Protect against XSS vulnerabilities in URL redirection
LdapCherry
Nice and simple application to manage users and groups in multiple directory services.
- Doc
- Dev
- PyPI
- License
-
MIT
- Author
-
Pierre-Francois Carpentier - copyright © 2016
Demo
A demo is accessible here: https://ldapcherry.kakwalab.ovh
The credentials are:
- as administrator: admin/admin
- as user: user/user
Please take note that it's not possible to modify/delete the 'admin' and 'user' users.
Also take note that the service will be reseted once per day.
Presentation
LdapCherry is a CherryPY application to manage users and groups in multiple directory services.
Its main features are:
- manage multiple directories/databases backends in an unified way
- roles management (as in "groups of groups")
- autofill forms
- password policy
- self modification of some selected fields by normal (non administrator) users
- nice bootstrap interface
- modular through pluggable authentication, password policy and backend modules
LdapCherry is not limited to ldap, it can handle virtually any user backend (ex: SQL database, htpasswd file, etc) through the proper plugin (provided that it is implemented ^^).
LdapCherry also aims to be as simple as possible to deploy: no crazy dependencies, few configuration files, extensive debug logs and full documentation.
The default backend plugins permit to manage Ldap and Active Directory.
Screenshots
Try out
# clone the repository
$ git clone https://github.com/kakwa/ldapcherry && cd ldapcherry
# change the directory where to put the configuration (default: /etc)
$ export SYSCONFDIR=/etc
# change the directory where to put the resource (default: /usr/share)
$ export DATAROOTDIR=/usr/share/
# install ldapcherry
$ python setup.py
# edit configuration files
$ vi /etc/ldapcherry/ldapcherry.ini
$ vi /etc/ldapcherry/roles.yml
$ vi /etc/ldapcherry/attributes.yml
# launch ldapcherry
$ ldapcherryd -c /etc/ldapcherry/ldapcherry.ini -D
License
LdapCherry is published under the MIT Public License.