LDAP support
for
Pike and Roxen


This document discusses the following topics:

© Honza Petrous, v1.3



Abstract

This package added LDAP client capabilities to Pike and Roxen.

  • The LDAP operation is performed by the version 2 of LDAP protocol (RFC 1777).
  • You can use the LDAP interface in Pike programs and with Roxen server in HTML code too. Document describes package version 1.5


Location and Documentation

The latest version of this package can be found at:
http://cirilla.unibase.cz/ftpserver/src/Roxen/ (my home site)


Package files

The package contains following files:
	COPYING
	FILES
	INSTALL
	NEWS
	QREF
	TODO
	lib/Protocols.pmod/LDAP.pmod/ldap_errors.h
	lib/Protocols.pmod/LDAP.pmod/ldap_globals.h
	lib/Protocols.pmod/LDAP.pmod/ldap_privates.pmod
	lib/Protocols.pmod/LDAP.pmod/protocol.pike
	lib/Protocols.pmod/LDAP.pmod/client.pike
	doc/
	doc/LDAP.client
	doc/LDAP.client.result
	doc/LDAP-doc.html		<- You are here ;-)
	doc/Protocols.LDAP-doc.html
	doc/LDAP-roxen_modules-doc.html
	pike/scripts/cvsimport.pike
	pike/scripts/ldapsearch.pike
	pike/scripts/monitor.pike
	roxen/scripts/lsd3.pike
	roxen/scripts/searchuser.pike
	roxen/modules/ldapuserauth.pike	<- Roxen module
	roxen/modules/ldaptag.pike	<- Roxen module
	

Copyright and Disclaimer of Warranty

This software and the accompanying documentation are © 1998-99 Honza Petrous <hop@unibase.cz>. Use, reproduction and distribution are allowed under the terms of the GNU General Public License version 2 or, at your option, any later version. Use of the software implies you know all the terms therein explained and that you agree to these terms.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.


The Lightweight Directory Access Protocol

Definition:

LDAP is a directory service protocol that runs over TCP/IP. A directory service is a standards-based information database that is used to organize various objects (users, groups, devices, etc.) and their properties (users name, user telephone number, a device type). Directory services are becoming increasingly important as a way to automatically share information about a person, group or device among various applications and network services. LDAP has emerged as the most popular directory service for TCP/IP networks and the Internet.


Benefit:

LDAP is rapidly becoming an information standard throughout the computer industry. Because of the rapid growth in complexity of networks, a directory service is needed to manage the thousands or millions of users and devices that interact on both intranets and the Internet.


Excellent Intro to LDAP is in part of "Administrator's Guide for SLAPD nad SLURPD".

For more detailed information see:


Requirements

Good news: there are no special requirements for binary libraries!

Pike must be version 0.6 or higher (with module Standards.ASN1) and
Roxen must be version 1.3.24 or higher.


Compilation

Only one need: copy module directory lib/Protocols.pmod/LDAP.pmod/ to the Pike's module location.

That's it!


Limitations

Yes, of course this package have many limitations, Sorry.

  1. LDAP operations
    There is some unimplemented functions:
    • modrn
      Modify the RDN of an entry
    • dn2ufn
      User friendly format of DN

    And some data limitation:

    • search
      Search filter can't understand '\*', '\=', '\>' ...

  2. Authentication and data privacy
    Bind operation uses cleartext password. But I plan add SSL3 encrypted chanel.

  3. Binary capabilities
    I had never probe operations with binary data, but this should works (Pike is 8-bit clear!).

  4. International support
    I'm working on this. It is No.1, for me - I'm from Central Europe!

    There is one not very easy solved problem: T.61, UTF-8 or both?

Feedback and final notes

This module, the accompanying documentation and tools are free software. That means, you can use, copy, distribute them freely. Don't send me money, please ;-)

Many thank for helping me with testing package, for many geniuous ;-) ideas and interesting notes to Matthew Brooks <matt@broadcom.ie>

and

Wim Bonis <bonis@kiss.de> for his ldapuserauth module improvements.

I'm looking for any feedback regarding this package or how you use this package.
Write me if you find this code usefull.

Sincerely,
Honza Petrous