How to improve usability

How to improve usability for end-users by configuration

Client-side customization considerations

For simplifying usage of web2ldap for end-users the LDAP administrator can utilize many customization options. Please make yourself comfortable how to specify host-/backend-specific parameters with the cascaded configuration since that saves you a lot of configuration work.

Constructing persistent bookmarks

You can construct bookmarks and make them available on a simple web page which makes certain functions in web2ldap more easily accessible. Or you can add the LDAP URLs with an appropriate description to the select list presented on the front page by adding them to the list specified with ldap_uri_list.

For the ease of use web2ldap displays LDAP URLs containing also the simple bind information (in LDAP URL extension bindname). You can copy these LDAP URLs to your clipboard and simple append them as query string to the web2ldap URL (separated by a question mark).

Examples for bookmarks:

Search user accounts (here entries with object class account) anonymously
http://web2ldap.example.com:1760/web2ldap?ldap://directory.example.com/ou=Users,dc=example,dc=com??sub?(objectClass=account)
Adding a new user entry but with enforcing a login with bind-DN uid=fred,ou=Users,dc=example,dc=com before
http://web2ldap.example.com:1760/web2ldap/addform?ldap://directory.example.com/ou=Users,dc=example,dc=com????bindname=uid%3Dfred%2Cou%3DUsers%2Cdc%3Dexample%2Cdc%3Dcom
Set a password for a certain user (again after a login)
http://web2ldap.example.com:1760/web2ldap/passwd?ldap://directory.example.com/uid=anna,ou=Users,dc=example,dc=com????bindname=uid%3Dfred%2Cou%3DUsers%2Cdc%3Dexample%2Cdc%3Dcom

HTML templates for guiding users

You can specify HTML snippets in template files for certain things. HTML templates can be are chosen based on language configuration in your browser.

Displaying single entries
You can assign HTML templates to object classes with parameter read_template which specify how to display the entry's data of this particular object class. See files etc/web2ldap/templates/read_*.html as examples. Attributes not covered by the display template(s) will be shown as raw table at the bottom.
Search input form
Parameter searchform_template allows to specify a HTML template defining input fields for search parameters.
Entry input forms
Parameter input_template allows to specify HTML templates for object classes used in the input form when adding new entries or editing existing entries.
Login forms
Set login_template to customize the login input form. Consider setting login_default_mech if you have specific policy for the LDAP bind mechanism used.

LDIF templates for quickly add entries you need often

With parameter addform_entry_templates you can define a set of LDIF-based templates for a kind of entries you have to add very often. See files etc/web2ldap/templates/add_*.ldif as examples.

Plug-in classes for syntaxes and/or attribute types

web2ldap internally handles many aspects of displaying attribute values or input fields with the help of Python classes (derived from w2lapp.schema.syntaxes.LDAPSyntax) registered for LDAP syntax OIDs and/or attribute types.
Plug-in classes have access to various data:

There are already various base classes available quite handy for implementing

Look into files pylib/w2lapp/schema/plugins/*.py for examples. Best pratice is to stuff self-implemented custom classes in a module in directory etc/web2ldap/web2ldapcnf/plugins/ and import this module in file etc/web2ldap/web2ldapcnf/plugins/__init__.py. Order of the import-statements is significant.

Server-side configuration

You can also influence how the user interacts with your LDAP directory via web2ldap by configuring things in the server.

Schema design

Syntaxes
specify the syntax to which attribute values must comply. If you choose finer-grained syntaxes web2ldap displays input fields and conducts syntax validation appropriate for that syntax (e.g. TRUE/FALSE select field for syntax Boolean).
Attribute types
For some attribute types web2ldap has already special handler classes (e.g. attribute type mail).
Object classes
are the type(s) of an entry and specify which attributes can be used within an entry. web2ldap uses this to display the input entry form (table format) indicating required and allowed attributes.
DIT content rules
specify which auxiliary object classes are allowed for a structural object class. This is used by web2ldap to display the allowed auxiliary object classes in the object class select form.
Name forms
specify how to form the RDN for a new entry to be added. If a name form applies web2ldap displays a select list for choosing a RDN string template.
DIT structure rules
specify which structural object classes are allowed in a certain part of the DIT. This is used by web2ldap to display the allowed structural object classes in the object class select form.