Complete infrastructure management platform for 389 Directory Service with integrated IPAM, DNS, DHCP, and user/group management.
LDAP Web Manager is a comprehensive web application for managing your entire network infrastructure through a unified interface. Built with modern web technologies and designed to run on NGINX.
graph TB
subgraph "Web Browser"
UI[React Frontend<br/>Modern SPA]
end
subgraph "NGINX Server :443"
NGINX[NGINX<br/>Static Files + Reverse Proxy]
end
subgraph "Backend API :8000"
API[FastAPI Backend<br/>Python 3.9+]
end
subgraph "LDAP Infrastructure"
LDAP1[389 DS Primary<br/>ldap1.svc.eh168.alexson.org<br/>192.168.1.1]
LDAP2[389 DS Secondary<br/>ldap2.svc.eh168.alexson.org<br/>192.168.1.2]
end
subgraph "Integrated Services"
KEA[Kea DHCP<br/>dhcp1/dhcp2<br/>192.168.1.6-7]
BIND[BIND 9 DNS<br/>ns0/ns1<br/>192.168.1.4-5]
SSSD[SSSD Clients<br/>Linux Hosts]
end
UI -->|HTTPS| NGINX
NGINX -->|Static Files| UI
NGINX -->|API Proxy :8000| API
API -->|LDAPS :636| LDAP1
API -->|LDAPS :636| LDAP2
LDAP1 -.->|Replication| LDAP2
LDAP1 -->|Backend| KEA
LDAP1 -->|DLZ| BIND
LDAP1 -->|Auth| SSSD
- β User Management: Create, edit, delete, and search users
- β Group Management: Manage POSIX groups and memberships
- β Password Management: Reset passwords, enforce complexity policies
- β Service Accounts: View and manage dedicated service accounts
- β Automatic UID/GID: Auto-generation of unique identifiers
- β Full POSIX Support: Home directories, shells, gecos fields
- β Search & Pagination: Fast access to users and groups
- β Permission-Based UI: Role-based action visibility
- β Zone Management: Create, edit, delete forward and reverse zones
- β SOA Records: Full SOA parameter control with auto-increment serial
- β Record Management: Support for A, AAAA, CNAME, MX, TXT, PTR, SRV, NS records
- β DLZ Integration: Native 389 DS LDAP backend for BIND 9
- β Zone Statistics: View zone counts and details
- β Validation: Real-time syntax checking for DNS records
- β Search & Pagination: Fast zone lookup
- β Subnet Management: Configure IPv4 subnets with CIDR notation
- β Static Reservations: MAC-to-IP mappings for hosts
- β DHCP Options: Configure DNS servers, gateways, domain names
- β DHCP Ranges: Define dynamic IP address pools
- β Statistics: View subnet counts, static hosts, IP utilization
- β Kea LDAP Backend: Full integration with Kea DHCP server
- β Search & Pagination: Fast subnet lookup
- β Dashboard Integration: Real-time DHCP statistics
- β IP Pool Management: Create and manage IP address pools (CIDR)
- β IP Allocation Tracking: Track static, DHCP, reserved, infrastructure IPs
- β IP Search: Find allocations by IP, hostname, or MAC address
- β Conflict Detection: Prevent duplicate IP assignments
- β Utilization Tracking: Monitor used vs. available addresses per pool
- β VLAN Support: Associate pools with VLANs
- β Gateway & DNS: Configure per-pool network settings
- β Statistics API: Comprehensive IPAM metrics
- π Visual UI: Planned for v2.1.0 (API fully functional)
- β LDAPS: Encrypted connections to 389 DS
- β Role-Based Access Control (RBAC): Admin, Operator, Read-Only roles
- β Session Management: Secure JWT-based authentication
- β Audit Trail: Complete change history
- β API Security: Rate limiting and input validation
- β Modern UI: Responsive design with Tailwind CSS
- β Dark Mode: Toggle between light and dark themes
- β Search & Filter: Quick access to any resource
- β Dashboard: Overview of infrastructure health
- β Real-Time Updates: Live status indicators
- β Mobile Friendly: Works on tablets and smartphones
- NGINX 1.24+ installed on Rocky Linux 8 or similar
- Python 3.9+ for the backend API
- Node.js 18+ and npm/yarn for frontend development (production uses pre-built files)
- 389 Directory Service deployed and accessible
- TLS Certificates for HTTPS (Let's Encrypt, self-signed, or corporate CA)
# Clone the repository
git clone https://github.com/infrastructure-alexson/ldap-web-manager.git
cd ldap-web-manager
# Configure settings
cp config/app-config.example.yaml config/app-config.yaml
nano config/app-config.yaml # Edit LDAP connection details
# Run the deployment script
sudo ./scripts/deploy-full.sh
# Access the web interface
firefox https://ldap-manager.svc.eh168.alexson.orgSee: doc/INSTALLATION.md
ldap-web-manager/
βββ frontend/ # React SPA frontend
β βββ src/
β β βββ components/ # React components
β β β βββ Users/ # User management UI
β β β βββ Groups/ # Group management UI
β β β βββ DNS/ # DNS zone/record management
β β β βββ DHCP/ # DHCP subnet/pool management
β β β βββ IPAM/ # IP address management
β β β βββ Dashboard/ # Overview dashboard
β β βββ api/ # API client
β β βββ hooks/ # Custom React hooks
β β βββ utils/ # Helper functions
β β βββ App.jsx # Main application
β βββ public/ # Static assets
β βββ package.json # Frontend dependencies
β
βββ backend/ # Python FastAPI backend
β βββ app/
β β βββ api/ # API routes
β β β βββ users.py # User management endpoints
β β β βββ groups.py # Group management endpoints
β β β βββ dns.py # DNS management endpoints
β β β βββ dhcp.py # DHCP management endpoints
β β β βββ ipam.py # IPAM endpoints
β β βββ models/ # Data models (Pydantic)
β β βββ ldap/ # LDAP connection & operations
β β βββ auth/ # Authentication & authorization
β β βββ main.py # FastAPI application
β βββ tests/ # Unit and integration tests
β βββ requirements.txt # Python dependencies
β
βββ config/ # Configuration files
β βββ app-config.yaml # Application settings
β βββ nginx.conf # NGINX configuration
β βββ systemd/ # Systemd service files
β
βββ scripts/ # Deployment scripts
β βββ deploy-full.sh # Complete deployment
β βββ deploy-backend.sh # Deploy API backend
β βββ deploy-frontend.sh # Build and deploy frontend
β βββ setup-nginx.sh # Configure NGINX
β βββ backup-config.sh # Backup configurations
β
βββ doc/ # Documentation
β βββ INSTALLATION.md # Detailed installation guide
β βββ NGINX-SETUP.md # NGINX configuration guide
β βββ DEVELOPMENT.md # Developer guide
β βββ PROJECT-SUMMARY.md # Complete feature overview
β βββ V2-COMPLETION-SUMMARY.md # v2.0.0 release summary
β
βββ nginx/ # NGINX-specific files
β βββ sites-available/ # NGINX site configs
β β βββ ldap-manager.conf # Main site configuration
β βββ ssl/ # TLS certificate location
β
βββ README.md # This file
- React 18 - Modern UI framework
- Vite - Fast build tool
- Tailwind CSS - Utility-first CSS framework
- React Router - Client-side routing
- Axios - HTTP client
- React Query - Data fetching and caching
- Formik + Yup - Form handling and validation
- Chart.js - Data visualization
- FastAPI - Modern Python web framework
- Python-LDAP - LDAP client library
- Pydantic - Data validation
- Uvicorn - ASGI server
- JWT - Authentication tokens
- SQLite - Local cache and audit logs
- NGINX - High-performance web server and reverse proxy
- Certbot - Let's Encrypt SSL certificate management
Edit config/app-config.yaml:
ldap:
servers:
primary: ldaps://ldap1.svc.eh168.alexson.org:636
secondary: ldaps://ldap2.svc.eh168.alexson.org:636
base_dn: dc=eh168,dc=alexson,dc=org
bind_dn: cn=webmanager,ou=ServiceAccounts,dc=eh168,dc=alexson,dc=org
bind_password: ${LDAP_PASSWORD} # Use environment variable
# Organizational Units
users_ou: ou=People,dc=eh168,dc=alexson,dc=org
groups_ou: ou=Groups,dc=eh168,dc=alexson,dc=org
dns_ou: ou=DNS,ou=Services,dc=eh168,dc=alexson,dc=org
dhcp_ou: ou=DHCP,ou=Services,dc=eh168,dc=alexson,dc=orgServed by NGINX on port 443 with reverse proxy to FastAPI backend on port 8000.
See: doc/NGINX-SETUP.md
The main dashboard provides:
- Infrastructure Health: Status of LDAP, DNS, and DHCP services
- Quick Stats: User count, group count, DNS zones, DHCP subnets
- Recent Activity: Latest changes and operations
- IP Utilization: Visual representation of address pool usage
- Alerts: Warnings for conflicts, expiring certificates, replication issues
- LDAPS Only: All LDAP connections use TLS encryption
- Service Account: Web manager uses dedicated read/write service account
- HTTPS Required: Frontend served only over HTTPS
- RBAC: Role-based access control for different user types
- Input Validation: All API inputs validated and sanitized
- Audit Logging: All operations logged with user, timestamp, and changes
- Rate Limiting: API rate limiting to prevent abuse
- Installation Guide - Complete installation instructions
- NGINX Setup - Web server configuration
- External Reverse Proxy Setup - SSL/TLS termination configuration
- Development Guide - For contributors
- Project Summary - Complete feature overview
- v2.0.0 Release Summary - Major release details
- Product Roadmap - Future enhancements and planned features
- Issue Creation Summary - GitHub issues and project setup
- Project Organization Guide - How to organize the project board
- API Documentation - Interactive Swagger docs (when deployed)
This project integrates with:
- 389ds-ldap-server - LDAP backend
- kea-dhcp-server - DHCP server
- bind9-dns-server - DNS server
- ldap-sssd-auth - Client authentication
MIT License - See LICENSE file for details
- Bug Reports: https://github.com/orgs/infrastructure-alexson/projects/2 (Project #2)
- Feature Requests: https://github.com/orgs/infrastructure-alexson/projects/1 (Project #1)
- All Issues: https://github.com/infrastructure-alexson/ldap-web-manager/issues
- Discussions: https://github.com/infrastructure-alexson/ldap-web-manager/discussions
Built for the eh168.alexson.org infrastructure π
Version: 2.0.0
Release Date: 2025-11-03
Status: Production Ready
Repository: https://github.com/infrastructure-alexson/ldap-web-manager