web2ldap - Основанный на Web LDAP Клиент, написанны на Python.
  0.31 MB|License: GPL

web2ldap is an LDAP client written in Python, full-featured and designed to run as a stand-alone Web gateway or under the control of a web server with FastCGI support (e.g., Apache with mod_fastcgi).

Here are some key features of "web2ldap":

� Full LDAPv3 sub schema sub entry support when displaying an entry or input form with required and allowed attributes.
� Built-in schema browser displays all forward and backward references to other schema elements as links for all supported schema elements.

Currently supported and used schema attributes:

� attributeTypes
� dITContentRules
� ldapSyntaxes
� matchingRuleUse
� matchingRules
� objectClasses

� Schema support has reasonable performance since caching of parsed sub schema sub entries is done.
� Full support for inherited schema elements (object classes and attribute types).
� Fall-back to a local schema definition in configuration stored in LDIF file (for e.g. LDAPv2 servers).
� Support for adding, modifying, deleting entries, deleting sub trees and renaming entries.
� Schema-aware to provide schema-matching input forms for add/modify.
� Automatic search for missing parent entries if adding of an entry fails with "no such object". (for reducing the same old boring questions on the LDAP-related mailing lists ;-).

Convenient, secure and efficient way to add/remove an entry to/from a group entry. Many common group object classes are automagically supported:

� groupOfNames
� groupOfUniqueNames
� rfc822MailGroup
� mailGroup
� posixGroup (see RFC 2307)
� accessGroup (found in IBM SecureWay)

� Even large groups (>100000 members) are handled with reasonable performance. Security problems even with distributed management are avoided by "just doing it right".
� LDAP connection handling
� Automatically determine the protocol version and features supported by the LDAP server. Falls back to reasonable defaults if features are not available.
� LDAP URLs
� It it possible to directly use LDAP URLs (see RFC 2255) to reference LDAP entries and LDAP search results. Example: http://sites.inka.de:8002/web2ldap/ldapurl?ldap://ldap.openldap.org/dc=openldap,dc=org Note: Although most LDAP URLs will work you should use URL-quoted LDAP URLs.
� Root DSE
� Uses namingContexts attribute from RootDSE to determine appropriate search root automatically.
� Honours feature All Operational Attribute (supportedFeatures: 1.3.6.1.4.1.4203.1.5.1).
� LDAPv3 Referrals
� Displays new login mask to repeat current action after chasing a referral.
� Search continuations are displayed.
� Locating LDAP service
� Try to locate a LDAP host for a specific domain, dc-style DN (RFC 2247, RFC 2377) or e-mail address. (see also the Internet Draft "A Taxonomy of Methods for LDAP Clients Finding Servers" on LDAPEXT page)
� Well known DNS aliases (kinda primitive anyway)
� LDAPv3 Referrals (knowledge references)
� Locate LDAP host via SRV RR (see also RFC 2782). This is automatically done if e.g a LDAP URL does not contain a host name but a dc-style DN or if an error response was received with error code NO_SUCH_OBJECT (somewhat inspired by RFC 3088).
� Manage DSA IT mode
� Enabling/disabling manage DSA IT mode (see draft-zeilenga-ldap-namedref).
� Downloading of binary attributes with appropriate mapping to MIME types.
� Optionally use gzip-encoding for saving network bandwidth if client has sent Accept-Encoding: gzip in the HTTP header.
� Optionally use the right character set for output according to the HTTP header Accept-Charset sent by the HTTP client.
� Support for SASL bind.
� Default configuration is quite strict. If you see this paradigm violated somewhere in a distributed package of web2ldap please let me know.
� Since the user logs in and opens a persistent LDAP connection storing or passing around passwords is not necessary.
� Security mechanisms to avoid hijacking web sessions.
� Maximum number of currently used web sessions can be limited.
� Smart login with automatic completion of bind DN.
� Client-hashed passwords (see also RFC 2307, schemes {crypt}, {md5}, {sha}, {smd5}, {ssha}) for setting the userPassword attribute on Umich-derived LDAP servers (like OpenLDAP, Netscape/IPlanet server etc.).
� Nice displaying of X.509 certificates and CRLs stored in the directory including all X.509v3 extensions with links to e.g. CRL distribution points, policy documents etc.
� Synced setting of userPassword and Samba password attributes.
� Attribute shadowLastChange set if an entry has object class shadowAccount.

What's New in This Release:

� This release fixes some regressions and adds work-arounds (e.g. for bugs in OpenDS).
� Delta-modification now explicitly deletes old values if an attribute has an EQUALITY matching rule.