web2ldap - Features

List of currently available features
<Download> <News> <Demo> <Related>
<Commercial> <Feedback> <FAQ>
<Features> <Installing> <Configuration> <Compability> <Security> <Changes> <Files> <Roadmap>

See the roadmap for features which will be added in the future.

Feature requests can be made through the feedback form.

Running Mode

  • Runs on Unix-derived OS (e.g. Linux, FreeBSD, Solaris etc.) and Windows 32-bit platforms.
  • Runs multi-threaded either as stand-alone web server or as FastCGI server.
  • Highly configurable on a per-host/-backend basis.

User Interface

  • Comfortable web interface for unexperienced users.
  • Configuring the search root is most times unnecessary.
  • Efficient browsing in directory trees with paged displaying of search results. Honors attributes hasSubordinates, numSubordinates and subordinateCount if available.
  • Displays pictures in-line.
  • Attributes containing DNs, URLs or mail addresses are shown as links. DNs can be followed within web2ldap by simply pressing a button.
  • If an error occurs during adding or modifying entries the user can edit and re-submit his input data.
  • Trys to be friendly to all browsers by producing simple, but well-formed HTML 4.01 (almost strict).
  • Recursive deletion of directory trees.
  • Three different search forms:
    Static search form based on customizable HTML template.
    Build search filter by choosing options from select lists.
    Direct use of LDAP filter expressions.
  • User-friendly handling of LDAPv3 referrals with reconnecting directly to referred host. This enables the user to wander from host to host along knowledge references which is usually much faster.
  • OIDs in RootDSE attributes are displayed with name and description.
  • Some (configurable) quick-buttons for common actions.
  • Process LDIF input even with URL support (if configured).

Many Output Formats

  • HTML templates can be used for displaying LDAP entries.
  • HTML header can be configured to include colors, background pictures or logos.
  • ID params in main HTML tags for using Cascaded Style Sheets (CSS).
  • Printer-friendly HTML output of search results based on a configurable HTML template string.
  • Support for vCards - users of common browsers can easily add entries to their local address books.
  • Bulk downloading of directory data as LDIF.
  • Aware of UTF-8 character encoding for retrieving/storing non US-ASCII characters.
  • Bulk downloading of directory data as DSML (XML namespace for directory data).

Advanced LDAP features

LDAP connection
Automatically determine the protocol version and features supported by the LDAP server. Falls back to reasonable defaults if features are not available.
It it possible to directly use LDAP URLs (see RFC 2255) to reference LDAP entries and LDAP search results. Example:,dc=org

Note: Although most LDAP URLs will work you should use URL-quoted LDAP URLs.
Root DSE
  • Uses namingContexts attribute from RootDSE to determine appropriate search root automatically.
LDAPv3 Referrals
  • Displays new login mask to repeat current action after chasing a referral.
  • Search continuations are displayed.
Locating LDAP service
Try to locate a LDAP host for a specific domain, dc-style DN (RFC 2247, RFC 2377) or e-mail address. (see also the Internet Draft "A Taxonomy of Methods for LDAP Clients Finding Servers" on LDAPEXT page)
  • Well known DNS aliases (kinda primitive)
  • LDAPv3 Referrals (knowledge references)
  • Locate LDAP host via SRV RR (see also RFC 2782). This is automatically done if e.g a LDAP URL does not contain a host name but a dc-style DN or if an error response was received with error code NO_SUCH_OBJECT. Multiple SRV RRs are processed in order of their priority until a connect to a host was successful. (The weight field of the SRV RR is currently ignored.)
Write Access
  • Support for adding, modifying, deleting entries, deleting sub trees and modifying the RDN of entries.
  • Schema-aware to provide schema-matching input forms for add/modify.
  • Automatic search for missing parent entries if adding of an entry fails with "no such object". (for reducing the same old boring questions on the LDAP-related mailing lists ;-).
Group administration feature
Convenient and efficient way to add/remove an entry to/from a group entry (still experimental).
Manage DSA IT mode
Enabling/disabling manage DSA IT mode (see draft-zeilenga-ldap-namedref).

Advanced HTTP options

  • Downloading of binary attributes with appropriate mapping to MIME types. MIME mapping can be configured browser-dependent.
  • Optionally use gzip-encoding for saving network bandwidth if client has sent Accept-Encoding: gzip in the HTTP header.
  • Optionally use the right character set for output according to the HTTP header Accept-Charset sent by the HTTP client.


  • Smart login with automatic completion of bind DN.
  • Client-hashed passwords (see also RFC 2307, schemes {crypt}, {md5}, {sha}, {smd5}, {ssha}) for setting the userPassword attribute on Umich-derived LDAP servers (like OpenLDAP, Netscape/IPlanet server etc.).
  • Native SSL support also in stand-alone mode (still experimental).
  • Nice displaying of X.509 certificates and CRLs stored in the directory including all X.509v3 extensions with links to e.g. CRL distribution points, policy documents etc.

Page last modified: Monday, 21-Jan-2002 01:42:14 CET, © by Michael Ströder <>