LDAP Tools - Where are they? 350
fixe asks: "I have spent the last few months up to my eyeballs in LDAP. While I am still hopeful of what LDAP can bring to the table I am admittedly disappointed in the tools, support and documentation surrounding the standard. I have been successful at creating and populating an LDAP directory and even authenticating against it, however I cannot find decent replacements for useradd, userdel, usermod, passwd, etc. Nor have I found any decent LDAP editors or browsers (preferably console or web-based). I am hoping that the Slashdot crowd might be able to shed some light on the subject. Are there any LDAP veterans out there who can reccommend any tools? What is the best way to maintain system account synchronization with an LDAP directory? Or perhaps, is there a more attractive alternative to LDAP?"
Active Directory (Score:3, Interesting)
FWIW, Novell's NDS has been the only enterprise-class directory service since the mid-90's and AD is a play into this arena.
Of course, this is all moot since this is Slashdot and of course you aren't interested in technology from the Dark Empire (tm).
LDAP Admin Tools (Score:2, Interesting)
http://freshmeat.net/projects/sldapa/
http://freshmeat.net/projects/directoryadmin/
GTK based LDAP browser (Score:2, Interesting)
You're not looking hard enough (Score:3, Interesting)
If you have paid careful attention, you will notice that LDAP support has crept into hundreds and hundreds (of not thousands) of applications over the last year. The API's for doing LDAP programming yourself are also extremely well developed imho. You have options for C, PERL, C++, Python and a slew of other programming languages. Search Freshmeat or Sourceforge for LDAP and see what you come up with, I think you'll be surprised.
I don't think LDAP is dead, I think it's one of those protocols like TCP that just sneaks up on you with it's usefulness
The ultimate tool. (Score:4, Interesting)
That's right you can do all this and a whole lot more, using Novell Netware. Even if you don't use Netware, eDirectory (included in Netware or sold separately) allows a lot of these functions from within the Java based Console One. It runs on almost any platform, available today. It even has additional modules that allow things like single signon and more. That's right, all the advantages of
Even if it isn't free, for enterprise use, it is down right cheap!
From a purely simplistic view, LDAP is pointless (Score:2, Interesting)
all kinds of great contact / location / description information, but how is it used in reality? It is used as a really difficult to use properties file. Judging the way most people use LDAP that I've seen, they would have been better off with a sql database. At least with SQL the queries are readable. (o=, c=, wtf= is a pain).
The way I feel about it is that the LDAP 'problem' does exist and is solvable, but the right protocol/implementation does not yet exist. Until something much more friendly and useful comes along, I am firmly off the LDAP bandwagon.
So if you're looking for a good tool to solve your LDAP problems, I suggest Oracle, PostgreSQL or MySQL.
Re:Anything but OpenLDAP (Score:3, Interesting)
OpenLDAP dies a lot over here too. Replication works quite well for us, the only "problem" ist that slurd opens lots of processes for every replication target - our main ldap-machine is running about 750 processes at all times.
Don't even dare to try any 2.XX version of openldap - they have a lot of features you probably don't need and are even more buggy.
Re:Active Directory (Score:3, Interesting)
Re:This has been a huge problem for us as well (Score:3, Interesting)
Failing that AD/LDAP is pretty easy to script using ADSI interfaces.
I've never done what you are looking at, but it doesn't seem like it should be that difficult.
Re:This has been a huge problem for us as well (Score:2, Interesting)
Re:Life beyond LDAP (Score:4, Interesting)
Another eDirectory user (Score:2, Interesting)
Fun with LDAP (Score:3, Interesting)
If you are using LDAP as your addressbook, ldap-abook [freshmeat.net] is a nice interface to add/delete/modify entries. Most email clients are LDAP-aware these days and it's convenient to be able to share an address book between my personal and work email accounts.
I've had to roll my own to do system accounts, however. Make ldapmodify your new best friend, or write an interface of your own - there is a lot of support for Perl or PHP LDAP functions out there. Server-side, I've used OpenLDAP [openldap.org] and iPlanet's Directory Server [iplanet.com], and I prefer iPlanet. iPlanet has a free non-commercial license option, is significantly faster than OpenLDAP, and has hooks to synchronize with an NT or Active Directory domain so you could do all the user administration in Windows and they would propagate over to your LDAP server.
Other fun things you can do with LDAP are:
Handle Unix authentication through pam_ldap [padl.com]
Hook into NIS with the NIS/LDAP gateway [padl.com]
Authenticate through apache with mod_auth_ldap [nona.net] or auth_ldap [rudedog.org] or Netegrity [netegrity.com]
Centralize your smtp routing data in LDAP for sendmail
Good luck.
Webmin's LDAP plugin... (Score:3, Interesting)
Links: Webmin & Freshmeat page for LDAP module (LDAP module site is in French but easy to grok);
http://freshmeat.net/projects/ldap_module
Re:Another eDirectory user (Score:2, Interesting)
With some imagination as well as use of eDirectory (which has been demonstrated publicly to scale to 1 billion users, and in-house at Novell to 3 billion) AOL/Time-Warner, or perhaps the Liberty Alliance, could provide a credible alternative to Microsoft/.NET/Passport.
JDBC driver for LDAP (Score:2, Interesting)
Re:This has been a huge problem for us as well (Score:3, Interesting)