web500gw: Configuration hints

Layout of HTML pages:
The layout of the produced Web pages could be controled by the language specific messagefiles, usually WEB500GWDIR/web500gw.messages... There are defined fixed tokens (lines starting with :) which will be included in the HTML pages, e.g.

:ADMIN <A HREF="mailto:admin@foo.bar">Admin</A>

On many places you can use "placeholders" which are substituted by web500gw with the according values. See comments in the distributed messagefiles, e.g.

# HTML start sequence
# Entry: %1 = RDN, %2 = UFN
As you could use HTML tags within the message file you should check that the resulting HTML code is valid. I often use

web500gw -t URL | weblint -x netscape -

The adaption of the HTML layout isn't an easy task, I know. There are plans to use a more generic approach...

Display of entries:
The display of Directory entries could be controled by the ACCESS rules specific templatefiles, usually WEB500GWDIR/ldaptemplates.conf... For each object class you can easily configure, what attributes in which order should be presented. You can also configure friendly notations for attribute names. It's possible to define "special actions" for an entry, e.g. links (e.g. "Show vCard" or "Show more attributes") or search actions (e.g. list children).

See an example ldaptemplates.conf with comments.

Access Control:
Access control ist host-based. Depending on the requesting host you could control
  • what rights the client has
        e.g. modify only from local hosts, remote hosts only can read default attributes defined in the ACCESS specific template file.
  • the view of your Directory data
        e.g. external users can search but not browse and see only a subset of attributes.
  • limits for search results
        e.g. external clients get only a few results while local users get all results.
  • the default language for the client
        e.g. German for clients from *.de.
  • how to bind to the Directory
    To use Access control methods of your underlying Directory service you could bind to the Directory differently.
        e.g. bind as DN with full rights from local hosts and as restricted DN from remote.
Please note: As ACCESS rules are based on DNS reverse lookup they are not reliable. Confidential data couldn't be protected from unauthorized access this way.

See the description of the configuration with an example.

Language negotiation:
  1. If a user requests a specific language with URL flag lang=language(see URL format) this language is used.
       e.g. URL = http://host:port/DN?$lang=de - language "de" is used.
    If this language is not defined in the global configuration file this flag is ignored.
  2. If the browser request contains an Accept-Language: header this language is used. Modern browsers allow to configure such an option (Language Preferences).
       e.g. Accept-Language: en - language "en" is used.
    If this language is not defined in the global configuration file this header is ignored.
  3. Each ACCESS rule has a default language. This language is used when nothing others is requested as shown above.

See the description of the configuration with an example.

Friendly names in right language:
While composing an HTML page to send it to the client web500gw takes most of the HTML parts from the language specific messagefile. But a few strings will be looked up in the language specific friendlyfile:
  • Labels (attribute names) and objectclasses (from templatefile)
  • Country names (DNs from the Directory)
  • Match descriptions for search results (from filterfile)
If no "friendly" mapping for the string is found the "unfriendly" string will be used.

Adding support for your language:
For different language support you'll have to adapt the language specific configuration files - messagefile, friendlyfile, helpfile and attrfile.
Install these files in the WEB500GWDIR with an appropriate suffix (e.g. web500gw.messages.fr for a French messages file).
Then define this new language in web500gw.config:
language: fr : fr.* : .fr
Eventually add this language as a default language for an ACCESS rule:
access: French : .+\.fr : fr : ...
Restart web500gw and try it out.
And please let me know if I can add it to the distribution and others can use it.

VERSION: 2.1rc1
 Known Bugs
 Links & References


 Search interface
 Adding entries


 Y2K proof?
 Mailing List
 URL format
 URLs in entries
 LDAP errors

 SF.net Project

Test it:
 TU Chemnitz
 TU Chemnitz CGI
 Other sites

hosted by sourceforge
  (hints.html.php Version 1.1) last modified by dekarl on 2001/07/22 at 20:17:46 GMT