How to improve usability for end-users by configuration
Client-side customization considerations
For simplifying usage of web2ldap for end-users the LDAP administrator
can utilize many customization options. Please make yourself comfortable
how to specify
host-/backend-specific parameters with the cascaded configuration
since that saves you a lot of configuration work.
Constructing persistent bookmarks
You can construct bookmarks and make them available on a simple web page
which makes certain functions in web2ldap more easily accessible. Or you
can add the LDAP URLs with an appropriate description to the select list
presented on the front page by adding them to the list specified with
ldap_uri_list.
web2ldap generates persistent bookmarks and displays them as ready-to-use
links in the status area also including the simple bind information (in
LDAP URL extension bindname).
Examples:
Search user accounts (here entries with object class account) anonymously
You can specify HTML snippets in template files for certain things.
HTML templates can be are chosen based on language configuration in your browser.
Displaying single entries
You can assign HTML templates to object classes with parameter
read_template
which specify how to display the entry's data of this particular object class.
See files etc/web2ldap/templates/read_*.html as examples.
Attributes not covered by the display template(s) will
be shown as raw table at the bottom.
Search input form
Parameter searchform_template
allows to specify a HTML template defining input fields for search parameters.
Entry input forms
Parameter input_template
allows to specify HTML templates for object classes used in the input
form when adding new entries or editing existing entries.
Login forms
Set login_template
to customize the login input form. Consider setting
login_default_mech
if you have specific policy for the LDAP bind mechanism used.
LDIF templates for quickly add entries you need often
With parameter
addform_entry_templates you can define a set of LDIF-based templates
for a kind of entries you have to add very often.
See files etc/web2ldap/templates/add_*.ldif as examples.
Plug-in classes for syntaxes and/or attribute types
web2ldap internally handles many aspects of displaying attribute
values or input fields with the help of Python classes (derived from
w2lapp.schema.syntaxes.LDAPSyntax) registered for LDAP syntax OIDs
and/or attribute types.
Plug-in classes have access to various data:
attribute type and one of the values are direct class attributes
LDAP connection object for sending additional queries
DN of the entry
whole entry (schema-aware instance of ldaputil.schema.Entry
There are already various base classes available quite handy for implementing
Client-side regex-checking of valid attribute values
Static or dynamic select classes
Look into files pylib/w2lapp/schema/plugins/*.py for examples.
Best pratice is to stuff self-implemented custom classes in a module in
directory etc/web2ldap/web2ldapcnf/plugins/ and import this
module in file etc/web2ldap/web2ldapcnf/plugins/__init__.py.
Order of the import-statements is significant.
There is a nice viewer available displaying a clickable map of the
plugin class hierachy.
Server-side configuration
You can also influence how the user interacts with your LDAP directory via web2ldap
by configuring things in the server.
Schema design
Syntaxes
specify the syntax to which attribute values must comply. If you choose
finer-grained syntaxes web2ldap displays input fields and conducts
syntax validation appropriate for that syntax (e.g. TRUE/FALSE select field
for syntax Boolean).
Attribute types
For some attribute types web2ldap has already special handler classes
(e.g. attribute type mail).
Object classes
are the type(s) of an entry and specify which attributes can be used
within an entry. web2ldap uses this to display the input entry form (table format)
indicating required and allowed attributes.
DIT content rules
specify which auxiliary object classes are
allowed for a structural object class. This is used by web2ldap to display
the allowed auxiliary object classes in the object class select form.
Name forms
specify how to form the RDN for a new entry to be added. If a name form
applies web2ldap displays a select list for choosing a RDN string template.
DIT structure rules
specify which structural object classes are
allowed in a certain part of the DIT. This is used by web2ldap to display
the allowed structural object classes in the object class select form.