Definetly the weirdest LDAP management tool

Its called ldapvi, and its just about what you’d expect with that name :-). The author would like you to think about it as vipw for your LDAP based authentication, and in addition to a few command line option it really isn’t much more then that (UI-wise):

How I got to it? For some reason, when running Fedora’s KDE software management tool, this was the only suggested software in response to the search “LDAP” (which wasn’t a library, plugin or command line tool).

I gave it a chance and actually, its really useful ((Well, if you’re into that kind of thing, which apparently I am) – a lot better then some other Linux based UIs for LDAP that I’ve used in the past (and the guilty shall remain anonymous for the time being).

The usage is pretty straight forward – start ldapvi with the settings for your LDAP server, for example:

ldapvi -h ldap://server:389 -b o=people,dc=someorg,dc=com -D cn=root,dc=someorg,dc=com

Type in your password, and you will get something like the screenshot above – a text buffer with all of the entries in the LDAP under the base DN you specified. You are then free to edit these entries as you see fit, and the tool may actually save your modifications to the LDAP server if you follow the very simple LDIF-like 1 syntax.

Entries are separated by one or more empty lines, and each start with an entry ID number followed by the fully qualified DN of the entry. To edit an entry, just change the following lines in any way you see fit – updating, adding or removing properties is as easy as writing in VI 2. If you want to add a new entry, create a new batch of lines but start with a line that has the word add (instead of an entry id) followed by the DN you want to add.

A note to remember: the passwords are shown and editable (at least if you log in as a user with full administrative permissions) – as the hash result, exactly as its stored in the directory server itself. You can manipulate them just like any other LDAP attribute, but to set up a new password you’d have to first generate the hash for the new password, and save that. One option is to use the OpenLDAP slappasswd, for example:

slappasswd -h {SHA} -s somepassword

The -h parameter specifies the hashing algorithm to use, and you have to put that text in the attribute value before the hash result. This OpenLDAP FAQ entry has more on the subject of password hashes, including some useful scripts.

When you “save” the buffer, ldapvi will prompt you for a confirmation, which may looks like this:


add: 3, rename: 0, modify: 0, delete: 0
Action? [yYqQvVebB*rsf+?] ?

At which point you are supposed to hit “y” to update the server, though as you can see there are quite a few alternative choices (and in the spirit of VI, presented in a very concise way). And basically that’s it.

So if you’re looking for a good tool to manage your LDAP directory, and your’re a die-hard fan of VI, this just may be the thing for you. Me? Its a useful tool and I’ll be happy to keep it on my belt to fall on to if I’m fresh out of options (which is actually currently the case), but I’ll keep looking for something more… how shall I put it… graphical? less looking like an 80s reject? no, I know – something I can happily let MSCEs use ;-).

Enhanced by Zemanta
  1. but not really LDIF, its important to note[]
  2. which is to say, not very easy – but you get used to it… well… slowly 😉 []

Leave a Reply