Client-side customization considerations
  For simplifying usage of web2ldap for end-users the LDAP administrator
  can utilize many customization options. Please make yourself comfortable
  how to specify 
  host-/backend-specific parameters with the cascaded configuration
  since that saves you a lot of configuration work.
Constructing persistent bookmarks
  You can construct bookmarks and make them available on a simple web page
  which makes certain functions in web2ldap more easily accessible. Or you
  can add the LDAP URLs with an appropriate description to the select list
  presented on the front page by adding them to the list specified with
  ldap_uri_list.
  web2ldap generates persistent bookmarks and displays them as ready-to-use
  links in the status area also including the simple bind information (in
  LDAP URL extension bindname).
Examples:
  - Search user accounts (here entries with object class account) anonymously
- 
    
      http://web2ldap.example.com:1760/web2ldap?ldap://directory.example.com/ou=Users,dc=example,dc=com??sub?(objectClass=account)
    
  
- 
    Adding a new user entry beneath ou=Users,dc=example,dc=com but with
    enforcing a login with bind-DN
    uid=fred,ou=Users,dc=example,dc=com
    before
- 
    
      http://web2ldap.example.com:1760/web2ldap/add?ldap://directory.example.com/ou=Users,dc=example,dc=com????bindname=uid%3Dfred%2Cou%3DUsers%2Cdc%3Dexample%2Cdc%3Dcom
    
  
- Set a password for a certain user (again after a login)
- 
    
      http://web2ldap.example.com:1760/web2ldap/passwd?ldap://directory.example.com/uid=anna,ou=Users,dc=example,dc=com????bindname=uid%3Dfred%2Cou%3DUsers%2Cdc%3Dexample%2Cdc%3Dcom
    
  
  See LDAP URL format specified in RFC 4516.
  See specific examples on the demo page
  for even more examples.
HTML templates for guiding users
You can specify HTML snippets in template files for certain things.
HTML templates can be are chosen based on language configuration in your browser.
  - Displaying single entries
- 
    You can assign HTML templates to object classes with parameter
    read_template
    which specify how to display the entry's data of this particular object class.
    See files etc/web2ldap/templates/read_*.html as examples.
    Attributes not covered by the display template(s) will
    be shown as raw table at the bottom.
  
- Search input form
- 
    Parameter searchform_template
    allows to specify a HTML template defining input fields for search parameters.
  
- Entry input forms
- 
    Parameter input_template
    allows to specify HTML templates for object classes used in the input
    form when adding new entries or editing existing entries.
  
- Login forms
- 
    Set login_template
    to customize the login input form. Consider setting
    binddn_mapping
    if you have specific policy for the LDAP bind mechanism used.
  
LDIF templates for quickly add entries you need often
  With parameter 
  addform_entry_templates you can define a set of LDIF-based templates
  for a kind of entries you have to add very often.
  See files etc/web2ldap/templates/add_*.ldif as examples.
Plug-in classes for syntaxes and/or attribute types
  web2ldap internally handles many aspects of displaying attribute
  values or input fields with the help of Python classes (derived from
  web2ldap.app.schema.syntaxes.LDAPSyntax) registered for LDAP syntax OIDs
  and/or attribute types.
  Plug-in classes have access to various data:
  - attribute type and one of the values are direct class attributes
- LDAP connection object for sending additional queries
- DN of the entry
- whole entry (schema-aware instance of ldaputil.schema.Entry
  There are already various base classes available quite handy for implementing
  - Client-side regex-checking of valid attribute values
- Static or dynamic select classes
  Look into files web2ldap/app/plugins/*.py for examples.
  Best practice is to stuff self-implemented custom classes in a module in
  directory etc/web2ldap/web2ldapcnf/ and import this
  module in file etc/web2ldap/web2ldapcnf/plugins.py.
  Order of the import-statements is significant.
  There is a nice viewer available displaying a clickable map of the
  /classweb2ldap_1_1app_1_1schema_1_1syntaxes_1_1LDAPSyntax.html">
  plugin class hierarchy.
Server-side configuration
You can also influence how the user interacts with your LDAP directory via web2ldap
by configuring things in the server.
Schema design
  - Syntaxes
- 
    specify the syntax to which attribute values must comply. If you choose
    finer-grained syntaxes web2ldap displays input fields and conducts
    syntax validation appropriate for that syntax (e.g. TRUE/FALSE select field
    for syntax Boolean).
  
- Attribute types
- 
    For some attribute types web2ldap has already special handler classes
    (e.g. attribute type mail).
  
- Object classes
- 
    are the type(s) of an entry and specify which attributes can be used
    within an entry. web2ldap uses this to display the input entry form (table format)
    indicating required and allowed attributes.
  
- DIT content rules
- 
    specify which auxiliary object classes are
    allowed for a structural object class. This is used by web2ldap to display
    the allowed auxiliary object classes in the object class select form.
  
- Name forms
- 
    specify how to form the RDN for a new entry to be added. If a name form
    applies web2ldap displays a select list for choosing a RDN string template.
  
- DIT structure rules
- 
    specify which structural object classes are
    allowed in a certain part of the DIT. This is used by web2ldap to display
    the allowed structural object classes in the object class select form.