Frequently Asked Questions


Is there a public name-your-favourite-vcs-tool-here repo?
How many developers are working on it?
Is it open source?
Yes, see download page.
Does it have good name-your-favourite-star-rating-here?
I don't care ;-).


SyntaxError: ...
You are probably running a wrong Python version or one of the configuration modules is screwed up.
See required software before starting web2ldap or have a closer look at the traceback where the SyntaxError appears.
ImportError: No module named...
A required module was not found. Install all required software before starting web2ldap. You can check with the script sbin/checkinst.py whether all needed software is installed.
I've installed some packages coming with my favourite Linux distribution and get strange errors with...
Please check whether packages coming with your distribution match the version of required software before starting web2ldap.
I have started web2ldap in stand-alone mode. It runs and accessing it from localhost works but I cannot access it over my network. What is wrong?

For security reasons web2ldap does not bind to every interface in your system as default like other network demons do. You have to explicitly bind to a specific network interface by using command line option -l.
web2ldap -l my.public.ether.addr:port

You can enable binding to all interfaces by

web2ldap -l

There is also a stand-alone configuration option web2ldapcnf.standalone.bind_address for setting this permanently.

Also watch out for stand-alone configuration option web2ldapcnf.standalone.access_allowed which limits the client's IP addresses allowed to access the built-in web server.

Is it possible to run web2ldap under Windows (Win32)?
Yes. You have to grab a Win32 build of python-ldap.
NameError: global name 'threading' is not defined
Your Python interpreter seems to have thread support disabled. You can solve that by building Python with configure --with-threads.
I experience problems with session hijacking detection when accessing web2ldap through a web proxy or using HTTPS.
Check out configuration parameter web2ldapcnf.misc.session_checkvars and especially read the note about REMOTE_ADDR and REMOTE_HOST. Also if using HTTPS check whether SSL/TLS session caching is correctly configured for your web server because SSL_SESSION_ID is also cross-checked.


See also extra page customizing UI.

I want to avoid displaying the raw DNs in the search result table. How to do that?
There are several possibilities:
I would like to setup some automatically filled fields. E.g. automatically set the cn (common name) attribute with the concatenation of values of the attributes givenName and sn (surname).

There are two ways of achieving something like this:

I would like to define a "select" item for certain input fields.
This can be easily done by defining a plug-in class based on base class w2lapp.schema.syntaxes.SelectList and register it as a LDAP syntax handler or explicitly for an attribute type. A simple example can be found in file pylib/w2lapp/schema/plugins/msperson.py.
The select list can also be defined based on LDAP URLs specifying a dynamic result set used for the select options. Watch out for plugin classes based on DynamicValueSelectList or DynamicDNSelectList.
How to customize the HTML output to use different colors, different font size, etc.?
Customization of layout can be done by defining a CSS file (cascaded style sheet). Almost all important HTML elements have own id or class attributes which can be used to define their appearance. Have a look at the example CSS files shipped with the source distribution package.


I would like to upload a photo, a certificate or other binary attribute data. Is that possible?
Yes. But up to now only a single value is supported per attribute. Uploading multiple binary attribute values is currently only possible via LDIF when adding or modifying an entry. You have to convert your binary data with a LDIF tool first and cut&paste its output into the LDIF input field or provide a URL in the LDIF line (see global configuration parameter web2ldapcnf.misc.ldif_url_schemes).
I would like to delete a photo, a certificate or other binary attribute data. Is that possible?
Yes, it is possible since version 0.10.0. An additional [Delete] link is shown for binary attributes. Note that in case of multi-valued attributes all attribute values are deleted. You cannot delete a single chosen attribute value.


I want to refer to the web2ldap gateway from a web page. Is there a way to get a persistent URL?
Yes, see section constructing persistent bookmarks for details.
Is there some way of nifty browser integration?
Yes, check out the directory htdocs/sidebars or the demo sidebar which contains HTML examples for using side-bars of modern browsers (Mozilla, Opera) as entry point. Make sure to use LDAP URLs! With Mozilla you can also use Custom Keywords.
Is Kerberos-based authentication supported?
Yes. python-ldap has to been built with SASL/GSSAPI support (see also python-ldap's installation instructions) and web2ldap has to be started in stand-alone mode by the end-user to use his/her ticket granting ticket (TGT). Make sure that only this particular end-user has access to web2ldap!