web2ldap - FAQ

Frequently Asked Questions
General
<Download> <Features> <Roadmap> <News> <Demo> <Related>
Support
<Commercial> <Feedback> <FAQ>
Documentation
<Installing> <Customizing UI> <Configuration> <Compability> <Security> <Changes> <Files>
SyntaxError: ...
You are probably running a Python version prior to 2.0. See required software before starting web2ldap.
ImportError: No module named ldap
The python-ldap module was not found. Install all required software before starting web2ldap.
I've installed some packages coming with my favourite Linux distribution and get strange errors with...
Please check whether packages coming with your distribution match the list of required software before starting web2ldap.
I want to refer to the web2ldap gateway from a web page. Is there a way to get a persistent URL?
Yes, you can use any RFC4516-compliant LDAP URL as query string. The safest way is to use the URL-encoded scheme.
Example:
http://demo.web2ldap.de:1760/web2ldap?ldap://ldap.openldap.org/dc=openldap,dc=org
The specific examples on the demo page might give you some more ideas.
I would like to integrate web2ldap in my Netscape address book. Is there a way to do that?
Yes, you can configure Netscape in the preferences file (preferences.js or prefs.js) to use a pre-configured URL for pointing to a web gateway (here web2ldap with command ldapurl). See "Customizing LDAP Settings For Communicator 4.5".
Note: The example in Netscape's document is somewhat misleading. I try to provide a better one.
Watch out for your LDAP configuration. Something like:
user_pref("ldap_2.servers.Michaels.serverName", "localhost");
user_pref("ldap_2.servers.Michaels.searchBase", "o=Michaels");
    
and add something like
user_pref("ldap_2.servers.Michaels.customDisplayUrl", "http://localhost/web2ldap-fcgi/web2ldap.py/ldapurl?ldap://localhost/%s");
    
Note that the prefix "ldap_2.servers.Michaels" here is only valid in my local configuration example which was automatically generated by the Netscape browser. The prefix in your preferences file will be different.
I would like to upload a photo, a certificate or other binary attribute data. Is that possible?
Yes. But up to now only a single value is supported per attribute. Uploading multiple binary attribute values is currently only possible via LDIF when adding or modifying an entry. You have to convert your binary data with a LDIF tool first and cut&paste its output into the LDIF input field or provide a URL in the LDIF line (see global configuration parameter web2ldapcnf.misc.ldif_url_schemes).
I would like to delete a photo, a certificate or other binary attribute data. Is that possible?
Yes, it is possible since version 0.10.0. An addtional [Delete] link is shown for binary attributes. Note that in case of multi-valued attributes all attribute values are deleted. You cannot delete a single chosen attribute value.
I want to avoid displaying the raw DNs in the search result table. How to do that?
There are several possibilities:
I have embedded HTML code with hyperlinks into some of the LDAP entries. When I display the entry with Netscape the hyperlinks work just fine but with web2ldap the HTML code is displayed instead of displaying the hyperlink.

This behaviour of escaping HTML entity characters is implemented for security reasons. It prevents execution of bad Javascript code a malicious user might have added (see CERT advisory 2000-02).

Plain URLs in attributes are converted automatically to hyperlinks if the syntax or attribute type is registered to contain URLs (e.g. attribute type labeledURI).

I would like to setup some automatically filled fields. E.g. automatically set the cn (common name) attribute with the concatenation of values of the attributes givenName and sn (surname).

There are two ways of achieving something like this:

I would like to define a "select" item for certain input fields.
This can be easily done by defining a plug-in class based on base class w2lapp.schema.syntaxes.SelectList and register it as a LDAP syntax handler or explicitly for an attribute type. A simple example can be found in file pylib/w2lapp/schema/plugins/msperson.py. In some cases the select list can also be defined based on LDAP URLs specifying a dynamic result set used for select options.
How to customize the HTML output to use different colors, different font size, etc.?
Customization of layout can be done by defining a CSS file (cascaded style sheet). Almost all important HTML elements have own id or class attributes which can be used to define their appearance. Have a look at the example CSS files shipped with the source distribution package.
I have started web2ldap in stand-alone mode. It runs and accessing it from localhost works but I cannot access it over my network. What is wrong?

For security reasons web2ldap does not bind to every interface in your system as default like other network demons do. You have to explicitly bind to a specific network interface by using command line option -l.
web2ldap -l my.public.ether.addr:port

You can enable binding to all interfaces by

web2ldap -l 0.0.0.0:port

Since web2ldap 0.11.20 there is a stand-alone configuration option web2ldapcnf.standalone.bind_address for this purpose.

Also watch out for stand-alone configuration option web2ldapcnf.standalone.access_allowed which limits the client's IP addresses allowed to access the built-in web server.

I try to run web2ldap but it quits during startup and throws an exception in the module DNS.
There are some errors in the DNS module, e.g. improper parsing of /etc/resolv.conf. A fast work-around is to delete the directory pylib/DNS/ if you are not using SRV RR's in your DNS to automatically locate LDAP servers based on dc-style DNs. This is likely the case if you do not understand what I am saying here. ;-)
The complete solution is to install a recent version of PyDNS which has many bugs fixed. Note that the module DNS was just shipped with web2ldap because a specially patched version was needed for SRV RR lookups. This patch is now part of PyDNS.
Is it possible to run web2ldap under Windows (Win32)?
Yes. You have to grab a Win32 build of python-ldap.
NameError: global name 'threading' is not defined
Your Python interpreter seems to have thread support disabled. You can solve that by building Python with configure --with-threads.
Is there some way of nifty browser integration?
Yes, check out the directory htdocs/sidebars or the demo sidebar which contains HTML examples for using side-bars of modern browsers (Mozilla, Opera) as entry point. Make sure to use LDAP URLs! With Mozilla you can also use Custom Keywords.
I experience problems with session hijacking detection when accessing web2ldap through a web proxy.
Check out configuration parameter web2ldapcnf.misc.session_checkvars
Is Kerberos-based authentication supported?
Yes. python-ldap has to been built with SASL/GSSAPI support (see also python-ldap's installation instructions) and web2ldap has to be started in stand-alone mode by the end-user to use his/her ticket granting ticket (TGT).

www.nosoftwarepatents.com