User Guide
ldapinator listens on port 3268 by default for unencrypted (http) access to the web interface. 3269 is the encrypted (https) port.
Simple point your web browser to http://<your.host.name>:3268 or http://<your.host.name>:3269
You must configure certificates to enable encrypted communication on port 3269.
When you first visit the ldapinator web interface, you'll see a house icon at the top left, along with the top-level distinguished name of your directory tree near the center.
An LDAP directory structured around a DNS domain of .home
Click on the house icon to expand the directory. You can also click folders (organizational units) to expand them.
LDAP directory tree showing the Groups OU expanded
Any time you click on something in the directory tree on the left side, additional detail is shown to the right. For container objects like the Groups OU, the detail is sparse. But, clicking on a leaf object reveals additional attributes.
For example, clicking on one of the groups under the Groups OU will reveal the group description, its numeric group ID, and a list of members. Clicking on a user reveals attributes associated with the posixUser LDAP class.
If you're not seeing your directory, check the config.ini for baseDN under the section heading of structure. It should look like this:
[structure]
baseDN = "dc=home"
Also check your credentials under the heading of bind. At minimum, you will need an LDAP user that can read the directory. If you want to allow modifications, you'll also need an LDAP user with write permission. An example is shown below.
[bind]
readOnlyDN = "cn=search,dc=home"
readOnlyPassword = P@ssw0rd
readWriteDN = "cn=Manager,dc=home"
readWritePassword = P@ssw0rd
If the directory does not expand, open the developer tools for your browser. The console log may offer error messages.
When you click on a posixAccount leaf object, attributes of the user account will appear on the right side. Anything shown in a field with a white background is editable. Simply change the text inside the field and ldapinator will make the corresponding change in your LDAP directory.
User dialog showing the attributes of a posixUser
In addition to the credentials for a read-write LDAP account in the bind section of config.ini, there are also parameters in the api section that can prevent updates to the directory. These are shown below.
[api]
allowAnonymousRead = yes ; yes or no
allowAnonymousModify = yes ; yes or no
allowUserPasswordChange = yes ; yes or no
token = S0m3R4nd0mStr!ng
If you set
allowAnonymousModify = no, you must provide the API token to make changes. When using the web client, simply click the log in button at the top right. When using the API, set the Authorization header toBearer S0m3R4nd0mStr!ng(or whatever token you have defined in config.ini
In the bottom right corner of the user attribute form, there is a key icon labeled Reset Password. Clicking it will reveal a password change dialog. Enter the new password in the two fields presented. Click the check mark to confirm the change or click the X to clear the fields and close the password dialog without making changes.
Password change dialog
Two config.ini file parameters under the api section can affect password changes. The most obvious is allowUserPasswordChange = yes, but attribute modifications must be allowed as well with allowAnonymousModify = yes.
[api]
allowAnonymousModify = yes ; yes or no
allowUserPasswordChange = yes ; yes or no
Because web client authentication is still under development, a setup like this means anyone with access to ldapinator can change passwords.