LdapUserEditor documention

Preface

I never was good at writing documentations. Also, English is not my native, so this file can contain tons of silly errors. If you notice one - please send me a note.

Configuration

First thing you'll notice when you launch the app, it the connection configuration window. It will look like this:

Click on the picture to get larger image
Don't be afraid - you are not required to fill all the fields. Only two fields are required(besides configuration name, which is predefined, so you don't have to modify it if you don't want to): you must provide LDAP URI and search base. LDAP URI is just name of your ldap server prefixed with ldap:// or ldaps://, and the search base is top object of your ldap-database. The rest of the fields are used for:
  • Home base is default user's home directory prefix. For example, if your username is bob and home base is /home then, default bob home directory will be /home/bob
  • Autocreate homedir, SSH host, MKdir script - all this options make sense only on Unix-like OSes, since they rely on OpenSSH client. If checkbox is set, every time posixAccount object is submitted into LDAP, application will check, if home directory exists on host specified by SSH host option, and if not, will try to create it, executing application specified in MKdir script on SSH host with created user UNIX logon as parameter. Also, in order for this function to work, one should have echo_pass.sh script in some directory listed in PATH(For example in /usr/local/bin, this script is used to fed ssh-client with user password).
  • Samba Domain SID is required if you willing to use LDAP as source of Windows User/Group mapping as well(Autogeneration of SID will be implemented in next release)
  • Mail domain is used, only if create Courier accounts checkbox is set. If creation of Courier mail accounts is enabled, you can specify, that you want particular user to have mail account in your mail domain. Also, you can create mail aliases/mail lists in your mail domain
  • Mail alias naming rule should be set, if you want application to create maillist in one branch of LDAP namespace and mailaliases in different one. Name of the branches are regulated by Mail-lists OU and Alias OU.
  • If Contacts rule is set, then all your ldap contacts will be created within branch specified by Contacts OU
  • Wifi rule is very similar to Mail alias naming rule - one should set it, if he want's to store all his Radius profiles in one place(Wifi rule is a bad name, should change it :-))
  • Have Ldap-Administrators group of names should be set, if you have special group in LDAP, members of which have rights to modify any entry in LDAP directory. Name of this group should be specified in slapd.conf of your LDAP-server like this:
    access to *
        by group="cn=Administrators,dc=example,dc=com" write
  • One should be very carefull with Obey Strict Hierarchy checkbox. If it's enabled, then application assumes that you want to have your directory organized in very specific manner 2-level manner - all groups are created right below your top object(specified by searchBase), and accounts are created within it's primary groups.

    Usage

    After you've configured your connection, you'll see the login window:

    Click on the picture to get larger image
    Type your login and password here, or set Anonymous login checkbox, and try to login to your LDAP-server. After that you'll get a main window:

    Click on the picture to get larger image
    Toolbar are located on top of the window. it can be used to create users, groups, access groups, etc. Also, using toolbar you can search your directory for specific objects. Below toolbar window are split in two part - to the left is different views of objects in LDAP directory, and to the right is views of currently selected object(on the screenshot Personal Edit panel is displayed)

    Hope this tiny doc was of a little help. :-) Enjoy!

    P.S. If you familiar with Russian, you can try to read this draft(PDF).