ldap-ui 0.9.10__py3-none-any.whl → 0.9.12__py3-none-any.whl

ldap_ui/__init__.py

@@ -1 +1 @@
-__version__ = "0.9.10"
+__version__ = "0.9.12"

ldap_ui/__main__.py

@@ -23,14 +23,14 @@ def print_version(ctx: click.Context, param: click.Parameter, value: bool) -> No
     "--base-dn",
     type=str,
     default=settings.BASE_DN,
-    help="LDAP base DN (required). [default: BASE_DN environment variable]",
+    help="LDAP base DN.  [default: Detect from root DSE]",
 )
 @click.option(
     "-h",
     "--host",
     type=str,
     default="127.0.0.1",
-    help="Bind socket to this host.",
+    help="Bind socket to this IP.",
     show_default=True,
 )
 @click.option(
@@ -38,21 +38,23 @@ def print_version(ctx: click.Context, param: click.Parameter, value: bool) -> No
     "--port",
     type=int,
     default=5000,
-    help="Bind socket to this port. If 0, an available port will be picked.",
+    help="Bind socket to this port (or 0 for any available port).",
     show_default=True,
 )
 @click.option(
     "-u",
     "--ldap-url",
     type=str,
-    help="LDAP directory connection URL. [default: LDAP_URL environment variable or 'ldap:///']",
+    default=settings.LDAP_URL,
+    help="LDAP directory connection URL.",
+    show_default=True,
 )
 @click.option(
     "-l",
     "--log-level",
     type=LEVEL_CHOICES,
     default="info",
-    help="Log level. [default: info]",
+    help="Log level.",
     show_default=True,
 )
 @click.option(

ldap_ui/settings.py

@@ -14,7 +14,20 @@ SECRET_KEY = os.urandom(16)
 # LDAP settings
 #
 LDAP_URL = config("LDAP_URL", default="ldap:///")
-BASE_DN = config("BASE_DN", default=None)  # Required
+
+# Directory base DN.
+# If unset, auto-detection from the root DSE is attempted.
+# This works under the following conditions:
+# - The root DSE is readable with anonymous binding
+# - `namingContexts` contains exactly one entry
+# Otherwise, manual configuration is required.
+BASE_DN = config("BASE_DN", default=None)
+
+# DN to obtain the directory schema.
+# If unset, auto-detection from the root DSE is attempted.
+# This works if root DSE is readable with anonymous binding.
+# Otherwise, manual configuration is required.
+SCHEMA_DN = config("SCHEMA_DN", default=None)
 
 USE_TLS = config(
     "USE_TLS",
@@ -29,11 +42,6 @@ INSECURE_TLS = config(
     default=False,
 )
 
-# OpenLdap default DN to obtain the schema.
-# Change as needed for other directories.
-SCHEMA_DN = config("SCHEMA_DN", default=None)
-
-
 #
 # Binding
 #

{ldap_ui-0.9.10.dist-info → ldap_ui-0.9.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ldap-ui
-Version: 0.9.10
+Version: 0.9.12
 Summary: A fast and versatile LDAP editor
 Author: dnknth
 License: MIT License
@@ -44,14 +44,22 @@ The app always requires authentication, even if the directory permits anonymous
 
 ### Environment variables
 
-LDAP access is controlled by these environment variables, possibly from a `.env` file:
+LDAP access is controlled by the following optional environment variables, possibly from a `.env` file:
 
-* `LDAP_URL` (optional): Connection URL, defaults to `ldap:///`.
-* `BASE_DN` (required): Search base, e.g. `dc=example,dc=org`.
-* `LOGIN_ATTR` (optional): User name attribute, defaults to `uid`.
+* `LDAP_URL`: Connection URL, defaults to `ldap:///`.
+* `BASE_DN`: Search base, e.g. `dc=example,dc=org`.
+* `SCHEMA_DN`: # DN to obtain the directory schema, e.g. `cn=subSchema`.
+* `LOGIN_ATTR`: User name attribute, defaults to `uid`.
 
-* `USE_TLS` (optional): Enable TLS, defaults to true for `ldaps` connections. Set it to a non-empty string to force `STARTTLS` on `ldap` connections.
-* `INSECURE_TLS` (optional): Do not require a valid server TLS certificate, defaults to false, implies `USE_TLS`.
+* `USE_TLS`: Enable TLS, defaults to true for `ldaps` connections. Set it to a non-empty string to force `STARTTLS` on `ldap` connections.
+* `INSECURE_TLS`: Do not require a valid server TLS certificate, defaults to false, implies `USE_TLS`.
+
+if `BASE_DN` or `SCHEMA_DN` are not provided explicitly, auto-detection from the root DSE is attempted.
+For this to work, the root DSE must be readable anonymously, e.g. with the following ACL line for OpenLDAP:
+
+```text
+access to dn.base="" by * read
+```
 
 For finer-grained control, see [settings.py](settings.py).
 
@@ -61,8 +69,7 @@ For the impatient: Run it with
 
 ```shell
 docker run -p 127.0.0.1:5000:5000 \
-    -e LDAP_URL=ldap://your.ldap.server/ \
-    -e BASE_DN=dc=example,dc=org dnknth/ldap-ui
+    -e LDAP_URL=ldap://your.openldap.server/
 ```
 
 For the even more impatient: Start a demo with
@@ -143,7 +150,8 @@ Additionally, arbitrary attributes can be searched with an LDAP filter specifica
 
 ### Caveats
 
-* The software works with [OpenLdap](http://www.openldap.org) using simple bind. Other directories have not been tested, and SASL authentication schemes are presently not supported.
+* The software works with [OpenLdap](http://www.openldap.org) using simple bind. Other directories have not been tested much, although [389 DS](https://www.port389.org) works to some extent.
+* SASL authentication schemes are presently not supported.
 * Passwords are transmitted as plain text. The LDAP server is expected to hash them (OpenLdap 2.4 does). I strongly recommend to expose the app through a TLS-enabled web server.
 * HTTP *Basic Authentication* is triggered unless the `AUTHORIZATION` request variable is already set by some upstream HTTP server.
 

{ldap_ui-0.9.10.dist-info → ldap_ui-0.9.12.dist-info}/RECORD

@@ -1,10 +1,10 @@
-ldap_ui/__init__.py,sha256=5nY2lKMmQwtU8FXTQ2Qpv9EUNfy2UJF9cHFr82n7ARw,23
-ldap_ui/__main__.py,sha256=s2jFbC2y2LpvcTY8yXOFVisKXSFG079hc9IVgrJ49vY,1849
+ldap_ui/__init__.py,sha256=XR5b9xrEQYlPbzUgeAtHjn10uKetzrpCdRIvgcGJkoI,23
+ldap_ui/__main__.py,sha256=SfpNGw1tlunqLobN8T-7GT47BQBw_c9gO2ANgXkNO9U,1802
 ldap_ui/app.py,sha256=eLRed3iVyrE56CeYBmE0nW09LKh_3Ztc1_ZON37dv8Q,8161
 ldap_ui/ldap_api.py,sha256=j8llIyXkd51g-MDHtN-9XyUvVS8Z_wvQb9Z7uTMyoNU,15897
 ldap_ui/ldap_helpers.py,sha256=1Sq2hwndwzETb3cPpCoHBF8r-JmAaWh87-Pl2inZRy8,3675
 ldap_ui/schema.py,sha256=LNIHTlkcJYPdtZ0RZ9a_-KejVGWCGuMwtDDD8tSaprY,4515
-ldap_ui/settings.py,sha256=fN5QtB9Sv3UYF3tJX6M1yKClMSxvA332z2FckAonM14,2466
+ldap_ui/settings.py,sha256=UjCB24epLLUF0ECLb5MulfHPNGjEG57ZS2HXVFJ_k3Y,2844
 ldap_ui/statics/favicon.ico,sha256=_PMMM_C1ER5cpJTXZcRgISR4igj44kA4u8Trl-Ko3L0,4286
 ldap_ui/statics/index.html,sha256=_QF-25WH6wEK2MfhAmccRRlzpbk8btozMhhct9ro-do,827
 ldap_ui/statics/assets/fontawesome-webfont-B-jkhYfk.woff2,sha256=Kt78vAQefRj88tQXh53FoJmXqmTWdbejxLbOM9oT8_4,77160
@@ -16,9 +16,9 @@ ldap_ui/statics/assets/index-BOlMrt1N.js,sha256=GpM_tl2FLHwau7eFtlh82sN3x_YhjemR
 ldap_ui/statics/assets/index-BOlMrt1N.js.gz,sha256=8LOcgG-YTp4c0kCIw9QzQzM59a_PlRy7eBOhTnHsmvY,43711
 ldap_ui/statics/assets/index-Cw9TEv0d.css,sha256=sa0JhzpsjJhP3Bi2nJpG6Shn3yKI9hl_7I9kVY5E3Zs,48119
 ldap_ui/statics/assets/index-Cw9TEv0d.css.gz,sha256=qE_XQEa7HH54vGvQR78l5eeTcXVWmiqU_d7Go80X_S0,11533
-ldap_ui-0.9.10.dist-info/LICENSE.txt,sha256=UpJ0sDIqHxbOtzy1EG4bCHs9R_99ODxxPDK4NZ0g3I0,1042
-ldap_ui-0.9.10.dist-info/METADATA,sha256=4A3XwREZ64eKsx7Vnlrlj37i0FobwDWmDkKl8coTawE,7558
-ldap_ui-0.9.10.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-ldap_ui-0.9.10.dist-info/entry_points.txt,sha256=TGxMkXYeZP5m5NjZxWmgzITYWhSdj2mR_GGUYmHhGws,50
-ldap_ui-0.9.10.dist-info/top_level.txt,sha256=t9Agyig1nDdJuQvx_UVuk1n28pgswc1BIYw8E6pWado,8
-ldap_ui-0.9.10.dist-info/RECORD,,
+ldap_ui-0.9.12.dist-info/LICENSE.txt,sha256=UpJ0sDIqHxbOtzy1EG4bCHs9R_99ODxxPDK4NZ0g3I0,1042
+ldap_ui-0.9.12.dist-info/METADATA,sha256=eoyA_Dg-5C0p8ljotFliDeeWSnzLDzbVnzbzqQab8xU,7872
+ldap_ui-0.9.12.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+ldap_ui-0.9.12.dist-info/entry_points.txt,sha256=TGxMkXYeZP5m5NjZxWmgzITYWhSdj2mR_GGUYmHhGws,50
+ldap_ui-0.9.12.dist-info/top_level.txt,sha256=t9Agyig1nDdJuQvx_UVuk1n28pgswc1BIYw8E6pWado,8
+ldap_ui-0.9.12.dist-info/RECORD,,