LDAPeople - an LDAP client for iPhone / iPod touch
LDAPeople is a versatile LDAP addressbook client. You can use it to query LDAP based directory servers for addressbook records. LDAPeople displays a list of entries that match your query and provides a detailled view for each record found. In the detail view, you can tap on a persons phone number, e-mail address or url and your device will instantly call that person or open your e-mail application or webbrowser for the selected address.
LDAPeople supports both LDAPv2 and LDAPv3 using anonymous bind or simple authentication. Everything that depends on attributes specific to a certain LDAP directory server is configurable. You are free to configure a custom LDAP filter for queries and there's even a complete attribute mapper that maps attributes from your directory server to iPhone / iPod touch addressbook attributes according to your needs.
Note: LDAPeople uses the OpenLDAP library (© OpenLDAP Foundation). For further information
about its license, see here.
Screenshots
Configuration
Basic Settings
The minimum required configuration consists of a Server and a Base DN.
Server
This is the fully qualified hostname (or IP address) of the LDAP server to connect to. This parameter is required. Optionally a port can be appended to the server using the :portnumber notation. If no port is specified, the default port (389) is used.
Examples:
directory.washington.edu
directory.mycompany.com
directory.mycompany.com:1234
Base DN
This is the distinguished name to be used as search base for all LDAP queries. This parameter is required.
Examples:
o=University of Washington,c=US
o=Addressbook,dc=mycompany,dc=com
Bind DN (Username)
The optional Bind DN (Username) used to bind to the LDAP server. If left empty, an anonymous connection is made. Only the "simple" authentication method is supported at this time. Please not that the Bind DN has the form of a distinguished name and is not just a login name.
Password
If a Bind DN (username) is configured for the connection, the corresponding password must be set here.
Advanced Settings
LDAPeople comes preconfigured with reasonable values for all the advanced settings and so you might not have to bother about about them at all. If you would like to customize the application beyond the basic setup however, there are lots of things to configure here.
Sizelimit Warning
Most LDAP servers have a sizelimit for the number of results a query is allowed to return. In case the sizelimit is exceeded, an LDAP client usually displays a warning. Otherwise you would not be sure if you are seeing all of the available results. Therefore, use this switch to choose whether sizelimit exceeded warnings should be displayed or not.
Filter
This is the LDAP filter used to query the directory. For a detailed explanation of the LDAP search filter notation, please consult RFC 2254.
In LDAPeople, any occurence of % (or %0) in the filter statement will get replaced with the whole query string that you have entered. For example, if the query string is set to (|(givenName=%*)(sn=%*)) and you enter "Joh" in the searchbar, then the actual query sent to the directory server is (|(givenName=Joh*)(sn=Joh*)).
Examples:
(|(givenName=%*)(sn=%*))
(cn=*%*)
But there's more to it! In addition to the replacements already mentioned %1 will get replaced with the first individual word in the query string, %2 with the second word, and so on up to %9. The usefulness of this is best explained with an example:
Suppose you have a guy named "Johann Sebastian Bach" in your directory that is stored as:
...
givenName: Johann Sebastian
sn: Bach
...
and you have the following filter configured:
(|(|(sn=%*)(givenName=%*))(&(givenName=%1*)(sn=%2*)))
You can now query for "Johann" or "Bach" but also "Johann Bach" to find him.
One other thing to note about filters is that when you do a wildcard search (i.e. you press the Search button without entering any query string) and you have a filter configured as (sn=*%*), then the actual query sent to the LDAP server would be (sn=**). As that is certainly not what you wanted to send to the server, any occurence of multiple asterisks is replaced with just one asterisk in wildcard searches. So the resulting query will in fact be (sn=*) in that particular example.
Selection
This parameter defines the blank separated list of attributes to display in the result selection table of a query. The result selection table is the list that you get after a query and where you can tap on any of the results to see further details.
Examples:
givenName sn
cn
Base Filter
This is convenience setting for those users who have to work with LDAP servers that do hide the objectClass attribute. Doing so makes it impossible to execute universally valid base-level queries and it also violates the LDAP specification as defined in RFC 2251. Using this setting one can work around the problem by customizing the filter used for base-level queries. (cn=*) should be a good choice for those affected.
Examples:
(objectClass=*)
(cn=*)
Search Scope
The search scope used to query your LDAP server. "Subtree" should be fine in most situations, but if it's not, you can also select "One Level" here.
Attribute Mapping
The Attribute Mapping subsection of LDAPeople's settings allows you to map
each of the supported iPhone / iPod touch attributes to attributes available on the
LDAP server that you are working with. The left hand side shows the supported iPhone / iPod touch attributes;
on the right hand side you can configure each corresponding LDAP attribute. If you do
not know what attributes your LDAP server is supporting, see the FAQ.
Q: I do not know what attributes my LDAP server is supporting. How can I figure this out?
A: There are basically two ways to figure this out. The first and probably
obvious method is to ask your LDAP server administrator. If this is not an
option, you might try to query your LDAP server from you Mac to find
out yourself. To do this, open Terminal.app (in Applications/Utilities) and enter the following command:
ldapsearch -x -h <ldap server name> -b <search base dn>
Of course you have to replace <ldap server name> with the fully qualified name
of your ldap server and <search base dn> with the distinguished name of your
search base.
Q: Where can I change the TCP port to connect to the server?
A: If you have to specify a different port than the default (which is 389), append ":<portnumber>" to the "Servername" setting.
Example: directory.mycompany.com:1234
Q: Do you support LDAPS?
A: LDAPS is not supported in the current version of LDAPeople. Due to popular request we have already integrated LDAPS support into LDAPeople on our development branch. But until it has passed the somewhat tedious process of legal paperwork to export cryptographics software, we cannot provide it via the App Store. So please bear with us. LDAPS will come as a free upgrade to LDAPeople as soon as we are allowed to release it.
Q: The pictures in the detail view look skewed. What's wrong?
A: The detail view expects pictures to be of quadratic shape. If your directory
server provides pictures that are non-quadratic, they will be stretched to fit
the quadratic frame on the top left.
Q: Why is it not possible to configure more than one LDAP server?
A: The possibility to configure multiple LDAP servers will be introduced with LDAPeople 2.0. We are already working on it!
Q: I can search for names and get results but when I click on an entry, the detail view of that contact is empty. What's wrong?
A: Please have a look the documentation about the "Base Filter" setting under "Advanced Settings".
We are always looking to enhance our software. Whether you'd like to see some new features implemented in the next release, have general feedback or questions of any kind: feel free to contact us on info@boneware.ch