Compability

LDAP and HTTP servers, and other software tested so far

web2ldap is known to work smoothly with the software/platforms mentioned here. If a software is not listed here does not mean it is not compatible unless it is listed in the negative list.

I'd appreciate if you use the feedback form to contribute to these compability notes.

[LDAP servers] [Web browsers] [Operating systems] [Web servers] [PKI products]

LDAP Servers

Please note that support for LDAPv2 connections was dropped in release 1.1.5 since this is considered historic since a quite while now (see also RFC 3494).

Server product Tested releases Comments Current Status
OpenLDAP 2.x Open Source reference implementation of LDAPv3. web2ldap has some extra features for this server. Regularly used for interop tests.
OpenDJ 2.4.x ForgeRock's fork of OpenDS which works just fine. Especially using more sophisticated LDAPv3 extended controls has been tested with this. Used for interop testing of DIT structure rules and name forms. Regularly used for interop tests.
MS Active Directory W2K, W2K3, W2K3R2, W2K8, W2K8R2, W2K12 Various work-arounds were added to handle the broken sub schema in W2K. Some extra features were added for MS AD. W2K3+ regularly used for interop tests.
CA eTrust Directory 8.1 and 12.0 Worked just fine. Release 8.1 used as reference server for implementing the viewer for DIT structure rules and name forms in web2ldap. Not tested for a while.
Novell eDirectory 8.7.x and 8.8.x Ships with broken schema (non-unique OIDs) but recent web2ldap versions have work-arounds for this. Recently used for testing.
Netscape Directory Server 4.x Used to work just fine but not tested for a while. Historic
389 also known as Fedora Directory Server recent Seems to work but has subschema bugs with non-unique NAMEs and/or OIDs which requires to set schema_strictcheck=False. Tested rather rarely
iPlanet/SunONE Directory Server 5.x and 6.x Seems to work but has subschema bugs with non-unique NAMEs and/or OIDs which requires to set schema_strictcheck=False. Tested rather rarely
Oracle DSEE (formerly Sun) 11.1.1.7.2 Seems to work but has subschema bugs with non-unique NAMEs and/or OIDs which requires to set schema_strictcheck=False. Tested recently (04/2015)
Lotus Domino LDAP R5.x, R6.x and R7.0.x Most times it works quite well. Persistent connections are dropped very fast - depends on the version I guess. web2ldap contains a work-around for the null-byte terminated string of the namingContexts attribute in Domino/LDAP's RootDSE. Tested rather rarely (last time 7.03)
Siemens DirX 6.x Worked just fine. Added support in web2ldap for searching the administrative sub entries. Not tested for a while.
Innosoft Distributed Directory Server (IDDS) unknown version Only read-only tests were done and the product is not available anymore for years. Historic
Critical Path InJoin and Directory Server 4.2 4.x Worked without problems. Not tested for a while.
Syntegra unknown version Read-only tests on a public address book server worked. Historic.
IBM Directory Server unknown version Worked without problems. Not tested for a while.
Apache DS 1.5 and 2.0M7 Simple operations have been reported to work just fine. Recent 2.0M7 caused interop problems with invalid password policy response control. Tested rarely.
OpenDS 1.0 and 2.0RC Worked just fine also with DIT structure rules and name forms. Not tested for a while since project seems dead.
Isode's M-Vault LDAP/X.500 Directory Server R14 Some glitches were resolved in web2ldap 1.0.7 to work with the M-Vault Directory Server. Not tested for a while.
ViewDS (formerly View500) 6.0e11 Works also with DIT structure rules and name forms. web2ldap honors the operational attribute governingStructureRule. Not tested for a while.

Web Browsers

Content Enhanced - Use Any Browser

Mozilla
Mozilla 1.x already had very good CSS support.
Recent versions of Firefox and Seamonkey simply work and are used as a reference.
Konqueror
The web browser and file manager of the KDE project: Note the input forms enclosed in <fieldset> were not displayed by older versions. (see KDE bug #44643 RESOLVED).
Microsoft Internet Explorer
Support for CSS depends very much on the version used. The modern CSS files shipped with web2ldap likely does not work with IE 6.0 and before. Some minor CSS glitches with IE 7.0.
Opera
Commercial browser. Aims to be fast and small. Also very good CSS support.
Google Chrome
Simply works.
lynx
A text-mode browser - still supported for those who have to use a terminal.
w3m
Another text-mode browser capable of handling tables and displaying images (if the terminal allows it).

Operating Systems

Linux
Please do not use outdated RPM packages...
Windows 32
Sucessfully tested.
FreeBSD
There is even a FreeBSD port of web2ldap.
Solaris 8, 9 and 10
You can grab some of the packages needed from www.sunfreeware.com.

Web Servers

Apache HTTP Server
I don't have to write any explanation about this one...
lighttpd
You have to spawn web2ldap as external FastCGI responder in a separate startup script with spawn-fcgi. There's a new wrapper script for this available in fcgi/.
nginx
You have to spawn web2ldap as external FastCGI responder in a separate startup script with spawn-fcgi. There's a new wrapper script for this available in fcgi/.

PKI products

Entrust Authority
Works fine with directory structure and content written by Entrust Authority6.0 (tested with Siemens DirX and CP InJoin). Displays encryption certificate in attribute userCertificate just fine. The Entrust specific attributes (e.g. roaming profiles) can be downloaded as binary data.

Negative List

Unfortunately web2ldap is known not to work with the following misbehaving software or the software is ancient and thus could not be tested with recent web2ldap releases for years:

Netmeeting
Many Netmeeting directory servers (most times DNS alias starting with ILS) contain invalid NUL-terminated strings in some rootDSE attributes. This can't be worked around easily without breaking LDAP implementation.
I also did not find a ILS server which allows non-exact searching or any other useful stuff for general LDAP use.
Netscape Communicator 4.x
Chokes on rendering modern CSS rules. CSS files shipped with web2ldap distribution likely does not work with this anymore. Anyway you should not use this ancient browser anymore. If you still have to use it consider writing your own simple CSS file.
OpenLDAP 1.x
Open Source implementation of LDAPv2 which is not supported anymore.
Lotus Domino LDAP R4.5x and 4.6x
Sometimes behaviour of this LDAP server was very weird making it almost unusable. LDAPv2 if I remember correctly. Not tested since years.