1 / 10

Web2LDAP: Powerful PKI and LDAP Management Tool

Michael Ströder's web2ldap is a versatile tool for managing PKI features in LDAP servers. It allows simple search and download of certificates, supports various output formats, and can be customized according to specific needs. Learn about its features, limitations, and possible enhancements in this presentation.

kinyon
Download Presentation

Web2LDAP: Powerful PKI and LDAP Management Tool

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. web2ldap • Personal info • Michael Ströder • Freelancer • Focus on PKI / LDAP • Presentation of PKI features in http://web2ldap.de

  2. Overview • Intro • Features • Limitations • Enhancements • Demo / Discussion

  3. Intro • Started in diploma thesis • Simple search and download tool for certificates stored on LDAP server • Add / modify entries

  4. Features (1) • Stand-alone or through CGI of web server on Unix and Windows • Best viewed with any browser (CSS for formatting) • Handling of NON-ASCII character sets

  5. Features (2) • Many output formats for exports (LDIF, vCard, DSML) • Customization possible but reasonable defaults

  6. Features (3) - PKI • Many different standards for storing certificates in directory • Directory server itself is not trustworthy1 Display and handle certificates directly instead storing many certificate-related attributes

  7. Limitations • Uses python-ldap module built with OpenLDAP 1.2.x libs 1 limited to LDAPv2 • WWW-Interface (stateless HTTP)

  8. Road Map • Web session managment(passwords, re-use LDAP connections) • LDAPv3 (Referrals, Schema) • Improve exports (DSML, vCard) • Advanced Authentication Schemes(Kerberos, SASL)

  9. Ideas • Complete certificate validation • DSML engine • Windowing GUI with wxWindows (Windows and Unix)

  10. Discussion • Required features?Referrals, GUI • Authentication Schemes (Kerberos, vs. SASL), Encryption (LDAPS vs. STARTTLS) • Let's browse your favourite LDAP server! (preferrably with certs ;-)

More Related