINAGORA company LinID Dream Team Manager: http://linid.org Founder of LDAP Tool Box project: http://ltb-project.org Leader of LemonLDAP::NG project: http://lemonldap-ng.org 4
  • 6. Administration tools Command line interface (CLI): – ldapsearch, ldapmodify – ldapvi – Perl scripts (Net::LDAP) Standalone clients: – Jxplorer, LDAP browser – Apache Directory Studio Web Interfaces: – phpLDAPadmin – web2ldap 6
  • 8. LDAP directory management interfaces In the proprietary world: – Calendra Directory Manager (Calendra) – Meibo (Ilex) – Some Identity Manager (Oracle, Novell, etc.) In the free software world: – LDAP Account Manager – ldapSaisie – FusionDirectory (ex GOSA) – LinID Directory Manager – OpenIDM (ForgeRock) – Janua white pages 90% of deployments: self made applications 8
  • 9. Main features Screen modelling (HTML templates) Specific displayer and editor for each attribute Tag choice and internationalization Authorization management with profiles No data adaptation needed 9
  • 11. History Development started at UPMC in 2002. First version in PHP, quickly rewritten in Java. The software is called MetaLDAP Open Source release in 2003, under the name InterLDAP Became an ObjectWeb project in 2006 inside the FederID project Creation of LinID in 2008, it becomes LinID Content Manager and then LinID Directory Manager The project is now hosted by Linagora and released under AGPLv3 11
  • 12. Built with free software LinID Directory Manager is a web framework Web built upon: – Tapestry 5 – Spring, Spring LDAP – Maven – Xstream – Rhino – Ehcache – jQuery, jQuery UI 12
  • 14. Extended schema Based on LDAP technical schema (object classes, attributes) Override some technical definitions (multi valuation, mandatory/optional) Add a lot of new definitions: – Labels – Default value – Visibility in creation/consultation/research – Allowed value – Type of displayer/editor 14
  • 15. Extended schema <entry> <string>givenName</string> <attributedefinition> <attributeName>givenName</attributeName> <type>string</type> <oid>2.5.4.42</oid> <description>&apos;RFC2256: first name(s) for which the entity is known by&apos;</description> <largeLabel xml:lang="en">Givenname</largeLabel> <largeLabel xml:lang="fr">Prénom</largeLabel> <printLabel xml:lang="en">Givenname</printLabel> <printLabel xml:lang="fr">Prenom</printLabel> <shortLabel xml:lang="en">Givenname</shortLabel> <shortLabel xml:lang="fr">Prénom</shortLabel> <precedence>15</precedence> <possibleValues> <null/> </possibleValues> <visible>true</visible> <multiValued>false</multiValued> <mandatory>true</mandatory> <filtrable>true</filtrable> <chosenInList>false</chosenInList> <operators> <operator>CONTAINS</operator> </operators> <shownAtCreation>true</shownAtCreation> </attributedefinition> </entry> 15
  • 16. Authorization Authorization is based on: – Relation between current user and target entry – Attributes concerned – Type of operation The relation is expressed trough LDAP Query Language, a specific syntax to query LDAP directories almost like SQL databases 16
  • 17. Authorization <bean id="localadmin_users_manage" class="org.linid.dm.authorization.lql.LqlTextRule" scope="prototype"> <property name="name" value="localadmin_users_manage" /> <property name="description" value="Manage users" /> <property name="module" value="" /> <property name="relation"> <value><![CDATA[ ldap.read( principalDN, "ssoRoles=$ {ldap.role.localadministrator.dn}"); ]]></value> </property> <property name="targetDn" value="${ldap.user.dn}" /> <property name="rights" value="Wd" /> <property name="attributes"> <list> <value>uid</value> <value>cn</value> <value>sn</value> <value>givenName</value> <value>telephoneNumber</value> <value>facsimileTelephoneNumber</value> <value>departmentNumber</value> <value>o</value> <value>ou</value> <value>mail</value> <value>ssoRoles</value> <value>ssoLogonHours</value> <value>userPassword</value> <value>photo</value> <value>entry</value> </list> </property> </bean> 17
  • 18. LinID Directory Manager sample A demonstration application is provided with the framework It includes an in-memory directory (OpenDJ) with the following accounts: – jdoe/secret : super administrator – jsmith/secret : local administrator – jbar/secret : user Run in Tomcat, Jetty Launch it from the sources: $ mvn -Popends jetty:run 18
  • 20. How to build your own application Know what you want: – Which data should be managed in the interface – Who can do what Import the sample application in Eclipse Generate the extended schema with the script eschemaGenerator.pl Prepare your fingers to edit XML: Spring configuration, extended schema, authorization rules Redesign the templates 20
  • 23. Example: LinID OBM Manager 23
  • 26. Thanks Special thanks to: – LDAPCon! – Company LINAGORA – All LiniD developers Keep in touch: – Identica: @coudot – Twitter: @clementoudot @LinID_FOSS – IRC: KPTN #LinID@freenode – Web: http://linid.org 26