NYCPHP Meetup

NYPHP.org

[nycphp-talk] LDAP for web authorization?

charlie derr cderr at simons-rock.edu
Thu Nov 2 09:44:00 EST 2006 

csnyder wrote:
> On 11/2/06, R. Mariotti <r.mariotti at fdcx.net> wrote:
> 
>> My thoughts immediately went towards a centralized LDAP mechanism and
>> designing/creating a single callable login facility to accomplish this.
>>
>> As I personally have ZERO experience working with LDAP, I was hoping
>> that those of you who have had experience can share your advice as to
>> what works/what doesn't.
> 
> The trouble with LDAP has traditionally been that it is complicated to
> set up and configure, and that front-end directory administration
> tools are stone-age if they exist at all. It doesn't help that its
> been around _forever_ so Google results get cluttered with out-of-date
> info.
> 
> OpenLDAP binary packages solve the first problem nicely, but there's
> still a few minutes of by-hand configuration and bootstrapping
> involved.
> 
> As for LDAP administration front-ends, anybody have any suggestions? I
> heard good things about the Netscape Directory console that was
> supposed to be open-sourced last year, but I could never figure out
> where or how to download and install it.
> 

I like the Java LDAP Browser (when you google that string it's at the top -- the url has "~gawor" in it).  Others are fond of GQ 
(i don't think it works from a windows workstation -- i use linux on my desktop).   I think that with the variety of LDAP setups 
out there, it really depends on what you want to do (as to which tool will fill your specific need).  There are lots more choices 
than the 2 I've mentioned; just install them and try them out.

Once one learns enough about LDAP, there's a temptation to create your own php frontend for adminstration (that was one of those 
projects that I never managed to finish however).

I'm pretty familiar with the basics of setting up LDAP servers and if questions are posted to the list, I'm happy to chime in and 
try to help if people are getting stuck with that part (as long as the list moderators don't consider this too far off topic). 
For those that really want to learn ldap in depth I'd recommend subscribing to the openldap-software at openldap.org list and/or 
hanging out in the #ldap channel on irc.freenode.net
	~c

More information about the talk mailing list