Complete infrastructure management platform for 389 Directory Service with integrated IPAM, DNS, DHCP, and user/group management.
LDAP Web Manager is a comprehensive web application for managing your entire network infrastructure through a unified interface. Built with modern web technologies and designed to run on NGINX.
graph TB
subgraph "Web Browser"
UI[React Frontend<br/>Modern SPA]
end
subgraph "NGINX Server :443"
NGINX[NGINX<br/>Static Files + Reverse Proxy]
end
subgraph "Backend API :8000"
API[FastAPI Backend<br/>Python 3.9+]
end
subgraph "LDAP Infrastructure"
LDAP1[389 DS Primary<br/>ldap1.svc.eh168.alexson.org<br/>192.168.1.1]
LDAP2[389 DS Secondary<br/>ldap2.svc.eh168.alexson.org<br/>192.168.1.2]
end
subgraph "Integrated Services"
KEA[Kea DHCP<br/>dhcp1/dhcp2<br/>192.168.1.6-7]
BIND[BIND 9 DNS<br/>ns0/ns1<br/>192.168.1.4-5]
SSSD[SSSD Clients<br/>Linux Hosts]
end
UI -->|HTTPS| NGINX
NGINX -->|Static Files| UI
NGINX -->|API Proxy :8000| API
API -->|LDAPS :636| LDAP1
API -->|LDAPS :636| LDAP2
LDAP1 -.->|Replication| LDAP2
LDAP1 -->|Backend| KEA
LDAP1 -->|DLZ| BIND
LDAP1 -->|Auth| SSSD
- ✅ User Management: Create, edit, delete, and search users
- ✅ Group Management: Manage POSIX groups and memberships
- ✅ Password Management: Reset passwords, enforce complexity policies
- ✅ Service Accounts: View and manage dedicated service accounts
- ✅ Automatic UID/GID: Auto-generation of unique identifiers
- ✅ Full POSIX Support: Home directories, shells, gecos fields
- ✅ Search & Pagination: Fast access to users and groups
- ✅ Permission-Based UI: Role-based action visibility
- ✅ Zone Management: Create, edit, delete forward and reverse zones
- ✅ SOA Records: Full SOA parameter control with auto-increment serial
- ✅ Record Management: Support for A, AAAA, CNAME, MX, TXT, PTR, SRV, NS records
- ✅ DLZ Integration: Native 389 DS LDAP backend for BIND 9
- ✅ Zone Statistics: View zone counts and details
- ✅ Validation: Real-time syntax checking for DNS records
- ✅ Search & Pagination: Fast zone lookup
- ✅ Subnet Management: Configure IPv4 subnets with CIDR notation
- ✅ Static Reservations: MAC-to-IP mappings for hosts
- ✅ DHCP Options: Configure DNS servers, gateways, domain names
- ✅ DHCP Ranges: Define dynamic IP address pools
- ✅ Statistics: View subnet counts, static hosts, IP utilization
- ✅ Kea LDAP Backend: Full integration with Kea DHCP server
- ✅ Search & Pagination: Fast subnet lookup
- ✅ Dashboard Integration: Real-time DHCP statistics
- ✅ IP Pool Management: Create and manage IP address pools (CIDR)
- ✅ IP Allocation Tracking: Track static, DHCP, reserved, infrastructure IPs
- ✅ IP Search: Find allocations by IP, hostname, or MAC address
- ✅ Conflict Detection: Prevent duplicate IP assignments
- ✅ Utilization Tracking: Monitor used vs. available addresses per pool
- ✅ VLAN Support: Associate pools with VLANs
- ✅ Gateway & DNS: Configure per-pool network settings
- ✅ Statistics API: Comprehensive IPAM metrics
- 📋 Visual UI: Planned for v2.1.0 (API fully functional)
- ✅ LDAPS: Encrypted connections to 389 DS
- ✅ Role-Based Access Control (RBAC): Admin, Operator, Read-Only roles
- ✅ Session Management: Secure JWT-based authentication
- ✅ Audit Trail: Complete change history
- ✅ API Security: Rate limiting and input validation
- ✅ Modern UI: Responsive design with Tailwind CSS
- ✅ Dark Mode: Toggle between light and dark themes
- ✅ Search & Filter: Quick access to any resource
- ✅ Dashboard: Overview of infrastructure health
- ✅ Real-Time Updates: Live status indicators
- ✅ Mobile Friendly: Works on tablets and smartphones
- NGINX 1.24+ installed on Rocky Linux 8 or similar
- Python 3.9+ for the backend API
- Node.js 18+ and npm/yarn for frontend development (production uses pre-built files)
- 389 Directory Service deployed and accessible
- TLS Certificates for HTTPS (Let's Encrypt, self-signed, or corporate CA)
# Clone the repository
git clone https://github.com/infrastructure-alexson/ldap-web-manager.git
cd ldap-web-manager
# Configure settings
cp config/app-config.example.yaml config/app-config.yaml
nano config/app-config.yaml # Edit LDAP connection details
# Run the deployment script
sudo ./scripts/deploy-full.sh
# Access the web interface
firefox https://ldap-manager.svc.eh168.alexson.orgSee: doc/INSTALLATION.md
ldap-web-manager/
├── frontend/ # React SPA frontend
│ ├── src/
│ │ ├── components/ # React components
│ │ │ ├── Users/ # User management UI
│ │ │ ├── Groups/ # Group management UI
│ │ │ ├── DNS/ # DNS zone/record management
│ │ │ ├── DHCP/ # DHCP subnet/pool management
│ │ │ ├── IPAM/ # IP address management
│ │ │ └── Dashboard/ # Overview dashboard
│ │ ├── api/ # API client
│ │ ├── hooks/ # Custom React hooks
│ │ ├── utils/ # Helper functions
│ │ └── App.jsx # Main application
│ ├── public/ # Static assets
│ └── package.json # Frontend dependencies
│
├── backend/ # Python FastAPI backend
│ ├── app/
│ │ ├── api/ # API routes
│ │ │ ├── users.py # User management endpoints
│ │ │ ├── groups.py # Group management endpoints
│ │ │ ├── dns.py # DNS management endpoints
│ │ │ ├── dhcp.py # DHCP management endpoints
│ │ │ └── ipam.py # IPAM endpoints
│ │ ├── models/ # Data models (Pydantic)
│ │ ├── ldap/ # LDAP connection & operations
│ │ ├── auth/ # Authentication & authorization
│ │ └── main.py # FastAPI application
│ ├── tests/ # Unit and integration tests
│ └── requirements.txt # Python dependencies
│
├── config/ # Configuration files
│ ├── app-config.yaml # Application settings
│ ├── nginx.conf # NGINX configuration
│ └── systemd/ # Systemd service files
│
├── scripts/ # Deployment scripts
│ ├── deploy-full.sh # Complete deployment
│ ├── deploy-backend.sh # Deploy API backend
│ ├── deploy-frontend.sh # Build and deploy frontend
│ ├── setup-nginx.sh # Configure NGINX
│ └── backup-config.sh # Backup configurations
│
├── doc/ # Documentation
│ ├── INSTALLATION.md # Detailed installation guide
│ ├── NGINX-SETUP.md # NGINX configuration guide
│ ├── DEVELOPMENT.md # Developer guide
│ ├── PROJECT-SUMMARY.md # Complete feature overview
│ └── V2-COMPLETION-SUMMARY.md # v2.0.0 release summary
│
├── nginx/ # NGINX-specific files
│ ├── sites-available/ # NGINX site configs
│ │ └── ldap-manager.conf # Main site configuration
│ └── ssl/ # TLS certificate location
│
└── README.md # This file
- React 18 - Modern UI framework
- Vite - Fast build tool
- Tailwind CSS - Utility-first CSS framework
- React Router - Client-side routing
- Axios - HTTP client
- React Query - Data fetching and caching
- Formik + Yup - Form handling and validation
- Chart.js - Data visualization
- FastAPI - Modern Python web framework
- Python-LDAP - LDAP client library
- Pydantic - Data validation
- Uvicorn - ASGI server
- JWT - Authentication tokens
- SQLite - Local cache and audit logs
- NGINX - High-performance web server and reverse proxy
- Certbot - Let's Encrypt SSL certificate management
Edit config/app-config.yaml:
ldap:
servers:
primary: ldaps://ldap1.svc.eh168.alexson.org:636
secondary: ldaps://ldap2.svc.eh168.alexson.org:636
base_dn: dc=eh168,dc=alexson,dc=org
bind_dn: cn=webmanager,ou=ServiceAccounts,dc=eh168,dc=alexson,dc=org
bind_password: ${LDAP_PASSWORD} # Use environment variable
# Organizational Units
users_ou: ou=People,dc=eh168,dc=alexson,dc=org
groups_ou: ou=Groups,dc=eh168,dc=alexson,dc=org
dns_ou: ou=DNS,ou=Services,dc=eh168,dc=alexson,dc=org
dhcp_ou: ou=DHCP,ou=Services,dc=eh168,dc=alexson,dc=orgServed by NGINX on port 443 with reverse proxy to FastAPI backend on port 8000.
See: doc/NGINX-SETUP.md
The main dashboard provides:
- Infrastructure Health: Status of LDAP, DNS, and DHCP services
- Quick Stats: User count, group count, DNS zones, DHCP subnets
- Recent Activity: Latest changes and operations
- IP Utilization: Visual representation of address pool usage
- Alerts: Warnings for conflicts, expiring certificates, replication issues
- LDAPS Only: All LDAP connections use TLS encryption
- Service Account: Web manager uses dedicated read/write service account
- HTTPS Required: Frontend served only over HTTPS
- RBAC: Role-based access control for different user types
- Input Validation: All API inputs validated and sanitized
- Audit Logging: All operations logged with user, timestamp, and changes
- Rate Limiting: API rate limiting to prevent abuse
- Installation Guide - Complete installation instructions
- NGINX Setup - Web server configuration
- External Reverse Proxy Setup - SSL/TLS termination configuration
- Development Guide - For contributors
- Project Summary - Complete feature overview
- v2.0.0 Release Summary - Major release details
- Product Roadmap - Future enhancements and planned features
- Issue Creation Summary - GitHub issues and project setup
- Project Organization Guide - How to organize the project board
- API Documentation - Interactive Swagger docs (when deployed)
This project integrates with:
- 389ds-ldap-server - LDAP backend
- kea-dhcp-server - DHCP server
- bind9-dns-server - DNS server
- ldap-sssd-auth - Client authentication
MIT License - See LICENSE file for details
- Bug Reports: https://github.com/orgs/infrastructure-alexson/projects/2 (Project #2)
- Feature Requests: https://github.com/orgs/infrastructure-alexson/projects/1 (Project #1)
- All Issues: https://github.com/infrastructure-alexson/ldap-web-manager/issues
- Discussions: https://github.com/infrastructure-alexson/ldap-web-manager/discussions
Built for the eh168.alexson.org infrastructure 🚀
Version: 2.0.0
Release Date: 2025-11-03
Status: Production Ready
Repository: https://github.com/infrastructure-alexson/ldap-web-manager