LDAPManagementTool

Looking for an LDAP browser/editor

There is a need for a better LDAP browser/editor to change and view our entries. We have looked at several possibilities, but as we wanted to be able to add functionality to it and wanted a user friendly editor many of the available LDAP browsers/editors did not meet these requirements. A LDAP browser/editor that does meet all our requirements is JXplorer, a Java, open source LDAP client, with many customization possibilities, concerning both GUI and functionality. ( http://jxplorer.org/ )

JXplore

JXplorer uses HTML pages to display LDAP entries, these HTML pages can be changed in any way, with the exception of JavaScript and VB script, both are not included in the Java 1.3 HTML parser. Using a form in this HTML page will update the LDAP entry on submit, therefor enabling easy creation of the JXplore GUI.

In addition to the GUI changes you can also add Java plugins to LDAP classes, so handling the read and write functions yourself, such should be usable with HTML GUI's (haven't seen an example of this) and can build their own GUI using Java.

With these possibilities we will be able to write an LDAP editor which is both user friendly and offers extra functionality for OPS, like creating/deleting ACLs on the IMAP server as soon as someone changes the members of a project.

Additional functionality

JXplore also offers a GUI for certificate management, importing new certificates etc. It is a platform independant program and is available for download for Windows, Mac OS X (under development), AIX, Solaris, Linux, HP-UX, Any Unix Platform. The windows version has an easy installer which installs the programm and places an icon in the program menu. There are 3 GUI overlays possible, the standard windows look and feel, Swing and Motif.

Writing plugins

Adding and changing HTML for JXplorer is an easy task, just add the right directories and create a "Main.html" file there, this one will automatically be loaded when an objectclass of this type is selected.

Writing a Java plugin for JXplorer seems to be a bit more of a challenge, it's not that easy to get it to work, the documentation about it is outdated, keeping this in mind it is still usefull to read, see: plugin tutorial. A java plugin needs to be put in the right package, namely "com.ca.directory.jxplorer.viewer" as opposed to what the tutorial says, they changed the package structure without changing the documentation. But even if in this package I'm unable to get the plugin to load unless I put it in jar file and add that jar file to the classpath.

Unfortunetly the plugin loads in it's own tab instead of as an add on to the HTML view, as I would have wanted it. I have implemented the following interfaces at the moment PluggableEditor and DataSink.

Required functionality

What we need for our LDAP editor:

• remove ACL in IMAP on member deletion from project
• add ACL in IMAP when a memeber is added to a project
• generate projectGuid on project creation
• create IMAP project folder
• create directory structure for OpsDocument

HTML templates for JXplorer

This will be of no use to us as we won't be able to add new textfields to multivalue attributes and all in all the possibilities are limited without the use of javascript.

Java Plugin for JXplorer

A java plugin for JXplorer on the other hand will be of use to us as we can completely write our own editor.

What we want to customize:

• attributes which require special actions
  • memberUid needs action when removed/added
  • a projectGuid should just be generated
  • imapFolder attribute should be set and the folder should be created in IMAP
  • opsDocumentPath should create directory structure when set

• write an editor for objectClass: project
  • add ACL
  • remove ACL
  • generate guid
  • create IMAP project folder
  • create directory structure for OpsDocument

We need a base class which provides a basic editor for all object types such as the table editor included in JXplorer. I will write a BasicEditor which is an easily customizable editor. For each objectClass we should still implement an objectClass.java but we will only need to set it's specific information in it.

TODO

• Write a basic editor for all LDAP objectClasses
  • Gather objectClass attributes
  • Make basic name and texfield per attribute
  • Make this editor easily pluggable
    • Specify list of attributes to hide
    • Specify custom label names for LDAP attributes
    • Callback method which informs editor of write functions, so the specific editor extending BasicEditor can take specific action
• Write a specific project objectClass editor
  • memberUid needs action when removed/added
  • a projectGuid should just be generated
  • imapFolder attribute should be set and the folder should be created in IMAP
  • opsDocumentPath should create directory structure when set

project.java

This class should handle all extra functionality for LDAP projects. Using this sollution we should overwrite all existing editors and write an editor ourself in which we will handle everything in the data we want. Problem with this approach would be that the project editor is no longer consistent with the other editors, so we need editors for all objectClasses we use.

opsperson.java

Filtering out some binaries, have to look into this one for filtering out other attributes.

opsorganization.java

Same as for opsperson.java.

-- BastiaanGrutters - 09 Nov 2005