4. Clément OUDOT
Engineer since 2003 at LINAGORA company
LinID Dream Team Manager: http://linid.org
Founder of LDAP Tool Box project:
http://ltb-project.org
Leader of LemonLDAP::NG project:
http://lemonldap-ng.org
4
8. LDAP directory management interfaces
In the proprietary world:
– Calendra Directory Manager (Calendra)
– Meibo (Ilex)
– Some Identity Manager (Oracle, Novell, etc.)
In the free software world:
– LDAP Account Manager
– ldapSaisie
– FusionDirectory (ex GOSA)
– LinID Directory Manager
– OpenIDM (ForgeRock)
– Janua white pages
90% of deployments: self made applications
8
9. Main features
Screen modelling (HTML templates)
Specific displayer and editor for each attribute
Tag choice and internationalization
Authorization management with profiles
No data adaptation needed
9
11. History
Development started at UPMC in 2002. First version in PHP, quickly
rewritten in Java. The software is called MetaLDAP
Open Source release in 2003, under the name InterLDAP
Became an ObjectWeb project in 2006 inside the FederID project
Creation of LinID in 2008, it becomes LinID Content Manager and
then LinID Directory Manager
The project is now hosted by Linagora and released under AGPLv3
11
12. Built with free software
LinID Directory Manager is a web framework Web
built upon:
– Tapestry 5
– Spring, Spring LDAP
– Maven
– Xstream
– Rhino
– Ehcache
– jQuery, jQuery UI
12
14. Extended schema
Based on LDAP technical schema (object classes,
attributes)
Override some technical definitions (multi valuation,
mandatory/optional)
Add a lot of new definitions:
– Labels
– Default value
– Visibility in creation/consultation/research
– Allowed value
– Type of displayer/editor
14
15. Extended schema
<entry>
<string>givenName</string>
<attributedefinition>
<attributeName>givenName</attributeName>
<type>string</type>
<oid>2.5.4.42</oid>
<description>'RFC2256: first name(s) for which the entity is known
by'</description>
<largeLabel xml:lang="en">Givenname</largeLabel>
<largeLabel xml:lang="fr">Prénom</largeLabel>
<printLabel xml:lang="en">Givenname</printLabel>
<printLabel xml:lang="fr">Prenom</printLabel>
<shortLabel xml:lang="en">Givenname</shortLabel>
<shortLabel xml:lang="fr">Prénom</shortLabel>
<precedence>15</precedence>
<possibleValues>
<null/>
</possibleValues>
<visible>true</visible>
<multiValued>false</multiValued>
<mandatory>true</mandatory>
<filtrable>true</filtrable>
<chosenInList>false</chosenInList>
<operators>
<operator>CONTAINS</operator>
</operators>
<shownAtCreation>true</shownAtCreation>
</attributedefinition>
</entry>
15
16. Authorization
Authorization is based on:
– Relation between current user and target entry
– Attributes concerned
– Type of operation
The relation is expressed trough LDAP Query
Language, a specific syntax to query LDAP
directories almost like SQL databases
16
18. LinID Directory Manager sample
A demonstration application is provided with the framework
It includes an in-memory directory (OpenDJ) with the following
accounts:
– jdoe/secret : super administrator
– jsmith/secret : local administrator
– jbar/secret : user
Run in Tomcat, Jetty
Launch it from the sources:
$ mvn -Popends jetty:run
18
20. How to build your own application
Know what you want:
– Which data should be managed in the interface
– Who can do what
Import the sample application in Eclipse
Generate the extended schema with the script
eschemaGenerator.pl
Prepare your fingers to edit XML: Spring configuration,
extended schema, authorization rules
Redesign the templates
20