Simple Web Interface to LDAP Directories J. Sodnik and S. Tomazic University of Ljubljana, Faculty of Electrical Engineering Trzaska 25, Ljubljana, Slovenia jaka.sodnik@fe.uni-lj.si Abstract— Lightweight Directory Access Protocol is a communication protocol which enables the access to online directories. As it is the case with the majority of free client software, the user is merely able to explore the directory, but can not change its content. The necessary software to administrate LDAP directory can be bought, but it is usually not compliant with the needs of users. Our interface module runs on ASP server and works as a converter between HTML and LDAP protocol. With the use of our model the user can access his directory, administrate it or change its content merely by using a standard internet browser. It was developed to simplify the use of LDAP protocol and the access to LDAP directory for various users. Index Terms— Lightweight Directory Access Protocol, directory, web, interface. ——————————  —————————— 1 INTRODUCTION he information society and business infrastructure of today mostly dependon distributed computer systems and networks which serve as a platform for different applications. Network applications depend on interactions between computers which are part of Local Area Networks (LANs) or wide networks such as the Internet. Different types of information about the users, applications, data files, printers, etc., are usually stored in special databases called directories. Several different types of directories are available. In order to enable uniform data access to these directories, a special protocol, the so-called Lightweight Directory Access Protocol (LDAP), was developed. LDAP is the standardized protocol enabling the user to access and manage directory data. It is optimized and highly adapted for reading and searching directory con- tents and less adapted for directory writing or modifying. LDAP is easy for implementation and highly efficient. It is based on client/server interactions. LDAP client connects to LDAP server and requests or sends specific data, depend- ing on the current operation. LDAP directory can be dealt with as a specific database, adapted to specific data. LDAP directory and classic data- bases, such as SQL or Oracle, do not differentiate much, until they are deployed in specific system and filled with data. The main differences, however, are the following: • read to write ratio: directories are optimized for reading (writing is usually limited to adminis- trators), • directories do not support transactions, • strict consistency in directories is not required, • special directory access protocol (LDAP) is used in directories instead of simple query language (SQL) used in databases, • distribution of data (one database and many physical servers in directories) , and • high efficiency of directories (more operations per second). LDAP directory and protocol can be described on the basis of four LDAP models which enable the compatibility for different LDAP versions. The following four models also enable personification and modification of specific directo- ries to individual users [5], [6]. The basic LDAP functions are derived from x.500 stan- dard, but they are much simplified. Many restrictions and rules typicial for x.500 directories are abandoned. The four described models are: • LDAP information model • LDAP naming model • LDAP functional model • LDAP security model LDAP models serve as basis for directory developers and administrators. 1.1 LDAP information model LDAP information model specifies the data type or the basic information unit, which can be stored in LDAP direc- tory and can be operated with. The information model de- scribes the main directory components or building blocks. The basic information unit in the directory is an entry, which describes all the important characteristic of specific object: person, building, hardware, software, etc. The entry consists of a group of attributes; each attribute describes a specific detail of the object. Further, each attribute has its type and one or many values. The type defines the sort of information contained in value fields. T Fig. 1. LDAP server with directory