web2ldap - Features

List of currently available features
General
<Download> <Features> <Roadmap> <News> <Demo> <Related>
Support
<Commercial> <Feedback> <FAQ>
Documentation
<Installing> <Customizing UI> <Configuration> <Compability> <Security> <Changes> <Files>

See the roadmap for features which will be added in the future.

Feature requests can be made through the feedback form.

Running Mode

User Interface

Many Output Formats

Plug-ins

Plug-in modules/classes for specific handling of attributes/syntaxes. The following plug-in modules currently exist:

acp133
mainly LDAP syntaxes defined for ACP 133 with simple select lists and not tested
activedirectory
For MS AD and Samba 4
asn1objects
Class which can dump BER objects as ASN.1 with module pisces
dhcp
Various attributes with dynamic select lists
dirx
Configuration attributes of Siemens DirX
edirectory
Various syntaxes found in draft-sermersheim-nds-ldap-schema
eduperson
for attributes defined eduPerson
entrust
Some small syntax quirks for Entrust PKI schema
exchange
Some small quirks for Exchange 5.5
ibmds
Some small quirks for IBM Directory Server
krb5
for heimdal and MIT Kerberos schema
ldapns
LDAP-based naming service
lotusdomino
for attributes in Lotus Domino's LDAP service
msperson
See stroeder.com.schema
mssfu30
Microsoft System Services for Unix 3.0
nis
NIS attributes (see also RFC 2307)
opends
mainly some configuration attributes used in OpenDS
openldap
some attributes used in OpenLDAP for configuration and accesslog (see also draft-chu-ldap-logschema)
pgpkeysrv
Multi-line fields for PGP keys
pilotperson
pkcschema
for attributes defined in draft-ietf-pkix-ldap-pkc-schema
ppolicy
for attributes defined in draft-behera-ldap-password-policy
quirks
Various quirks for very misbehaving servers
samba
for Samba 3
schac
for attributes defined in SCHAC
subentries
for attributes defined for subentries (see RFC 3672)
vchupwdpolicy
covering central password policy configuration attributes defined in draft-vchu-ldap-pwd-policy
vpim
for attributes defined in VPIM (see RFC 4237)
x500dsa

Advanced LDAP features

Schema support
Write Access
Changing/Resetting passwords
Group administration feature
Convenient, secure and efficient way to add/remove an entry to/from a group entry. Many common group object classes are automagically supported: Even large groups (>100000 members) are handled with reasonable performance. Security problems even with distributed management are avoided by "just doing it right".
LDAP connection handling
Automatically determine the protocol version and features supported by the LDAP server. Falls back to reasonable defaults if features are not available.
LDAP URLs
It it possible to directly use LDAP URLs (see RFC 4516) to reference LDAP entries and LDAP search results. Example: http://demo.web2ldap.de:1760/web2ldap/ldapurl?ldap://ldap.openldap.org/dc=openldap,dc=org Note: Although most LDAP URLs will work you should use URL-quoted LDAP URLs.
Root DSE
LDAPv3 Referrals
Locating LDAP service
Try to locate a LDAP host for a specific domain, dc-style DN (RFC 2247, RFC 2377) or e-mail address. (see also the Internet Draft "A Taxonomy of Methods for LDAP Clients Finding Servers" on LDAPEXT page)
LDAPv3 extended controls
Manage DSA IT mode
For editing referral entries (see RFC 3296).
Subentries
Two different controls for searching subentries (see RFC 3672 and draft-ietf-ldup-subentry-07.txt)
Relax Rules Control (formerly Manage DIT control)
For editing operational attributes (see draft-zeilenga-ldap-relax).
Tree Delete
deletion of whole subtrees with a single DeleteRequest (see draft-armijo-ldap-treedelete).
LDAPv3 extended operations
StartTLS
provides transport layer security with TLS (see RFC 4513).
"Who am I?"
this operation shows which bind-DN is in effect e.g. when using SASL bind (see RFC 4532).
Password Modify Extended Operation
for server-side password setting (see RFC 3062).
LDAPv3 extensions
All Operational Attributes
Request the server to return all operational attributes in a search response. (See rootDSE attribute supportedFeatures, OID 1.3.6.1.4.1.4203.1.5.1, see also RFC 3673)

Advanced HTTP options

Security

Please also check out the security page.

SASL login mechanisms

Supported Mechanism(s)Remark
DIGEST-MD5, CRAM-MD5 Password-based challenge-response mechs: use short user name in login form, not the bind-DN
PLAIN is supported but not recommended unless SSL/TLS is used
EXTERNAL Usable for LDAPS, StartTLS or LDAPI connections. End-user authentication is only meaningful if the web2ldap is started in stand-lone mode as a personal client.
GSSAPI Usable for Kerberos V authentication. User authentication is only meaningful if the web2ldap is started in stand-lone mode as a personal client and the user obtained a TGT from the KDC before (with command-line tool kinit).

www.nosoftwarepatents.com