Web-based LDAP User Accounts System

Replies are listed 'Best First'.
Re: Web-based LDAP User Accounts System by mr_mischief (Monsignor) on Dec 09, 2008 at 15:52 UTC
Take a look at http://www.webmin.com for information about Webmin, a web-based administration tool for Unix systems. It can handle Unix users, LDAP client configuration, LDAP server configuration, LDAP user administration, and a great deal of other things. Here's a list of standard plugins. Webmin happens to be almost entirely in Perl. Even if you don't use it or it doesn't fit your needs exactly, it could serve as an example or a starting point. It's been years since I've used it and longer since I've looked at the source, so I can't say how good of an example it is for style. It does work, though, and many people around the world use it.	[reply]
Re: Web-based LDAP User Accounts System by inoci (Scribe) on Dec 09, 2008 at 15:54 UTC
having done a limited/custom ldap web interface or three myself, i cannot stress enough how nice it is to NOT roll your own unless you have to. a quick google search shows a couple of promising hits, and sourceforge has several that look good (link). that said, if you are comfortable writing relatively secure web apps, ldap is pretty simple to manage, especially with all of the modules available to help. i guess the biggest question is to ask if this is for you, or for other people to use as well?	[reply]
Re^2: Web-based LDAP User Accounts System by mpeg4codec (Pilgrim) on Dec 09, 2008 at 17:26 UTC
I wholheartedly second this motion. Created one myself with Net::LDAP and GTK2/Glade, and I found it about as useful as writing custom forum software. Yeah, you get to control every tiny niggling detail of the implementation, but there's probably something out there that satisfies 98% of your needs (and the other 2% can be worked around). The one major benefit of the roll-your-own school of thought is that you can simplify for non-techie end users (as inochi implies). That was one of the goals of my system, and it worked well to that end. Not sure how many of the open source solutions cater to this crowd.	[reply]
Re^3: Web-based LDAP User Accounts System by SteveS832001 (Sexton) on Dec 09, 2008 at 20:56 UTC
I know you wanted a Web Version, but here is something you might find Educational. I tried creating a Web Version, but I haven't had time to do it. But atleast I can give you something to look at. It only unlocks people that are locked out. but it is always nice to see how someone else has done it. use Win32::OLE; use Win32::OLE 'in'; use Win32::OLE::Enum; use Win32::NetAdmin; @empty = (); ($sec,$min,$hour,$day,$mon,$yr,$wday,$yday,$dntcare)=localtime(time); + $yr-=100; $yr="$yr"; $yr = (length($yr)<2) ? "0$yr" : $yr; $mon = (++$mon < 10) ? "0$mon" : "$mon"; $day = ($day < 10) ? "0$day" : "$day"; $date = "unlock$day-$mon-$yr.txt"; open (UNLOCK , ">>$date") \|\| die "Can\\'t Create file"; while ( $choice != 7 ) { system(cls); print "=============================================================== +===========\n"; print "This Program Will Unlock Users on the Network. Enter the \n"; print "Number for the location and press the Enter Key\n"; print "Created by: Steve Sherman\n"; print "=============================================================== +===========\n"; print "\n"; print "\n"; print "1) Main\n"; print "2) Regional\n"; print "3) Cuba\n"; print "4) Union\n"; print "5) Motor\n"; print "6) Labadie\n"; print "7) Exit\n\n"; $choice = <stdin>; chomp($choice); sub Localuser { if (Win32::NetAdmin::LoggedOnUsers($server,\%userRef)) { print UNLOCK "User: " . $userRef{1} . " Unlocked the Following user\n" +; @local = split(/;/,$userRef{1}); my $accesslocal = Win32::OLE->GetObject("LDAP://$local[0]"); foreach $group (in $accesslocal->{memberof}) { push(@groups, $group); print "$group\n"; } } } sub Lookup { my $adsuser = Win32::OLE->GetObject("LDAP://bos-ad01/ou=$location,dc=a +sdf,dc=com") \|\| die ("Can't find user: ".Win32::OLE->LastError()."\n"); $strDomain = "adsg"; $num = 1; foreach $strUsername (in $adsuser){ my $objUser = Win32::OLE->GetObject("WinNT://$strDomai +n/$strUsername-> {sAMAccountName}"); if ($objUser->{IsAccountLocked} == 1) { #$objUser->{IsAccountLocked} = 0; #$objUser->SetInfo; print "$num) $strUsername->{sAMAccountName}\n"; push(@users, $strUsername->{sAMAccountName}); push(@DnUsers, $strUsername->{distinguishedName} +); $num++; } }#end foreach if (@users == @empty) { print "No Users to Unlock \n\n"; } } sub unlock { if (@users == @empty) { next; } if ($choice == 0) { next; } $choice = $choice - 1; my $objUser = Win32::OLE->GetObject("LDAP://bos-ad01/$DnUsers[$cho +ice]"); print "$!\n"; $objUser->{IsAccountLocked} = 0; $objUser->SetInfo(); Localuser(); print UNLOCK "$users[$choice]\n"; print UNLOCK "$day-$mon-$yr\n\n"; @users = (); @DnUsers = (); } if ($choice == 1) { $location = "main"; system(cls); print "======================================================= +===================\n"; print "Select The Number that is associated with the user you +wish to unlock\n"; print "then press the Enter key.\n"; print "********************** WARNING WARNING WARNING ** +*****************\n"; print "Please Only Unlock The user(s) that have requested to b +e unlocked\n"; print "======================================================= +===================\n"; Lookup(); print "0 ) Exit\n\n"; $choice = <stdin>; unlock(); } if ($choice == 2) { $location = "Regional"; system(cls); print "Select The User you wish to Unlock\n"; print "To Exit Press 0\n"; print "=====================================\n\n\n"; Lookup(); print "0 ) Exit\n\n"; $choice = <stdin>; unlock(); } if ($choice == 3) { $location = "Cuba"; system(cls); print "Select The User you wish to Unlock\n"; print "To Exit Press 0\n"; print "=====================================\n\n\n"; Lookup(); print "0 ) Exit\n\n"; $choice = <stdin>; if ($choice > 0) { unlock(); } } if ($choice == 4) { $location = "Union"; system(cls); print "Select The User you wish to Unlock\n"; print "To Exit Press 0\n"; print "=====================================\n\n\n"; Lookup(); print "0 ) Exit\n\n"; $choice = <stdin>; if ($choice > 0) { unlock(); } } if ($choice == 5) { $location = "Main"; system(cls); print "Select The User you wish to Unlock\n"; print "To Exit Press 0\n"; print "=====================================\n\n\n"; Lookup(); print "0 ) Exit\n\n"; $choice = <stdin>; if ($choice > 0) { unlock(); } } if ($choice == 6) { $location = "Labadie"; system(cls); print "Select The User you wish to Unlock\n"; print "To Exit Press 0\n"; print "=====================================\n\n\n"; Lookup(); print "0 ) Exit\n\n"; $choice = <stdin>; if ($choice > 0) { unlock(); } } } [download]	[reply] [d/l]
Re^4: Web-based LDAP User Accounts System by almut (Canon) on Dec 09, 2008 at 21:43 UTC
Re: Web-based LDAP User Accounts System by ruzam (Curate) on Dec 10, 2008 at 14:30 UTC
I tend to walk the "roll your own" path myself. Call me creative or call me crazy, I'm OK with either definition :) I've put together a code base for web applications. The back end user authentication is modular, and the web front end includes built in tools for login and user management (add, delete, list, reset password, etc). All it needs is an LDAP authentication module, and it's pretty much a ready to go web enabled LDAP manager right out of the box. How simple or complex you make it after that is up to you. Creating a new LDAP authentication module is as simple as filling in the function stubs (add user, delete user, list users, etc). Send me a PM if you want to take a look.	[reply]
Re: Web-based LDAP User Accounts System by sschneid (Deacon) on Jul 17, 2009 at 19:11 UTC
http://pluma.sourceforge.net/ http://github.com/sschneid/pluma/tree/master I, also, have rolled my own app for this purpose. It's meant to be handed off to non-technical (ie: people who don't know and don't care about LDAP internals) to manage directory users. This is a late response (sorry!), so I'm not sure if it'll help or not. -s	[reply]

http://www.webmin.com

Webmin happens to be almost entirely in Perl. Even if you don't use it or it doesn't fit your needs exactly, it could serve as an example or a starting point. It's been years since I've used it and longer since I've looked at the source, so I can't say how good of an example it is for style. It does work, though, and many people around the world use it.

[reply]

having done a limited/custom ldap web interface or three myself, i cannot stress enough how nice it is to NOT roll your own unless you have to. a quick google search shows a couple of promising hits, and sourceforge has several that look good (link).

that said, if you are comfortable writing relatively secure web apps, ldap is pretty simple to manage, especially with all of the modules available to help. i guess the biggest question is to ask if this is for you, or for other people to use as well?

[reply]

I wholheartedly second this motion. Created one myself with Net::LDAP and GTK2/Glade, and I found it about as useful as writing custom forum software. Yeah, you get to control every tiny niggling detail of the implementation, but there's probably something out there that satisfies 98% of your needs (and the other 2% can be worked around).

The one major benefit of the roll-your-own school of thought is that you can simplify for non-techie end users (as inochi implies). That was one of the goals of my system, and it worked well to that end. Not sure how many of the open source solutions cater to this crowd.

[reply]

 
use Win32::OLE;
use Win32::OLE 'in';
use Win32::OLE::Enum;
use Win32::NetAdmin;




@empty = ();

($sec,$min,$hour,$day,$mon,$yr,$wday,$yday,$dntcare)=localtime(time); 
+     
      $yr-=100;
      $yr="$yr";
      $yr = (length($yr)<2) ? "0$yr" : $yr;
      $mon = (++$mon < 10) ? "0$mon" : "$mon";
      $day = ($day < 10) ? "0$day" : "$day";
      
$date = "unlock$day-$mon-$yr.txt";

open (UNLOCK , ">>$date") || die "Can\\'t Create file";



while ( $choice != 7 ) {

system(cls);

print "===============================================================
+===========\n";
print "This Program Will Unlock Users on the Network. Enter the \n";
print "Number for the location and press the Enter Key\n";
print "Created by: Steve Sherman\n";
print "===============================================================
+===========\n";

print "\n";
print "\n";
print "1) Main\n";
print "2) Regional\n";
print "3) Cuba\n";
print "4) Union\n";
print "5) Motor\n";
print "6) Labadie\n";
print "7) Exit\n\n";

$choice = <stdin>;
chomp($choice);

sub Localuser {

    

    if (Win32::NetAdmin::LoggedOnUsers($server,\%userRef)) {  
        

print UNLOCK "User: " . $userRef{1} . " Unlocked the Following user\n"
+;

@local = split(/;/,$userRef{1});

my $accesslocal = Win32::OLE->GetObject("LDAP://$local[0]");
    
    foreach $group (in $accesslocal->{memberof}) {
        
        push(@groups, $group);
        print "$group\n";

    }


  
}  
    
    }

sub Lookup {

my $adsuser = Win32::OLE->GetObject("LDAP://bos-ad01/ou=$location,dc=a
+sdf,dc=com") || die ("Can't find user: 

".Win32::OLE->LastError()."\n");
$strDomain = "adsg";
$num = 1;
            foreach $strUsername (in $adsuser){

            
                my $objUser = Win32::OLE->GetObject("WinNT://$strDomai
+n/$strUsername->

{sAMAccountName}");
                if ($objUser->{IsAccountLocked} == 1) {
                    #$objUser->{IsAccountLocked} = 0;
                    #$objUser->SetInfo;
                        
                      print "$num) $strUsername->{sAMAccountName}\n";
                      push(@users, $strUsername->{sAMAccountName});
                      push(@DnUsers, $strUsername->{distinguishedName}
+);
                      $num++;
                }
                
                   
                            
                    
                   
                    
            }#end foreach
            
            if (@users == @empty) {
                print "No Users to Unlock \n\n";
                
                }
}

sub unlock {

    if (@users == @empty) {
        
        next;
        
        }

    if ($choice == 0) {
    
        next;
        
        }
    
    

    $choice = $choice - 1;
    my $objUser = Win32::OLE->GetObject("LDAP://bos-ad01/$DnUsers[$cho
+ice]"); 
    print "$!\n";
                     
    $objUser->{IsAccountLocked} = 0;
       $objUser->SetInfo();

              
       Localuser();
       print UNLOCK "$users[$choice]\n";
       print UNLOCK "$day-$mon-$yr\n\n";
       @users = ();
       @DnUsers = ();
           
      
      
 }
                                                     
                                                     
                                                                

     
                           



    if ($choice == 1) {

        $location = "main";
        system(cls);
        print "=======================================================
+===================\n";
        print "Select The Number that is associated with the user you 
+wish to unlock\n";
        print "then press the Enter key.\n";
        print "************************ WARNING WARNING WARNING ******
+*******************\n"; 
        print "Please Only Unlock The user(s) that have requested to b
+e unlocked\n";
        print "=======================================================
+===================\n";
        Lookup();

        print "0 ) Exit\n\n";
        $choice = <stdin>;
    
        unlock();
    
    }

    if ($choice == 2) {

        $location = "Regional";
        system(cls);
        
        print "Select The User you wish to Unlock\n";
        print "To Exit Press 0\n";
        print "=====================================\n\n\n";
        Lookup();
        
        print "0 ) Exit\n\n";
        $choice = <stdin>;
    
        unlock();
    
    }

    if ($choice == 3) {

        $location = "Cuba";
        system(cls);
        
        print "Select The User you wish to Unlock\n";
        print "To Exit Press 0\n";
        print "=====================================\n\n\n";
        Lookup();
        print "0 ) Exit\n\n";
        $choice = <stdin>;
        if ($choice > 0) {
        
            unlock();
            }
    
    
    }

    if ($choice == 4) {

        $location = "Union";
        system(cls);
        
        print "Select The User you wish to Unlock\n";
        print "To Exit Press 0\n";
        print "=====================================\n\n\n";
        Lookup();
        
        print "0 ) Exit\n\n";
        $choice = <stdin>;
    
        if ($choice > 0) {
        
            unlock();
            }
    
    
    }

    if ($choice == 5) {

        $location = "Main";
        system(cls);
        
        print "Select The User you wish to Unlock\n";
        print "To Exit Press 0\n";
        print "=====================================\n\n\n";
        Lookup();
        
        print "0 ) Exit\n\n";
        $choice = <stdin>;
    
        if ($choice > 0) {
        
            unlock();
            }    
    
    }

    if ($choice == 6) {
    
        $location = "Labadie";
        system(cls);
        
        print "Select The User you wish to Unlock\n";
        print "To Exit Press 0\n";
        print "=====================================\n\n\n";
        Lookup();
        
        print "0 ) Exit\n\n";
        $choice = <stdin>;
    
        if ($choice > 0) {
        
            unlock();
            }    
    
    }

    
}
[download]

[reply]
[d/l]

I tend to walk the "roll your own" path myself. Call me creative or call me crazy, I'm OK with either definition :) I've put together a code base for web applications. The back end user authentication is modular, and the web front end includes built in tools for login and user management (add, delete, list, reset password, etc). All it needs is an LDAP authentication module, and it's pretty much a ready to go web enabled LDAP manager right out of the box. How simple or complex you make it after that is up to you. Creating a new LDAP authentication module is as simple as filling in the function stubs (add user, delete user, list users, etc). Send me a PM if you want to take a look.