web2ldap 0.16.14 review

Download
by rbytes.net on

web2ldap is an LDAP client written in Python, full-featured and designed to run as a stand-alone Web gateway or under the control of

License: GPL (GNU General Public License)
File size: 298K
Developer: Michael Str?der
0 stars award from rbytes.net

web2ldap is an LDAP client written in Python, full-featured and designed to run as a stand-alone Web gateway or under the control of a web server with FastCGI support (e.g., Apache with mod_fastcgi).

Here are some key features of "web2ldap":
Full LDAPv3 sub schema sub entry support when displaying an entry or input form with required and allowed attributes.
Built-in schema browser displays all forward and backward references to other schema elements as links for all supported schema elements.
Currently supported and used schema attributes:
* attributeTypes
* dITContentRules
* ldapSyntaxes
* matchingRuleUse
* matchingRules
* objectClasses
Schema support has reasonable performance since caching of parsed sub schema sub entries is done.
Full support for inherited schema elements (object classes and attribute types).
Fall-back to a local schema definition in configuration stored in LDIF file (for e.g. LDAPv2 servers).
Support for adding, modifying, deleting entries, deleting sub trees and renaming entries.
Schema-aware to provide schema-matching input forms for add/modify.
Automatic search for missing parent entries if adding of an entry fails with "no such object". (for reducing the same old boring questions on the LDAP-related mailing lists ;-).
Convenient, secure and efficient way to add/remove an entry to/from a group entry. Many common group object classes are automagically supported:
* groupOfNames
* groupOfUniqueNames
* rfc822MailGroup
* mailGroup
* posixGroup (see RFC 2307)
* accessGroup (found in IBM SecureWay)
Even large groups (>100000 members) are handled with reasonable performance. Security problems even with distributed management are avoided by "just doing it right".
LDAP connection handling
Automatically determine the protocol version and features supported by the LDAP server. Falls back to reasonable defaults if features are not available.
LDAP URLs
It it possible to directly use LDAP URLs (see RFC 2255) to reference LDAP entries and LDAP search results. Example: http://sites.inka.de:8002/web2ldap/ldapurl?ldap://ldap.openldap.org/dc=openldap,dc=org Note: Although most LDAP URLs will work you should use URL-quoted LDAP URLs.
Root DSE
* Uses namingContexts attribute from RootDSE to determine appropriate search root automatically.
* Honours feature All Operational Attribute (supportedFeatures: 1.3.6.1.4.1.4203.1.5.1).
LDAPv3 Referrals
* Displays new login mask to repeat current action after chasing a referral.
* Search continuations are displayed.
Locating LDAP service
Try to locate a LDAP host for a specific domain, dc-style DN (RFC 2247, RFC 2377) or e-mail address. (see also the Internet Draft "A Taxonomy of Methods for LDAP Clients Finding Servers" on LDAPEXT page)
* Well known DNS aliases (kinda primitive anyway)
* LDAPv3 Referrals (knowledge references)
* Locate LDAP host via SRV RR (see also RFC 2782). This is automatically done if e.g a LDAP URL does not contain a host name but a dc-style DN or if an error response was received with error code NO_SUCH_OBJECT (somewhat inspired by RFC 3088).
Manage DSA IT mode
Enabling/disabling manage DSA IT mode (see draft-zeilenga-ldap-namedref).
Downloading of binary attributes with appropriate mapping to MIME types.
Optionally use gzip-encoding for saving network bandwidth if client has sent Accept-Encoding: gzip in the HTTP header.
Optionally use the right character set for output according to the HTTP header Accept-Charset sent by the HTTP client.
Support for SASL bind.
Default configuration is quite strict. If you see this paradigm violated somewhere in a distributed package of web2ldap please let me know.
Since the user logs in and opens a persistent LDAP connection storing or passing around passwords is not necessary.
Security mechanisms to avoid hijacking web sessions.
Maximum number of currently used web sessions can be limited.
Smart login with automatic completion of bind DN.
Client-hashed passwords (see also RFC 2307, schemes {crypt}, {md5}, {sha}, {smd5}, {ssha}) for setting the userPassword attribute on Umich-derived LDAP servers (like OpenLDAP, Netscape/IPlanet server etc.).
Nice displaying of X.509 certificates and CRLs stored in the directory including all X.509v3 extensions with links to e.g. CRL distribution points, policy documents etc.
Synced setting of userPassword and Samba password attributes.
Attribute shadowLastChange set if an entry has object class shadowAccount.

What's New in This Release:
More graceful handling is done during connection when the server disallows anonymous binding and restricts access to root DSE.

web2ldap 0.16.14 keywords