"manage multiple directories/databases backends in an unified way"

[xpufx]

Does this mean multiple instances of the software can run with different backend configurations to manage multiple and different server types be it ldap/mysql etc?

It kind of sounds like you could have one instance for managing multiple ldap domains. But when I look at the config, I am not seeing this.

I have a nontraditional setup where I have LDAP DOMAIN -> domains -> invidividual domains -> users etc kind of a setup. This allows me to host multiple email domains easily using dovecot's ldap features.

It looks like even if I can manage to filter down with a search parameter in the ldapcherry config, I can only manage one of the said "domains" in this app.

A more generic client would be able to attach the domains/users anywhere in the tree.

Good project but it seems it makes some assumptions that limit its capability.

Am I mistaken as to how it works?

[kakwa]

Not sure to understand what you want to do, but what I meant in the description is:

You have one instance of ldapcherry, it can then be configured to add/edit users in multiple backend, submitting the appropriate fields to each backends.

What I had in mind is to solve the common issue in enterprises where you have a "Unix" ldap (typically OpenLdap) and an Active Directory because Windows is impossible to avoid. And too often, both are managed completely separately.

Indeed, this project makes some assumptions, partly because the main developer (aka me) is not good enough, but also partly to try to find a balance between complexity of configuration/deployment and flexibility.

Just as an example, up until now, I've ignored multi-valued attributes as there are a pain to manage in a multi-backend setup (the reconciliation is kind of hard to get right, and handling inconsistencies correctly is a bit of a pain).

That being said, I tried to have a documented API for the backends, and special uses cases could potentially be implemented with a custom one.

[xpufx]

Firstly, I think the main developer is perfectly fine. I am just trying to understand what the software does without installing it. From checking out the demo and the config files I couldn't figure out how much it does.

Looking at your explanation now, I am getting the impression that currently the software can work with one traditional ldap server and one AD server simultaneously in order to create users in both. Is this what it's doing?

[kakwa]

yes, that's exactly that.

[xpufx]

Perfect. Thank you. I was actually looking for a python ldap client kind of deal to steal and use for my own learning experience. Thanks for the software!