| Name | ldap-ui JSON |
| Version |
0.9.12
JSON |
| download |
| home_page | None |
| Summary | A fast and versatile LDAP editor |
| upload_time | 2024-11-27 21:39:47 |
| maintainer | None |
| docs_url | None |
| author | dnknth |
| requires_python | >=3.7 |
| license | MIT License |
| keywords |
ldap
web-ui
python3
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Fast and versatile LDAP editor
This is a *minimal* web interface for LDAP directories. Docker images for `linux/amd64` and `linux/arm64/v8` are [available](https://hub.docker.com/r/dnknth/ldap-ui).
Features:
* Directory tree view
* Entry creation / modification / deletion
* LDIF import / export
* Image support for the `jpegPhoto` and `thumbnailPhoto` attributes
* Schema aware
* Simple search (configurable)
* Asynchronous LDAP backend with decent scalability
* Available as [Docker image](https://hub.docker.com/r/dnknth/ldap-ui/)
The app always requires authentication, even if the directory permits anonymous access. User credentials are validated through a simple `bind` on the directory (SASL is not supported). What a particular user can see (and edit) is governed entirely by directory access rules. The app shows the directory contents, nothing less and nothing more.
## Usage
### Environment variables
LDAP access is controlled by the following optional environment variables, possibly from a `.env` file:
* `LDAP_URL`: Connection URL, defaults to `ldap:///`.
* `BASE_DN`: Search base, e.g. `dc=example,dc=org`.
* `SCHEMA_DN`: # DN to obtain the directory schema, e.g. `cn=subSchema`.
* `LOGIN_ATTR`: User name attribute, defaults to `uid`.
* `USE_TLS`: Enable TLS, defaults to true for `ldaps` connections. Set it to a non-empty string to force `STARTTLS` on `ldap` connections.
* `INSECURE_TLS`: Do not require a valid server TLS certificate, defaults to false, implies `USE_TLS`.
if `BASE_DN` or `SCHEMA_DN` are not provided explicitly, auto-detection from the root DSE is attempted.
For this to work, the root DSE must be readable anonymously, e.g. with the following ACL line for OpenLDAP:
```text
access to dn.base="" by * read
```
For finer-grained control, see [settings.py](settings.py).
### Docker
For the impatient: Run it with
```shell
docker run -p 127.0.0.1:5000:5000 \
-e LDAP_URL=ldap://your.openldap.server/
```
For the even more impatient: Start a demo with
```shell
docker compose up -d
```
and go to <http://localhost:5000/>. You are automatically logged in as `Fred Flintstone`.
### Pip
Install the `python-ldap` dependency with your system's package manager.
Otherwise, Pip will try to compile it from source and this will likely fail because it lacks a development environment.
Then install `ldap-ui` in a virtual environment:
```shell
python3 -m venv --system-site-packages venv
. venv/bin/activate
pip3 install ldap-ui
```
Possibly after a shell `rehash`, it is available as `ldap-ui`:
```text
Usage: ldap-ui [OPTIONS]
Options:
-b, --base-dn TEXT LDAP base DN. Required unless the BASE_DN
environment variable is set.
-h, --host TEXT Bind socket to this host. [default:
127.0.0.1]
-p, --port INTEGER Bind socket to this port. If 0, an available
port will be picked. [default: 5000]
-l, --log-level [critical|error|warning|info|debug|trace]
Log level. [default: info]
--version Display the current version and exit.
--help Show this message and exit.
```
## Development
Prerequisites:
* [GNU make](https://www.gnu.org/software/make/)
* [node.js](https://nodejs.dev) LTS version with NPM
* [Python3](https://www.python.org) ≥ 3.7
* [pip3](https://packaging.python.org/tutorials/installing-packages/)
* [python-ldap](https://pypi.org/project/python-ldap/); To compile the Python module:
* Debian / Ubuntu: `apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev`
* RedHat / CentOS: `yum install python-devel openldap-devel`
`ldap-ui` consists of a Vue frontend and a Python backend that roughly translates a subset of the LDAP protocol to a stateless ReST API.
For the frontend, `npm run build` assembles everything in `backend/ldap_ui/statics`.
Review the configuration in [settings.py](settings.py). It is short and mostly self-explaining.
Most settings can (and should) be overridden by environment variables or settings in a `.env` file; see [env.demo](env.demo) or [env.example](env.example).
The backend can be run locally with `make`, which will also install dependencies and build the frontend if needed.
## Notes
### Authentication methods
The UI always uses a simple `bind` operation to authenticate with the LDAP directory. How the `bind` DN is obtained from a given user name depends on a combination of OS environment variables, possibly from a `.env` file:
1. Search by some attribute. By default, this is the `uid`, which can be overridden by the environment variable `LOGIN_ATTR`, e.g. `LOGIN_ATTR=cn`.
2. If the environment variable `BIND_PATTERN` is set, then no search is performed. Login with a full DN can be configured with `BIND_PATTERN=%s`, which for example allows to login as user `cn=admin,dc=example,dc=org`. If a partial DN like `BIND_PATTERN=%s,dc=example,dc=org` is configured, the corresponding login would be `cn=admin`. If a specific pattern like `BIND_PATTERN=cn=%s,dc=example,dc=org` is configured, the login name is just `admin`.
3. If security is no concern, then a fixed `BIND_DN` and `BIND_PASSWORD` can be set in the environment. This is for demo purposes only, and probably a very bad idea if access to the UI is not restricted by any other means.
### Searching
Search uses a (configurable) set of criteria (`cn`, `gn`, `sn`, and `uid`) if the query does not contain `=`.
Wildcards are supported, e.g. `f*` will match all `cn`, `gn`, `sn`, and `uid` starting with `f`.
Additionally, arbitrary attributes can be searched with an LDAP filter specification, for example `sn=F*`.
### Caveats
* The software works with [OpenLdap](http://www.openldap.org) using simple bind. Other directories have not been tested much, although [389 DS](https://www.port389.org) works to some extent.
* SASL authentication schemes are presently not supported.
* Passwords are transmitted as plain text. The LDAP server is expected to hash them (OpenLdap 2.4 does). I strongly recommend to expose the app through a TLS-enabled web server.
* HTTP *Basic Authentication* is triggered unless the `AUTHORIZATION` request variable is already set by some upstream HTTP server.
## Q&A
* Q: Why are some fields not editable?
* A: The RDN of an entry is read-only. To change it, rename the entry with a different RDN, then change the old RDN and rename back. To change passwords, click on the question mark icon on the right side. Binary fields (as per schema) are read-only. You do not want to modify them accidentally.
* Q: Why did you write this?
* A: [PHPLdapAdmin](http://phpldapadmin.sf.net/) has not seen updates for ages. I needed a replacement, and wanted to try Vue.
## Acknowledgements
The Python backend uses [Starlette](https://starlette.io). The UI is built with [Vue.js](https://vuejs.org) and [Tailwind CSS](https://tailwindcss.com/). Kudos to the authors of these elegant frameworks!
Raw data
{
"_id": null,
"home_page": null,
"name": "ldap-ui",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "ldap, web-ui, python3",
"author": "dnknth",
"author_email": null,
"download_url": null,
"platform": null,
"description": "# Fast and versatile LDAP editor\n\nThis is a *minimal* web interface for LDAP directories. Docker images for `linux/amd64` and `linux/arm64/v8` are [available](https://hub.docker.com/r/dnknth/ldap-ui).\n\n\n\nFeatures:\n\n* Directory tree view\n* Entry creation / modification / deletion\n* LDIF import / export\n* Image support for the `jpegPhoto` and `thumbnailPhoto` attributes\n* Schema aware\n* Simple search (configurable)\n* Asynchronous LDAP backend with decent scalability\n* Available as [Docker image](https://hub.docker.com/r/dnknth/ldap-ui/)\n\nThe app always requires authentication, even if the directory permits anonymous access. User credentials are validated through a simple `bind` on the directory (SASL is not supported). What a particular user can see (and edit) is governed entirely by directory access rules. The app shows the directory contents, nothing less and nothing more.\n\n## Usage\n\n### Environment variables\n\nLDAP access is controlled by the following optional environment variables, possibly from a `.env` file:\n\n* `LDAP_URL`: Connection URL, defaults to `ldap:///`.\n* `BASE_DN`: Search base, e.g. `dc=example,dc=org`.\n* `SCHEMA_DN`: # DN to obtain the directory schema, e.g. `cn=subSchema`.\n* `LOGIN_ATTR`: User name attribute, defaults to `uid`.\n\n* `USE_TLS`: Enable TLS, defaults to true for `ldaps` connections. Set it to a non-empty string to force `STARTTLS` on `ldap` connections.\n* `INSECURE_TLS`: Do not require a valid server TLS certificate, defaults to false, implies `USE_TLS`.\n\nif `BASE_DN` or `SCHEMA_DN` are not provided explicitly, auto-detection from the root DSE is attempted.\nFor this to work, the root DSE must be readable anonymously, e.g. with the following ACL line for OpenLDAP:\n\n```text\naccess to dn.base=\"\" by * read\n```\n\nFor finer-grained control, see [settings.py](settings.py).\n\n### Docker\n\nFor the impatient: Run it with\n\n```shell\ndocker run -p 127.0.0.1:5000:5000 \\\n -e LDAP_URL=ldap://your.openldap.server/\n```\n\nFor the even more impatient: Start a demo with\n\n```shell\ndocker compose up -d\n```\n\nand go to <http://localhost:5000/>. You are automatically logged in as `Fred Flintstone`.\n\n### Pip\n\nInstall the `python-ldap` dependency with your system's package manager.\nOtherwise, Pip will try to compile it from source and this will likely fail because it lacks a development environment.\n\nThen install `ldap-ui` in a virtual environment:\n\n```shell\npython3 -m venv --system-site-packages venv\n. venv/bin/activate\npip3 install ldap-ui\n```\n\nPossibly after a shell `rehash`, it is available as `ldap-ui`:\n\n```text\nUsage: ldap-ui [OPTIONS]\n\nOptions:\n -b, --base-dn TEXT LDAP base DN. Required unless the BASE_DN\n environment variable is set.\n -h, --host TEXT Bind socket to this host. [default:\n 127.0.0.1]\n -p, --port INTEGER Bind socket to this port. If 0, an available\n port will be picked. [default: 5000]\n -l, --log-level [critical|error|warning|info|debug|trace]\n Log level. [default: info]\n --version Display the current version and exit.\n --help Show this message and exit.\n```\n\n## Development\n\nPrerequisites:\n\n* [GNU make](https://www.gnu.org/software/make/)\n* [node.js](https://nodejs.dev) LTS version with NPM\n* [Python3](https://www.python.org) \u2265 3.7\n* [pip3](https://packaging.python.org/tutorials/installing-packages/)\n* [python-ldap](https://pypi.org/project/python-ldap/); To compile the Python module:\n * Debian / Ubuntu: `apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev`\n * RedHat / CentOS: `yum install python-devel openldap-devel`\n\n`ldap-ui` consists of a Vue frontend and a Python backend that roughly translates a subset of the LDAP protocol to a stateless ReST API.\n\nFor the frontend, `npm run build` assembles everything in `backend/ldap_ui/statics`.\n\nReview the configuration in [settings.py](settings.py). It is short and mostly self-explaining.\nMost settings can (and should) be overridden by environment variables or settings in a `.env` file; see [env.demo](env.demo) or [env.example](env.example).\n\nThe backend can be run locally with `make`, which will also install dependencies and build the frontend if needed.\n\n## Notes\n\n### Authentication methods\n\nThe UI always uses a simple `bind` operation to authenticate with the LDAP directory. How the `bind` DN is obtained from a given user name depends on a combination of OS environment variables, possibly from a `.env` file:\n\n1. Search by some attribute. By default, this is the `uid`, which can be overridden by the environment variable `LOGIN_ATTR`, e.g. `LOGIN_ATTR=cn`.\n2. If the environment variable `BIND_PATTERN` is set, then no search is performed. Login with a full DN can be configured with `BIND_PATTERN=%s`, which for example allows to login as user `cn=admin,dc=example,dc=org`. If a partial DN like `BIND_PATTERN=%s,dc=example,dc=org` is configured, the corresponding login would be `cn=admin`. If a specific pattern like `BIND_PATTERN=cn=%s,dc=example,dc=org` is configured, the login name is just `admin`.\n3. If security is no concern, then a fixed `BIND_DN` and `BIND_PASSWORD` can be set in the environment. This is for demo purposes only, and probably a very bad idea if access to the UI is not restricted by any other means.\n\n### Searching\n\nSearch uses a (configurable) set of criteria (`cn`, `gn`, `sn`, and `uid`) if the query does not contain `=`.\nWildcards are supported, e.g. `f*` will match all `cn`, `gn`, `sn`, and `uid` starting with `f`.\nAdditionally, arbitrary attributes can be searched with an LDAP filter specification, for example `sn=F*`.\n\n### Caveats\n\n* The software works with [OpenLdap](http://www.openldap.org) using simple bind. Other directories have not been tested much, although [389 DS](https://www.port389.org) works to some extent.\n* SASL authentication schemes are presently not supported.\n* Passwords are transmitted as plain text. The LDAP server is expected to hash them (OpenLdap 2.4 does). I strongly recommend to expose the app through a TLS-enabled web server.\n* HTTP *Basic Authentication* is triggered unless the `AUTHORIZATION` request variable is already set by some upstream HTTP server.\n\n## Q&A\n\n* Q: Why are some fields not editable?\n * A: The RDN of an entry is read-only. To change it, rename the entry with a different RDN, then change the old RDN and rename back. To change passwords, click on the question mark icon on the right side. Binary fields (as per schema) are read-only. You do not want to modify them accidentally.\n* Q: Why did you write this?\n * A: [PHPLdapAdmin](http://phpldapadmin.sf.net/) has not seen updates for ages. I needed a replacement, and wanted to try Vue.\n\n## Acknowledgements\n\nThe Python backend uses [Starlette](https://starlette.io). The UI is built with [Vue.js](https://vuejs.org) and [Tailwind CSS](https://tailwindcss.com/). Kudos to the authors of these elegant frameworks!\n",
"bugtrack_url": null,
"license": "MIT License",
"summary": "A fast and versatile LDAP editor",
"version": "0.9.12",
"project_urls": {
"Repository": "https://github.com/dnknth/ldap-ui"
},
"split_keywords": [
"ldap",
" web-ui",
" python3"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "33c800578cf56d33d727b3ae628a62708b2051eb9bedfab39c7bef15f5fd75e8",
"md5": "65aba6cf20a6f73dc9d86a6c609a0cd3",
"sha256": "fa5edda0ee3915ba7203647a391ddc37b975611c8f0ed755747e43b47f088ac2"
},
"downloads": -1,
"filename": "ldap_ui-0.9.12-py3-none-any.whl",
"has_sig": false,
"md5_digest": "65aba6cf20a6f73dc9d86a6c609a0cd3",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 640948,
"upload_time": "2024-11-27T21:39:47",
"upload_time_iso_8601": "2024-11-27T21:39:47.109329Z",
"url": "https://files.pythonhosted.org/packages/33/c8/00578cf56d33d727b3ae628a62708b2051eb9bedfab39c7bef15f5fd75e8/ldap_ui-0.9.12-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-27 21:39:47",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "dnknth",
"github_project": "ldap-ui",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "ldap-ui"
}
