LDAP Address Book Wiki
Web-based LDAP address book browser/editor
Status: Alpha
Brought to you by:
jfturner
Menu
▾
▴
Home
Below is a high-level summary of the main user-visible features/changes in each release. For full details, see commit history under the project's "code" tab.
Release 0.42
- Ability to define enumerated data types via schema or configuration files.
- Ability to customise column headers per-location when browing/searching records.
- Ability to modify attribute/object schema within config file.
- Fall back to built-in php-gettext if native gettext is not available.
- Schema support for Samba (pre-AD), BorderManager, NIAS, UDDI, GroupWise, ZENworks, Backup Exec, QMail, InetMail, APC UPS, DUA, Boldon James, Trac, CORBA, NDPS, NDS Catalogue Services, Postfix, PMI, SendMail, Misc (OpenLDAP)
Several support tickets for previous versions were resolved by explaining how to call internal schema modification functions to achieve specific effects. These functions are now documented in the manual and available officially, however the function names differ from previous versions.
old function names (0.41 and earlier)
$ldap_server->modify_attribute_schema() $ldap_server->modify_object_schema()
new function names (0.42 and later):
$ldap_server->modify_attribute_class() $ldap_server->modify_object_class()
Release 0.41
- User interface now available in German
- Show linked DN details in folder info view for sytem admins
- Operational attributes now visible when browsing/searching a directory display basic information about AD Group Policy objects.
- Alternate icon for disabled AD computer accounts.
- Dynamic groups in OpenLDAP and eDirectory, Java schema (RFC2713), collective attribute schema, substitute syntax (X-SUBST)
- Implemented more of the Novell PKI, MASV and DNIP schemas,
This version introduces the ability to configure which columns/attributes are displayed when listing records on a per-location basis. A location of is used to specify the default layout, which is also used when listing search results.
Old notation:
$ldap_server->set_display_columns( array( array("caption"=>"Name", "attrib"=>"sortableName", "link_type"=>"object"), array("caption"=>"E-Mail", "attrib"=>"mail", "link_type"=>"mailto"), array("caption"=>"Company Web Site", "attrib"=>"wWWHomePage", "link_type"=>"url"), array("caption"=>"Office Phone", "attrib"=>"telephoneNumber", "link_type"=>"phone_number"), array("caption"=>"Mobile Phone", "attrib"=>"mobile", "link_type"=>"phone_number") ) );
The following examples show how to configure column layouts for different locations. (When listing the contents of the "Friends and Family" OU, "Company Web Site" will be removed and "Home Phone" will be shown instead "Office Phone".)
$ldap_server->set_display_columns("*", // location to which the layout applies, or "*" for default/all array( array("caption"=>"Name", "attrib"=>"sortableName", "link_type"=>"object"), array("caption"=>"E-Mail", "attrib"=>"mail", "link_type"=>"mailto"), array("caption"=>"Company Web Site", "attrib"=>"wWWHomePage", "link_type"=>"url"), array("caption"=>"Office Phone", "attrib"=>"telephoneNumber", "link_type"=>"phone_number"), array("caption"=>"Mobile Phone", "attrib"=>"mobile", "link_type"=>"phone_number") ) ); $ldap_server3->set_display_columns("OU=Friends and Family,DC=example,DC=org", array( array("caption"=>"Name", "attrib"=>"sortableName", "link_type"=>"object"), array("caption"=>"E-Mail", "attrib"=>"mail", "link_type"=>"mailto"), array("caption"=>"Home Phone", "attrib"=>"homePhone", "link_type"=>"phone_number"), array("caption"=>"Mobile Phone", "attrib"=>"mobile", "link_type"=>"phone_number") ) );
Release 0.40
- Bug fixes
Release 0.39
- Added text_area_list data type
- Support for linking additional DNs to an address book
- Support for multi-directory (multi-server) address books
Release 0.38
- Added ad_encrypt_type, ad_trust_attribs, ad_trust_dir, ad_trust_type and delivery_method data types
- Various schema improvements and additions
- Don't show redundant/empty auxiliary class sections in display layouts
- Ability to move records between folders (basic placeholder user interface only)
Release 0.37
- ability to edit multi-valued text (text_list) attributes
- search suggestions doesn't require separate click of "search"
- more complete OpenLDAP configuration and NFAP support
- show the results of a subtree search on the Address Book front page instead of the root of the Address Book namespace
In this version, the Address Book's base DN is configured as part of the LDAP server connection, rather than with a separate global setting.
Old format:
$ldap_server = new ldap_server( "ad", // LDAP server type "dc1.turnersoft.co.uk", // host name/IP address/URL 389 // port number ); // later in config file $ldap_base_dn = "OU=Home,DC=turnersoft,DC=co,DC=uk";
New format:
$ldap_server = new ldap_server( "ad", // LDAP server type "OU=Home,DC=turnersoft,DC=co,DC=uk", // DN of address book "dc1.turnersoft.co.uk", // host name/IP address/URL 389 // port number );
The user setting "display_all_records_by_default" has been removed. In its place, the "front_page_search_filter" setting can be used to define a subtree search filter that should be used instead of displaying the opening page.
Release 0.36
- Support for auxiliary, abstract and type 88 object classes
- Configurable attribute list for checking group membership (enables use of posixGroup, organizationalRole, etc)
- Fixes to group-based permission checking
- Additional schema definitions
- Sort and display OpenLDAP accesslog time stamps in in human readable form
Release 0.35
- jQuery-based object class selector when creating a new record
- Check for allow_create permission before trying to create a record
- Creating/editing takes account of required_attribs for parent classes
- Support creating/editing objects with multi-valued RDNs
- Group-based Address Book permissions can now be controlled via posixGroup objects
- User-selectable country code standards (ISO 3166, FIPS 10-4 and/or WIPO ST.3) and member attributes for checking group membership
- New "display_all_records_by_default" user permission/setting
Release 0.34
- Minor schema updates for COSINE and OpenLDAP NSS/PAM overlay.
- Allow read-only attributes in display layouts (Set allow_edit to false).
- Various bug fixes
This version changes the notation used to configure parts of a record's display layout to be hidden except whilst the record is being edited.
Old notation:
$ldap_server->add_display_layout("inetOrgPerson,user,contact",array( array("section_name"=>"Personal", "attributes"=>array( array("givenName", "Given Name", "contact24.png",true), array("sn", "Surname", "contact24.png",true), array("cn", "Full Name", "contact24.png",true), array("displayName", "Preferred Name", "contact24.png"), array("telephoneNumber", "Office Phone", "landline-phone.png"), array("mail", "E-mail", "mail.png") ) );
The "true" at the end of the first three attributes may be thought of
as "hide this item unless editing". In version 0.34 of the address book
this has been replaced by the "allow_view" setting:
$ldap_server->add_display_layout("inetOrgPerson,user,contact",array( array("section_name"=>"Personal", "attributes"=>array( array("givenName", "Given Name", "contact24.png","allow_view"=>false), array("sn", "Surname", "contact24.png","allow_view"=>false), array("cn", "Full Name", "contact24.png","allow_view"=>false), array("displayName", "Preferred Name", "contact24.png"), array("telephoneNumber", "Office Phone", "landline-phone.png"), array("mail", "E-mail", "mail.png") ) );
Existing config files will need to be updated to use the new notation.
The new "allow_edit" attribute setting can be set to false to create a read-only attribute. The following example will create a simple display layout where users can edit their phone numbers and e-mail addresses but not change their names:
$ldap_server->add_display_layout("inetOrgPerson,user,contact",array( array("section_name"=>"Personal", "attributes"=>array( array("cn", "Full Name", "contact24.png","allow_edit"=>false), array("telephoneNumber", "Office Phone", "landline-phone.png"), array("mail", "E-mail", "mail.png") ) );
This layout could be used in combination with the "allow_edit_self" user permission to create a "self-service" address book where users are allowed to update their own phone numbers and e-mail addresses.
Release 0.33
- Updated OpenLDAP access log overlay schema support
- Display Active Directory aggregate schema and Group Policy WMI filters (subSchema and msWMI-Som objects)
- Decoding of LDAP syntax OIDs to textual names
Release 0.32
- Display/editing of OpenLDAP server configuration
- Support for OpenLDAP name service and DirXML (NetIQ Identity Manager) schemas
- Increased the number of Active Directory classes recognised
- Added ldap_schema, openldap_backend and olc_pcachepos data types
- More flexible handling of object class inheritance
Release 0.31
- Added support for LDAP password policy schema, RFC2307 NIS schema, and the OpenLDAP Project's directory schema
- Italian language user interface
- Minor improvements to "breadcrumb" navigation UI
Release 0.30
- Display link to monitoring information in OpenLDAP rootDSE
- Added support for defining DIT structure rules
- Fixed error when adding a value to a dn/dn_list attribute
Release 0.29
- Ability to edit group memberhips (as well as the values of other "dn" or "dn_list"-type attributes)
- Added ldap_server->add_group() configuration command assigning group-based permissions
- Predefined display layouts for additional eDirectory classes
- Support for LDAP-managed Oracle NetServices/RDBMS Enterprise Roles
Release 0.28
- Included predefined display layouts for commonly-used OpenLDAP classes
- Fix intermittent failed logins due to stale session data
Release 0.27
- Included predefined display layouts for commonly-used Active Directory classes
- Various bug fixes
Release 0.26
- Increased the number of Active Directory and eDirectory classes recognised
- Added child_objects data type, allow_system_admin permission and ability to view rootDSE record
- Various bug fixes
Release 0.25
- Added allow_edit_self permission, introducing basic support for user self-service updating
- Numerous schema-related enhancements and improvements
- Improvements and fixes to vCard output
- Spanish language user interface
- Added allow_ldap_path permission
Release 0.24
- User distinguished names (DNs) are looked up automatically on login. They no longer have to be specified in the config file.
- User permissions can be controlled through LDAP group membership
- Added allow_login permission setting. Set a user's allow_login permission to false to prevent them from logging in. (This replaces the old mechanism of specifing a special "DENY" DN)
- OUs and other "folders" can be displayed in a separate area at the top of entry listings, rather than mixed together with other address book entries.
- Added all remaining attribute definitions to the COSINE schema
This version introduces significant changes to how users and permissions are managed. Future versions will build on these changes, e.g. with per-attribute editing permissions and "self-service" editing. The following notes explain how the configuration syntax differs from previous versions. See the User Guide for a more complete description of the new functionality.
Anonymous access to the address book is now configured as follows:
$ldap_server->add_user("__ANONYMOUS__", array( "ldap_dn"=>"cn=ldap-browe,cn=Users,dc=example,dc=org", "ldap_password"=>"anon-user-password", // Permissions granted to anonymous users: "allow_browse"=>true, "allow_search"=>true, "allow_view"=>true ));
The user's DN and password should be specified using the "ldap_dn" and "ldap_password" settings. The old $ldap_default_user and $ldap_default_password settings are no longer used.
In previous versions the default permissions assigned to logged-in users were specified like this:
$ldap_server->add_user_mapping("__DEFAULT__", "cn=__USERNAME__,cn=Users,dc=example,dc=org", array( "allow_browse"=>true, "allow_search"=>true, "allow_view"=>true, "allow_export"=>true, "allow_export_bulk"=>true ));
The new syntax in version 0.24 is:
$ldap_server->add_user("__DEFAULT__", array( "allow_browse"=>true, "allow_search"=>true, "allow_view"=>true, "allow_export"=>true ));
The template for the user's DN is no longer needed, and users can be located anywhere in the directory (rather than in a single fixed OU). Users' DNs are looked up using a special account, which should have read-only access to search the directory. The account's DN and password are specified as follows:
$ldap_server->dn_search_user = "cn=ldap-search,cn=Users,dc=example,dc=org"; $ldap_server->dn_search_password = "password";
A template for the user's DN can be specified using the ldap_dn setting (if you still wish to use it), for example:
$ldap_server->add_user("__DEFAULT__", array( "ldap_dn"=>"cn=__USERNAME__,cn=Users,dc=example,dc=org", "allow_browse"=>true, "allow_search"=>true, "allow_view"=>true, "allow_export"=>true ));
Active Directory users can specify a User Principal Name (UPN) for the ldap_dn setting. The corresponding DN will be looked up when the user logs in:
$ldap_server->add_user("__DEFAULT__", array( "ldap_dn"=>"__USERNAME__@example.org", "allow_browse"=>true, "allow_search"=>true, "allow_view"=>true, "allow_export"=>true ));
Release 0.23
- French language user interface
Release 0.22
- Small bug fix
Release 0.21
- User configurable date/time display formats
- Compatibility with PHP 5.6
- Searches match anywhere in strings by default
- Various bug fixes
This version adds a number of new config settings for controlling show dates and times are displayed. Default values will be assumed for older config files that do not include these settings.
Release 0.20
- User-extensible schema definitions
- Included support for SCHAC and Mozilla Address Book schemas
- Added more class definitions to Microsoft schema
- Ability to configure alternate display layouts per object class
- Support for boolean, date, date/time and ISO5218 gender data types, read-only support for AD group type/scope, DN list (e.g. group members) and multi-valued text.
- Display an alternate icon for disabled AD user accounts
- New permission (allow_folder_info) for accessing information about a container/OU.
- Now able to run on non-standard web server port number.
- Fixed missing login link if there is only a single user map entry and anonymous access is disabled.
- Fixed DN validation checking when using eDirectory.
The configuration syntax for specifying the display layout has changed in this version so that different types of objects can use different layouts.
Old syntax:
$entry_layout = array( ... );
where the array describes the attributes that appear in records. Replacement syntax is:
$ldap_server->add_display_layout("*",array( ... );
where the contents of the array are the same as before. The * indicates that this layout should be used for all classes of record. The * can be replaced by a name of a class, for example you could create a layout for "groupOfNames" objects which lists the group members.
Release 0.19
- New config syntax for LDAP server type/connection and for user/permission mapping
- Fix web server log messages about missing JQuery UI files and LDAP comparison
- Fix various user login and permission related bugs
- Removed $ldap_login_enabled setting (this will be ignored if still present in old configuration files)
This version introduces two changes to the configuration syntax. The syntax for specifying an LDAP connection used to be:
$ldap_server_type = "ad"; $ldap_link = ldap_connect("ldap.example.org",389);
This changes to:
$ldap_server = new ldap_server( "ad", // LDAP server type "ldap.example.org", // host name/IP address/URL 389 // port number );
The port number can be missed out if the default LDAP server port (389) is being used.
The second change is to how permissions are configured. The old way was to populate an array of "user mapping" information. In this version each user map entry is specified via a self-contained command, for example:
$ldap_server->add_user_mapping("__DEFAULT__", "__USERNAME__@example.org", array( "allow_browse"=>true, "allow_search"=>true, "allow_view"=>true, "allow_export"=>true, "allow_export_bulk"=>true ));
In contrast to the old syntax:
-
User map entries can appear in the configuration file in any order.
-
Permissions which are not granted don't need to be specified.
-
The mapping entry for __ANONYMOUS__ can be removed completely if anonymous access to your address book isn't allowed.
The new configuration syntax is explained further in the manual.
Release 0.18
- Fix search suggestions working when address book is installed to a non-root folder path
Release 0.17
- Search suggestions/autocomplete
- Attributes containing URLs can be shown as links in search results
Release 0.16
- UI improvements for mobile devices and when creating/editing records
- Phone numbers can be displayed as links (click-to-dial, where supported)
- Support for thumbnailLogo attribute (Active Directory specific)
- Export records as vCard files
- Fix error message when replacing an existing photo image
It should be possible to continue using config files from older versions (back to 0.10) with this release. The user/admin guide explains any additional settings to enable new features.
Some CSS/DOM elements have changed in this version. Custom stylesheets (in file styles_local.css, where used) may need minor changes in order to work as before.
Release 0.15
- Initial support for creating/editing/deleting records
The "Configuring users and permissions" section of the user/admin guide explains how to enable access to the new read/write functionality. The config format is otherwise unchanged since version 0.10.
Release 0.14
- Minor enhancements to "getting started" section of manual
- Fix broken icons in "breadcrumb navigation"
- Fix missing space between elements of compound attributes (separated by "+")
Release 0.13
- Fix not returning to previously visited URL after logging in/out
Release 0.12
- Display error/info message if prerequisite PHP extensions are missing
- Support for jpegPhoto and thumbnailPhoto as columns in search/browse results
- Bug fix in JPEG photo handling
Release 0.11
- Parent containers (folders) are now clickable in "breadcrumb navigation"
- Bug fixes in JPEG photo handling and user login
Release 0.10
- Don't display record details from outside of the area of the directory (DN) where the address book is stored.
- Improved escaping of search text (prevent mishandling of "invalid" characters)
- Appearance of folder/container names (e.g. OUs) in search/browse results can be customised via CSS (same as other LDAP attributes)
Config changes needed when upgrading from 0.09:
Attribute names in $ldap_base_dn need to use the same case as the LDAP directory itself. (e.g. where "dc=Something" was previously accepted, this might need changing to "DC=Something").
Release 0.09
- Support for displaying user photos in the directory
- Ability to customise LDAP filters used to retrieve records
- Fix incorrect collation of accented/non-ASCII characters
- Fix layout of sections with all-empty data cells in Chrome/Chromium
Release 0.08
- Ability to customise display fields/layout in detail view
- Customisable page footer (license/manual/source code links by default)
- Separate stylesheet for user/local custom CSS styles
- Fix trailing spaces after attribute values
Release 0.07
- Initial OpenLDAP support
- Replaced presentation markup with CSS
- Fix further text encoding issues (e.g. searches that include Polish characters)
Release 0.06
- Encoding bug fixes, including search for records with accented characters now working
- Support install to non-root folder path
Release 0.05
- Fix missing accented characters on Microsoft AD (explictly set LDAP version 3)
- Fix broken links in eDirectory search results
- Fix faulty URL encoding in links
- Removed deprecated PHP short open tags
- Title link text now configurable
Release 0.04
- Added user/password login support
- Added allow_browse, allow_search and allow_view permissions
- License change from GPL3 to AGPL3
Release 0.03
- Configurable columns in browse/search results listings
Release 0.02
- User/admin/install documentation
Release 0.01
- Initial public release