{"id":21486357,"url":"https://github.com/dnknth/ldap-ui","last_synced_at":"2025-05-15T08:08:55.128Z","repository":{"id":34266859,"uuid":"146985615","full_name":"dnknth/ldap-ui","owner":"dnknth","description":"Minimalistic web frontend for OpenLDAP ","archived":false,"fork":false,"pushed_at":"2025-04-09T19:24:49.000Z","size":1049,"stargazers_count":406,"open_issues_count":2,"forks_count":26,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-04-09T20:29:50.597Z","etag":null,"topics":["ldap","python3","web-ui"],"latest_commit_sha":null,"homepage":"","language":"Vue","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dnknth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-09-01T09:32:06.000Z","updated_at":"2025-04-09T19:24:53.000Z","dependencies_parsed_at":"2023-12-12T19:40:20.881Z","dependency_job_id":"953d51dd-7b2b-4657-b305-2d1107b0ae78","html_url":"https://github.com/dnknth/ldap-ui","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnknth%2Fldap-ui","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnknth%2Fldap-ui/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnknth%2Fldap-ui/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnknth%2Fldap-ui/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dnknth","download_url":"https://codeload.github.com/dnknth/ldap-ui/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248890027,"owners_count":21178347,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ldap","python3","web-ui"],"created_at":"2024-11-23T13:20:32.460Z","updated_at":"2025-05-15T08:08:55.111Z","avatar_url":"https://github.com/dnknth.png","language":"Vue","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fast and versatile LDAP editor\n\nThis is a *minimal* web interface for LDAP directories. Docker images for `linux/amd64` and `linux/arm64/v8` are [available](https://hub.docker.com/r/dnknth/ldap-ui).\n\n![Screenshot](https://github.com/dnknth/ldap-ui/blob/main/screenshot.png?raw=true)\n\nFeatures:\n\n* Directory tree view\n* Entry creation / modification / deletion\n* LDIF import / export\n* Image support for the `jpegPhoto` and `thumbnailPhoto` attributes\n* Schema aware\n* Simple search (configurable)\n* Asynchronous LDAP backend with decent scalability\n* Available as [Docker image](https://hub.docker.com/r/dnknth/ldap-ui/)\n\nThe app always requires authentication, even if the directory permits anonymous access. User credentials are validated through a simple `bind` on the directory (SASL is not supported). What a particular user can see (and edit) is governed entirely by directory access rules. The app shows the directory contents, nothing less and nothing more.\n\n## Usage\n\n### Environment variables\n\nLDAP access is controlled by the following optional environment variables, possibly from a `.env` file:\n\n* `LDAP_URL`: Connection URL, defaults to `ldap:///`.\n* `BASE_DN`: Search base, e.g. `dc=example,dc=org`.\n* `SCHEMA_DN`: # DN to obtain the directory schema, e.g. `cn=subSchema`.\n* `LOGIN_ATTR`: User name attribute, defaults to `uid`.\n\n* `USE_TLS`: Enable TLS, defaults to true for `ldaps` connections. Set it to a non-empty string to force `STARTTLS` on `ldap` connections.\n* `INSECURE_TLS`: Do not require a valid server TLS certificate, defaults to false, implies `USE_TLS`.\n\nif `BASE_DN` or `SCHEMA_DN` are not provided explicitly, auto-detection from the root DSE is attempted.\nFor this to work, the root DSE must be readable anonymously, e.g. with the following ACL line for OpenLDAP:\n\n```text\naccess to dn.base=\"\" by * read\n```\n\nFor finer-grained control, see [settings.py](settings.py).\n\n### Docker\n\nFor the impatient: Run it with\n\n```shell\ndocker run -p 127.0.0.1:5000:5000 \\\n -e LDAP_URL=ldap://your.openldap.server/ \\\n dnknth/ldap-ui:latest\n```\n\nFor the even more impatient: Start a demo with\n\n```shell\ndocker compose up -d\n```\n\nand go to \u003chttp://localhost:5000/\u003e. You are automatically logged in as `Fred Flintstone`.\n\n### Pip\n\nInstall the `python-ldap` dependency with your system's package manager.\nOtherwise, Pip will try to compile it from source and this will likely fail because it lacks a development environment.\n\nThen install `ldap-ui` in a virtual environment:\n\n```shell\npython3 -m venv --system-site-packages venv\n. venv/bin/activate\npip3 install ldap-ui\n```\n\nPossibly after a shell `rehash`, it is available as `ldap-ui`:\n\n```text\nUsage: ldap-ui [OPTIONS]\n\nOptions:\n -b, --base-dn TEXT LDAP base DN. Required unless the BASE_DN\n environment variable is set.\n -h, --host TEXT Bind socket to this host. [default:\n 127.0.0.1]\n -p, --port INTEGER Bind socket to this port. If 0, an available\n port will be picked. [default: 5000]\n -l, --log-level [critical|error|warning|info|debug|trace]\n Log level. [default: info]\n --version Display the current version and exit.\n --help Show this message and exit.\n```\n\n## Development\n\nPrerequisites:\n\n* [GNU make](https://www.gnu.org/software/make/)\n* [node.js](https://nodejs.dev) LTS version with NPM\n* [Python3](https://www.python.org) ≥ 3.7\n* [pip3](https://packaging.python.org/tutorials/installing-packages/)\n* [python-ldap](https://pypi.org/project/python-ldap/); To compile the Python module:\n * Debian / Ubuntu: `apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev`\n * RedHat / CentOS: `yum install python-devel openldap-devel`\n\n`ldap-ui` consists of a Vue frontend and a Python backend that roughly translates a subset of the LDAP protocol to a stateless ReST API.\n\nFor the frontend, `npm run build` assembles everything in `backend/ldap_ui/statics`.\n\nReview the configuration in [settings.py](settings.py). It is short and mostly self-explaining.\nMost settings can (and should) be overridden by environment variables or settings in a `.env` file; see [env.demo](env.demo) or [env.example](env.example).\n\nThe backend can be run locally with `make`, which will also install dependencies and build the frontend if needed.\n\n## Notes\n\n### Authentication methods\n\nThe UI always uses a simple `bind` operation to authenticate with the LDAP directory. How the `bind` DN is obtained from a given user name depends on a combination of OS environment variables, possibly from a `.env` file:\n\n1. Search by some attribute. By default, this is the `uid`, which can be overridden by the environment variable `LOGIN_ATTR`, e.g. `LOGIN_ATTR=cn`.\n2. If the environment variable `BIND_PATTERN` is set, then no search is performed. Login with a full DN can be configured with `BIND_PATTERN=%s`, which for example allows to login as user `cn=admin,dc=example,dc=org`. If a partial DN like `BIND_PATTERN=%s,dc=example,dc=org` is configured, the corresponding login would be `cn=admin`. If a specific pattern like `BIND_PATTERN=cn=%s,dc=example,dc=org` is configured, the login name is just `admin`.\n3. If security is no concern, then a fixed `BIND_DN` and `BIND_PASSWORD` can be set in the environment. This is for demo purposes only, and probably a very bad idea if access to the UI is not restricted by any other means.\n\n### Searching\n\nSearch uses a (configurable) set of criteria (`cn`, `gn`, `sn`, and `uid`) if the query does not contain `=`.\nWildcards are supported, e.g. `f*` will match all `cn`, `gn`, `sn`, and `uid` starting with `f`.\nAdditionally, arbitrary attributes can be searched with an LDAP filter specification, for example `sn=F*`.\n\n### Caveats\n\n* The software works with [OpenLdap](http://www.openldap.org) using simple bind. Other directories have not been tested much, although [389 DS](https://www.port389.org) works to some extent.\n* SASL authentication schemes are presently not supported.\n* Passwords are transmitted as plain text. The LDAP server is expected to hash them (OpenLdap 2.4 does). I strongly recommend to expose the app through a TLS-enabled web server.\n* HTTP *Basic Authentication* is triggered unless the `AUTHORIZATION` request variable is already set by some upstream HTTP server.\n\n## Q\u0026A\n\n* Q: Why are some fields not editable?\n * A: The RDN of an entry is read-only. To change it, rename the entry with a different RDN, then change the old RDN and rename back. To change passwords, click on the question mark icon on the right side. Binary fields (as per schema) are read-only. You do not want to modify them accidentally.\n* Q: Why did you write this?\n * A: [PHPLdapAdmin](http://phpldapadmin.sf.net/) has not seen updates for ages. I needed a replacement, and wanted to try Vue.\n\n## Acknowledgements\n\nThe Python backend uses [Starlette](https://starlette.io). The UI is built with [Vue.js](https://vuejs.org) and [Tailwind CSS](https://tailwindcss.com/). Kudos to the authors of these elegant frameworks!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdnknth%2Fldap-ui","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdnknth%2Fldap-ui","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdnknth%2Fldap-ui/lists"}