LinID Directory Manager
Functional directory management software
Page 2
LinID Directory Manager
Why : the main goal is to create a generic engine to handle functional use of directories
What : Directory management adaptable software (like Mebo, Calendra)
Features :
Display, update, create, delete
Groups / list membership,
Delegation, workflow
Advanced queries and organizational pictures
Page 3
Advanced features
Password policy support (password updates, account lock down andd activation, password forced updates, ...)
MemberOf overlay support
Integrated with CAS and HTTP headers based SSO (LL::NG, SiteMinder)
AdaptabilityData schemaAccess control
Page 4
Graphical themes
Page 5
Graphical themes
Page 6
Graphical themes
Page 7
LDAP Objectclass schema
objectclass ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson'
DESC 'RFC2798: Internet Organizational Person'
SUP organizationalPerson
STRUCTURAL
MAY ( audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ givenName $
homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $
photo $ roomNumber $ secretary $ uid $ userCertificate $
x500uniqueIdentifier $ preferredLanguage $
userSMIMECertificate $ userPKCS12 )
Page 8
LDAP Attribute schema
attributetype ( 2.16.840.1.113730.3.1.3
NAME 'employeeNumber'
DESC 'RFC2798: numerically identifies an employee within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
Page 9
Enhanced Attribute schema
uid
uid
string
0.9.2342.19200300.100.1.1
uid
Identifiant
Identifiant
Identifiant unique
Identifier
Identifier
Unique Identifier
1
....
....
false
false
true
false
false
BEGINS
CONTAINS
false
Page 10
Advanced access control
Page 11
Ldap Query Language
Why : to get a query language for directories (joins, sub requests, ...)
What : a language based on LDAP request
Usage : Access controlsApplications customization (relationship)
Current implementation :LSC : Rhino Javascript embbeded JAVA API LinID DM : Advanced Access Control List
Page 12
Ldap Query Language sample
ldap.lazyand(
ldap.read( principalDN, "ssoRoles=ou=helpdeskgrp, ..."),
ldap.or(
ldap.and( targetDN, "ou=People, ..."),
ldap.and(
ldap.sup( targetDN, 1 ),
"ou=People, ..."
)
)
);
Page 13
Requirements
To run it :Any LDAP v3 fully compliant directory (OpenLDAP, Sun / RedHat Directory Server, Apache
Directory, )Any J2EE 5 compliant application server (Jetty, Tomcat, JBoss, )
To use it :A web browser
To customize it :Java knowledgeLDAP knowledgeAbout 2/3 months
Page 14
The project
The community : Active developpers : 3 people now, ~15 historicalUsers : estimated to > 500 000 users
The code (sloccount) : 30 000 lignes
The license : Affero GPL v3
#linid@Freenode,
OpenLDAP Manager : Directory Manager subproject for cn=config OpenLDAP configuration backend
History :Started in PHP as MetaLDAP in 2002 Rewritten in Java (struts, ) as InterLDAP in 2003 and with new technologies (Tapestry,
Spring, ) as InterLDAP in 2005/6Renamed as LinID Directory Manager in 2009
Thanks for your attention
Sebastien BahloulLinID, Open Source IAM solutions+33 810 253 253 / +33 6 45 63 27 39