Skip to content

Dedicated OpenLDAP GUI?

CatalystDojoGnomeOpenLDAPPostgreSQLSuretec We know there are various desktop apps like gq, Jxplorer etc. and web based like gosa and phpldapadmin, but do we want a GUI specfically tailored for OpenLDAP?

Suretec do.

So, what style?
We've already done a nice Web 2.0 style app using Catalyst, Dojo and PostgreSQL. Why not one like that or Google Desktop?

Probably speed. Loading up LDIF data etc may be too slow.

It would probably have to be something OS independent and written in C or C++

I would prefer using C for making use of libldap for possibly a benchmark suite to include in the app with a plugin API for others to contribute. Then you could use GTK+. I don't know, these are just minor details really, feature set is the key here.

So I'm thinking of features like:

- Standard LDAP[?] stuff
- OpenLDAP Configuration Wizard
- Monitoring stats and graphs
- Tuning wizard
- Benchmark wizard
- Importing from various sources
- many more etc..

The interesting thing about the import part is you could then hook up to various Social Web Apps to get address book info and then import that to your directory. Just a thought.

The main thing I want is configuration tools for cn=config made easy and monitoring with stats etc.

I know it's all just LDIF and LDAP and that you can use any existing GUI, but it would be nice to dumb this down a bit for clients and not find different solutions all over the place for handling the same old task.

But should this be a fresh new app, or could we add to say gq. It might be worth looking into to speed things up.

Feel free to add your comments.



No Trackbacks


Display comments as Linear | Threaded

Komal Shah on :

*This is a fantastic idea.I look forward to hear more from you.I am willing to contribute QA for it.

Lack of GUI tool to manage world's fastest Directory server is a major reason why people shy away from using OpenLDAP in enterprise.

Gavin Henry on :

*Not many clients have really been bothered by there not being one, but it would really polish things off to compliment it.

Please add features you'd like to see.

Komal Shah on :


In addition to features you already mention I would like to see easy ACL management.


James on :

*I've been playing with Apache Directory Studio and it's quite nice, other than being written in Java. They have a module for configuring the Apache Directory Server, so writing one to configure OpenLDAP probably wouldn't be that hard.

Ignacio on :

*EDSadmin might be another starting point. At the moment it only does user and group management, but I'm sure you smart fellows can turn it into something more general-purpose.

eriam on :

*Hello Gavin,

wxPerl would help you build a multi-plateform application.

(I can also advertise Catalyst-Engine-Wx which would help you build that application and eventually make it possible to run it both on the desktop an on the web).



Gavin Henry on :

*I actually installed the Catalyst Wx Engine when I saw it released on CPAN, ran the demo app and was impressed.

It did get my imagination going.

Can a whole app with Wx Engine be used via par?

eriam on :

*Oh you were one of the couragous people to install this .. congratulations :-)

It's is experimental atm but it'll hopefully get cleaner soon.

And I think running this via PAR would be possible, I've not tried already though.


Gavin Henry on :

*I'll have a try when I get a sec.

Buchan Milne on :

*I have been thinking about issues like this myself, and the options I first considered were C++/wxWidgets ( may be a starting point), C++/Qt4 ... however Catalyst/wxPerl may not be such a bad option, as it may allow easy Web+GUI development.

Snce we already have some Catalyst stuff at work, including models using LDAP (for DNS entries using sdb_ldap, user management, DHCP and sudo management on the way), Catalyst/wxPerl makes sense. However, it is quite a heavy stack to require as the admin tool for OpenLDAP (just the perl modules required for this may outweigh the entire OpenLDAP source code base), compared to a more "native" stack such as Wx or Qt4.

The question is whether Model::LDAP is up to it while using Net::LDAP, or whether it's time to port Model::LDAP to Net::LDAPapi

Of course, licensing is also a consideration ... which may have ruled Qt4 out from the start.

Gavin Henry on :

*I think the main things to be decided first are:

Cross Platform?

The license then helps us choose the GUI Toolkit, e.g. if it's not GPL, no QT4, which also helps us choose the language bindings.

Designed correctly, using Catalyst (MVC), a config change could just switch the Engine/View/Controller etc, from web to desktop (Wx).

It might be quite slow though, as you indicate in your Model::LDAP comment. But again, this could either be a config setting for that model to switch to Net::LDAPapi, or a new Model::LDAP_XS etc.

I've already done a nice Dojo Tree via JSON ldap search app against cn=config, so that's a start. There is also, which we've not released or done anything with since last year.

FYI, this is what the dependencies for Catalyst::Engine::Wx are:


Something like pgadmin sounds the way to go.

eriam on :

*that's true that installing all these dependencies could be painfull, but shipping a pre-packaged app is easy

there is the PAR solution (which will work, I'm pretty sure) and also the PAR::WebStart solution that can help

thanks :-)

Gavin Henry on :


A lot of code has been referenced from (ldapexplorertool-2.0.1) where neccessary. See my latest comment.

David Cartwright on :

*Wondering if there have been any further developments regarding the proposed OpenLDAP GUI? Such is essential for some of my SMB clients so that they can perform basic administration in the same way as they currently do with AD.

Gavin Henry on :


We went ahead and started using wxWidgets, C++ and ldapc++

So that means it works on GNU/Linux, Windows and Mac.

It's still very alpha and is worked on an hour or so a day, if time permits.

Grab the screens for some early shots from last month:

We currently hooking controls together etc....slowly. But it's fresh, modelled on the bits we like from all the offerings out there and will do things just for OpenLDAP.


MillerJ on :

*Try LDAP Admin Tool from LDAPSoft, they have a nice GUI tool to connect to Openldap both SSL and non SSL

You can download the tool from :

Jonathon B on :

*Thanks Miller for the link to Ldap Browser (, I tried the linux version on ubuntu 8.1 and am impressed. I recommend this tool to any one interested in administring openldap.

Gavin Henry on :

*I do think Apache LDAP Studio is better and that the only reason you'd use above is if you want to pay to manage Active Directory.


Jonathon B on :

*Apache LDAP Studio is better for Apache Directory not for Open LDAP. Can I view all the open ldap attributes with LDAP Studio? sure not.

Gavin Henry on :

*Of course you can as long as you do the right kind of search and have the right permissions.

Do you mean operational attributes?

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
Pavatar, Gravatar, Favatar, MyBlogLog, Pavatar author images supported.
Form options

Warning: Use of undefined constant CHARSET_NATIVE - assumed 'CHARSET_NATIVE' (this will throw an Error in a future version of PHP) in /home/suretecsystems/www/blog/ on line 182