Child pages
  • LDAP Group Admin
Skip to end of metadata
Go to start of metadata

LDAP Group Admin





Pranav Gandhi


  • Investigate existing web interfaces for group modification.
  • Investigate a command line interface for modifying existing ldap groups.
  • Evaluate each one and select the one that is in line with our requirement.
  • Writing one ourselves is also a possibility.
  • Present to systems.

Status Report

  • This is already built into openldap. If we add a creator attribute to manageable groups, we can add a general rule to slapd.conf that allows that user to modify the group entry. Then group modification could be something along the lines of: `ldapmodify -D 'uid=hyfi,ou=People,dc=ccs,dc=neu,dc=edu' -W < modifygroup.ldif`
  • Where modifygroup.ldif would be the standard syntax for modifying ldap groups.
  • This can be abstracted to ` crew hyfi florence ... aliukani`
  • Then this can be turned into a web interface at some point.




January 2013

Research all existing solutions Set up ldap server on

February 2013

Learn permissions in sldapd.conf

March 2013

Create scripted modifications, set up web interface

April 2013

Show it off


  • Give authorized users ability to manage their own ldap groups using a convienent interface.


  • Speeds up the process of ldap group modification for end users
  • Gives systems more time to work on other projects

Example (crew)

  • hyfi manages the group crew
  • It is a new semester and there are 5 new crew members
  • hyfi logs into and edits the members of the group crew

Example (tutoring)

  • It is a new semester and vanhorn wants to add new tutors to the group cs2500tutors
  • vanhorn logs into and removes all the old tutors
  • vanhorn adds new tutors into the group
  • No labels