November 6, 2007

LDAP browsing with Luma

Author: Federico Kereki

The Lightweight Directory Access Protocol (LDAP), which allows you to access and search a directory (another name for a specialized database or data repository that stores typed information about objects), is becoming a common component in Linux environments. If you're looking for a Linux option to search a directory with LDAP, check out Luma.

I got Luma directly from the Packman openSUSE repository, but you can probably find it in all distributions. The latest stable version is 2.3-0, dated March 2006, but the Luma site offers release candidate version 2.4, which is almost a year old. If you want to install it manually, you'll need Python, Qt, PyQt, and python-ldap, all of which are easily available. Luma is available under the GPLv2.

When you start it, you'll see a brief splash screen featuring a Shrek-like bluish figure, followed by the main screen, which offers several plugins that provide the program's functionality. Luma is organized around plugins, including browsers (both for data and schemas), an address book, user management (including massive user creation), and a general search function. More functions may become available in the future.

Before you can do anything with Luma, you first need to define which directory server you want to access. There's no limit as to how many servers you might want to connect to. Navigate to Settings -> Edit Server List -> Add, to add a new server to the list. Click on the newly added server, then sequentially click on each available option. Network Options is where you define the hostname, port, and encryption options; Authentification (yes, that's how they spell it) is where you define the login method; and LDAP Options is where you select whether you want to "Follow Aliases" (a concept similar to symbolic links) or "Use Base DNs as defined by the server" (usually a good option). After you define your server characteristics, click on Summary to check whether everything is OK, and then on Save. You should then be ready to start browsing or searching the whole directory.


The Browser plugin is a good starting point for getting to know the server. Click on your server name (you may notice a delay here, since Luma has to establish a connection to the server and download some information) to traverse the whole directory in a tree-like fashion. Click on the + symbols to open the nodes up and get more detail, and click on the - symbol to close them down again. When you reach a leaf node (that is, a node with no dependent nodes), Luma displays all its attributes and values. If you have enough rights, you can edit an attribute value (by clicking on the pencil icon), remove an attribute or class (by clicking on the red X), or add a new attribute (the star icon at the top) by selecting it from a list of allowed attributes and then entering its value by editing. Your changes aren't saved automatically; you need to click on Save on the top menu or confirm the changes when you move to a different node.

If you want to add new objects with the Browser plugin, you will need a Template, and for this you have to use the Template plugin. Click on Add, and you will be able to add a new template: give it a name and a description. Then, add object classes you want the template to apply to, and additional attributes for them. You cannot change the attribute characteristics (if it is mandatory or binary, for example) but you can give it a default value.

If you're curious about the directory's schema, try out the Schema Browser plugin. It provides full information about the complete data scheme, including classes, attributes, and dependencies. Select a server and wait until Luma connects to it and gets its structural information. Then click on ObjectClasses to learn what kind of objects are stored in the directory, or click on Attributes to get more details about the meaning of each.

The Address Book is a simpler plugin that allows you to maintain a list of names and addresses. Click on Add to add a new entry, Delete to remove one, or search by using the filter. Navigate to Settings -> Configure Plugins, and click on Address Book to see the attributes that will be searched; you can easily add a new one or delete an old one.

The Search plugin provides a more powerful way to search. Pick the server and the base distinguished name (DN, a globally unique identifier for entries), then click on the Filter Wizard to create a query string. If you're knowledgeable about searching, you can skip the wizard and just type in something like (&(objectclass=person)(ou=accounting)) in the Filter field. In either case, you must have some general ideas about LDAP searching; you might want to bone up on search specifics.

The Admin Utilities plugin provides a bunch of functions that aren't LDAP-specific, including password generation and encryption and date/time calculations; they're nice but seemingly irrelevant.

Finally, the User Management and Massive User Creation plugins allow you to create users, either one at the time or many simultaneously. You should be familiar with creating Linux or Unix users before using these plugins (the documentation frankly allows this plugin is not general, but rather quite Unix oriented) because you need to specify several administrative options, such as the user shell, home prefix, and user ID range. Note, however, that the tool won't create the home directories for the user: you will have to do that on your own, or set up your system to use pam_mkhomedir so the required directories will be automatically created the first time the user logs in.

Even if you have little experience in LDAP matters, using Luma can quickly help you put your theoretical knowledge into practice. Luma could use some user documentation (the Help button provides only About information) or, at the very least, pointers to Web-based information. But if you have to deal with LDAP servers, Luma can provide much-needed aid.


  • System Administration