1 / 10

web2ldap

web2ldap. Personal info Michael Ströder Freelancer Focus on PKI / LDAP Presentation of PKI features in http://web2ldap.de. Overview. Intro Features Limitations Enhancements Demo / Discussion. Intro. Started in diploma thesis

adlai
Download Presentation

web2ldap

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. web2ldap • Personal info • Michael Ströder • Freelancer • Focus on PKI / LDAP • Presentation of PKI features in http://web2ldap.de

  2. Overview • Intro • Features • Limitations • Enhancements • Demo / Discussion

  3. Intro • Started in diploma thesis • Simple search and download tool for certificates stored on LDAP server • Add / modify entries

  4. Features (1) • Stand-alone or through CGI of web server on Unix and Windows • Best viewed with any browser (CSS for formatting) • Handling of NON-ASCII character sets

  5. Features (2) • Many output formats for exports (LDIF, vCard, DSML) • Customization possible but reasonable defaults

  6. Features (3) - PKI • Many different standards for storing certificates in directory • Directory server itself is not trustworthy1 Display and handle certificates directly instead storing many certificate-related attributes

  7. Limitations • Uses python-ldap module built with OpenLDAP 1.2.x libs 1 limited to LDAPv2 • WWW-Interface (stateless HTTP)

  8. Road Map • Web session managment(passwords, re-use LDAP connections) • LDAPv3 (Referrals, Schema) • Improve exports (DSML, vCard) • Advanced Authentication Schemes(Kerberos, SASL)

  9. Ideas • Complete certificate validation • DSML engine • Windowing GUI with wxWindows (Windows and Unix)

  10. Discussion • Required features?Referrals, GUI • Authentication Schemes (Kerberos, vs. SASL), Encryption (LDAPS vs. STARTTLS) • Let's browse your favourite LDAP server! (preferrably with certs ;-)

More Related