Bug 57705

Summary: Practical LDAP browser and user admin tools needed.
Product: [Fedora] Fedora Reporter: Joshua Jensen <joshua>
Component: openldapAssignee: Jan Safranek <jsafrane>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: dgunchev, jabapi, jfguarda, jos, leonid, mitr, nils+bogus, p.van.egdom
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: phpldapadmin-1.0.1-1.fc6 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-24 14:55:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joshua Jensen 2001-12-19 16:07:03 UTC 
Description of Problem:

No decent *user* admin tools for LDAP.  OpenLDAP itself is great, but
ldapadd and LDIF files get old quickly.  We need a management tool for
users/groups/passwords in LDAP. Please consider adding Directory
Administrator ( http://diradmin.open-it.org/ )to the next version of Red
Hat Linux.  It is very useful, and make LDAP user administration practical.

Joshua Jensen
Comment 1 Joshua Jensen 2002-06-05 15:11:04 UTC 
Ok... maybe for the _next_ release of RHL. :-)
Comment 2 Leonid Mamtchenkov 2002-12-17 08:04:45 UTC 
gq IS a decent tool :)
Comment 3 Joshua Jensen 2003-01-03 17:49:50 UTC 
I disagree... GQ isn't that great.  But I would take gq over nothing, certainly.
 However, I would take Directory Administrator over gq.
Comment 4 Jos Vos 2003-04-21 16:12:50 UTC 
GQ is also gone since RHL 8.0 (packaging it myself now...).  But GQ has other
purposes than user admin, IMHO.
Comment 5 Walter Rowe 2003-04-24 18:49:35 UTC 
It would also be nice to have good LDAP query tools as an LDAP client without
having to install OpenLDAP server. As an LDAP client, I would like to be able to
search an LDAP directory hosted elsewhere in my network when I am
troubleshooting problems such as user access, automount table lookup failures, etc.
Comment 6 Janne Pikkarainen 2003-05-12 20:01:32 UTC 
Yes. As a sysadmin I would love to have a decent LDAP-client installed to my
workstation without needing the actual LDAP server stuff. No comment what the
ideal LDAP client would be, I've only been using the console stuff and GQ and
don't have real experience about all the other LDAP clients, but please choose
wisely... :-)
Comment 7 Oliver Jones 2004-04-27 23:34:51 UTC 
RedHat/Fedora should change from using the shadow utils package for
user management to using libuser.  That way you can have pluggable
backends and administer shadow/passwd and LDAP repositories with the
same set of commands.

Not that I've ever gotten round to setting this up myself... ;)
Comment 8 Oliver Jones 2004-04-27 23:36:05 UTC 
And I just noticed that Nalin is the Author of libuser.
Comment 9 Joshua Jensen 2004-06-11 22:14:46 UTC 
Hello?  Ping!!
Comment 10 Joshua Jensen 2004-08-23 19:16:56 UTC 
Thoughts?  Comments?
Comment 11 Mikko Huhtala 2004-08-30 21:23:41 UTC 
Does anyone have experience with Luma (luma.sourceforge.net)?

It looks very promising, and it is developed in Python (like
system-config-*) and PyQt (unlike anything by Red Hat). The LDAP
browser interface is far better than Directory Administrator or
anything else I have tried. Luma has a 'massive user creation'
function, which I'd certainly find useful. Unfortunately the Luma
versions I have tried did not work too well with the schemas on an
oldish OpenLDAP server, so I was unable to create users.

I realize that PyQt may not be acceptable to Red Hat / Fedora in a
component like this.

Anyway, it would be nice to see a Luma RPM for Fedora, because the
program is a bit of a pain to install otherwise.
Comment 12 Bjørn Ove Grøtan 2004-11-06 14:36:38 UTC 
Please channel your problems with luma to the luma mailinglists at
sourceforge.net.

DirectoryAdministrator does not apply LDAPv3 if I remember correctly,
while at least Luma and possibly GQ does this. Luma 1.5 will be 
released next week, with a good set of improvements.

Luma 1.4 rebuild mandrake rpm works on fedora - I've been told.
Maybe the Fedora-team can use the efforts put into building this
rpm from Mandrake?
Comment 13 Miloslav Trmač 2004-11-09 09:27:08 UTC 
Nils,
this could be quite easy to do now. You can just generate an
alternate libuser config file (with modules == create modules == ldap)
and run s-c-users as usual.

Designing an intuitive GUI for the config file creation looks like
the hardest part.
Comment 14 Dmitry Butskoy 2004-12-10 16:18:49 UTC 
  There is phpldapadmin package (http://phpldapadmin.sourceforge.net).
  We use it more than a year, it seems to be very useful!

  Phpldapadmin over php over httpd sits at the same host where
openldap runs. Admins use the favourite browsers to do things... :-)

  We have made an rpm (with some addons). Mail me directly if it is
interesting to someone.
Comment 15 Dmitry Butskoy 2005-09-13 15:30:04 UTC 
  I am trying to add phpldapadmin for Fedora Extra, see bug #168210
Comment 16 Jan Safranek 2007-05-24 14:55:33 UTC 
phpldapadmin is part of Fedora Extras for some time.