eDirectory Password Chainsaw


home page url: http://jlodom.org

(Update, March 2018: The zip file containing the source got dropped during one of the Cool Solutions migrations. I've put it back at the top of this page.)

The Service Desk in my organization has recently been deluged with calls relating to eDirectory LDAP. Over the last year several critical applications have transitioned to web-based front-ends that use LDAP for authentication. Every application authenticates a little differently, and there are multiple LDAP servers involved. Adding to the complexity, our back-end systems feeding Identity Manager have also changed, leading to potentially non-standard data making its way to user records. Plus there is the occasional eDirectory crashing bug leading to service outages for a particular server.

Service Desk personnel are not eDirectory administrators, and very often the problems confronting them need to be identified quickly and resolved promptly. Users who only log into LDAP every few months to check a single application are a particular concern, and very often need to have their passwords reset because they have forgotten them. Subtlety is at a premium.

In order to alleviate the suffering of my colleagues, I developed a very blunt instrument: The eDirectory Password Chainsaw. This application allows the Service Desk to check a user's basic eDirectory information in several LDAP servers at once. It then allows them to verify passwords, change passwords, set password expiration dates, and clear intruder lockout (or several combinations of these actions). It works well on workstation and mobile devices, provided that the device has a relatively current web browser.

Setup is quite simple - change variables in a single file, optionally alter a couple of other files, and upload to a web server running PHP with the LDAP extension. Done!

All the files you need are in the zip file. Give it a try and let me know whether you would like any other functionality.

The application covers a lot of ground using the PHP LDAP libraries, and may also be useful for administrators who would like some straightforward code to learn about incorporating LDAP into their own internal web applications.

Remember -- a chainsaw can cut through a lot of obstacles, but it can also cause grievous bodily harm. Make sure that your personnel practice safe password chainsawing.

Here are a couple of screenshots:




Comment List