What is LDAP Browser/Editor?
The LDAP Browser/Editor provides a user-friendly Windows Explorer-like interface to LDAP directories with tightly integrated browsing and editing capabilities. It is entirely written in Java with the help of the JFC (SwingSet) and JNDI class libraries. It connects to LDAP v2 and v3 servers.
- Improved SSL integration.
- Improved DnD and copy-and-paste interface.
- A number of bug fixes and UI improvements.
- A couple of new attribute editors/viewers.
- Browsing, searching and editing of the DIT.
- Browsing
- easy navigation through the hierarchical DIT
- viewing of entries' contents
- Editing
- adding, removing, modifying and editing of a single entry or an attribute
- copying, renaming, deleting, and moving entries or entire sub trees in DIT
- Searching
- search results can be saved into an LDIF file
- LDIF support. Entire trees and single entries can be easily exported to and imported from LDIF.
- Object templates. Object templates are used for creating and adding new entries. The templates can be manually or automatically (from existing entries) created.
- Binary value support. Attribute contents can be saved or loaded from a file.
- LDAP v3 aware. Handles and manages referrals, allows for specifying and displaying operational attributes and also for retreiving the naming contexts from the server root DSE.
- SSL support.
- Drag and drop, copy-and-paste interface. Allows for copying and pasting or dragging and dropping entires or attributes between multiple instances or within a single instance of the browser.
- Named sessions. Allows for working with LDAP severs with different configurations.
- Attribute viewers/editors. Each attribute can be associated with a particular viewer/editor that helps to display/edit the contents of the attribute in a specific manner.
- Built-in viewers:
- CertificateViewer for displaying certificate information
- ImageViewer for displaying any gif or jpg images
- PasswordEditor for verifying and generating MD5, SHA and Unix Crypt passwords
- Custom viewers:
- can be written by users and easily plugged-in into the browser
- Applet support. The browser can be ran as a singed or unsinged applet within a web browser.
Introduction :
The LDAP Browser/Editor allows users to view the items stored in a LDAP directory in an hierarchical manner. It also allows modifications of the LDAP contents if the user is logged in as the Directory Manager.
The LDAP objects are displayed in the form of a tree and all attributes of the entries in the form of a table.
The current status of the browser is displayed on the status bar. All status messages are displayed in black, warning messages in yellow and error messages in red.
The DN tree is expanded or collapsed by a double click on a node. With each selection change on a DN tree, attributes for the selected DN will be retrieved and displayed in the attribute table.
The attribute names and values displayed in the attribute table can be sorted in ascending order by clicking on the column names. To sort in descending order hold the shift key down while clicking on the column header.
To display pop-up menus over a tree or table select an entry or an attribute and then press the right mouse button.
The following functions work with multiple selections:
- On table:
- view attribute
- delete attribute
- edit attribute
- delete value
- On tree:
- delete entry
Also, most functions require a DN to be selected on the tree.
Configuration:
Holds host related information such as hostname, port, base dn, directory manger dn, password, etc.
- Default name: browser.config
- Command line: User can specify different config file using the command line switch in the following way: Browser -f config_name
- File format: option=value
Option | Description | Allowed values | Notes |
host | hostname | anything | |
port | port number | number | |
sslport | ssl port number | number | optional |
basedn | base dn | distinguished name | |
mangerdn | directory manger dn | distinguished name | |
password | directory manager password | anything | |
version | ldap version | 2, 3 (default) | |
autoconnect | automatic connection option | yes or no (default) | if set to yes, host, port, basedn must be specified |
mangerlogin | manger login option | yes or no (default) | if set to yes, managerdn and password must be specified |
timeout | time limit on a search | 0..n, 0 or not specified - no limit (default) | |
limit | number of results limit | 0..n, 0 or not specified - no limit (default) | |
managereferrals | manage referrals | yes or no (default) | |
supportsmovetree | directory supports move of a tree | yes or no (default) | |
derefaliases | sets the 'derefrence alias' option in the search command | [ never | always | search | find ] | never is the default |
deleteolddn | entry should either delete the old rdn when renaming the entry | yes or no | yes is the default |
sorttree | the sorting order of the DIT tree | [ ascending | descending | none ] | ascending is the default |
fixlocation | used for fixing the location of the windows on the screen. related to bugs in java | number | |
logsize | sets the buffer size of the error window | number | default is 2048 bytes |
popuperrorwindow | sets if the error window should popup on error. | [ yes | no ] | default no |
ldap.list.filter | ldap filter used to build the tree structure | any filter | default (objectclass=*) |
ldap.attributes.list | list of attributes to retreive on each read. useful for specifying the operational attributes (space separated) | * + | default (objectclass=*) |
ldap.fontname | font name | any valid font name | default Arial |
ldap.fontsize | font size | number | default 12 |
libtype | ldap sdk to use | jndi (default) or netscape | |
debug | debug mode | yes or no (default) |
Attributes configuration file:
Holds attribute properties information such as which attribute type and attribute editor to use.
- Default name: attributes.config
- Command line: Cannot specify different file from command line.
- File format: attribute=type [, editorname arg1 arg2 arg3... ]
where:
- attribute: attribute name. Must be lowercase.
- type: attribute type - string or binary.
- editorname: name of an editor - classname - must be accessible from classpath. It is optional. If editor is not specified or it failed to load a default editor will be used for the attribute type.
- arg1...argN: arguments passed to the editor (as a single string)
Shows all the selected attributes and values of the selected entry in a separate window. Each attribute is viewed with the default viewer for the value or the viewer specified in the attribute configuration file.
Shows all the attributes and values of the selected entry in a separate window. Each attribute is viewed with the default viewer for the value or the viewer specified in the attribute configuration file.
Refreshes the tree under the selected entry. Use this function if the tree structure has changed but the changes are not visible.
Displays an error log window with N last errors. Any errors encountered during ldap operations will be stored in the log.
Finds the DN on the tree. This function only works when the value of the selected attribute is a valid DN and can be found on the tree.
Searches the directory using a filter. A search window will appear. Enter the base dn of the search, filter, scope and optionally the attributes to return. If no attributes are specified, the dns of the returned entries will be displayed. Hit the search button to proceed.
The results are returned as a table of attributes. The results can be sorted by columns (just like the attribute table) by clicking on the column header. Sorting treats all values as strings and sometimes numerical data might not seem to be sorted correctly. If an attribute contains multiple values only one is shown. If the returned entry does not contain the specified attribute (the return attribute) 'N/A' will be displayed instead.
The following operations can be performed on the search results: (at least one entry must be selected to display the popup menu)
- Find DN
- finds the dn on the tree and selects it.
- Set DN
- takes the selected entry dn and sets it as new search base dn.
- View Entry
- views the selected entry
- Delete Entry
- deletes the selected entry or entries
- Edit Entry
- edits the selected entry
All the modifications must follow the LDAP rules, such as:
- cannot delete required attributes,
- cannot add attributes/objects without filling in the required attributes
- cannot use object classes that are not defined on the server side
- etc.
If an error occurs during LDAP modifications the detailed error message will be shown when you position the mouse over the status bar on the bottom of the browser window.
Deletes the selected attribute or attributes of the specified entry. The entry must first be selected on the tree. The confirmation box will appear. Press YES to proceed with removal.
This operation will remove the whole attribute with all its values even if only a single value is selected. Use the Delete Value function to remove just a single value of an attribute.
Deletes the selected value or values of the specified entry. The values can span across multiple attributes. The entry must first be selected on the tree. The confirmation box will appear. Press YES to proceed with removal.
Deletes the selected entry and all its children. The confirmation box will appear. Press YES to proceed with removal.
Attempts to duplicate a selected tree. Because of the way it is implemented it might fail as described in notes.
Attempts to rename a selected tree. Because of the way it is implemented it might fail as described in notes.
Deletes the selected entry or entries on the tree. A confirmation box will appear. Press YES to proceed with removal. This will only work if the entries have no children. To remove entries with children use the Delete Tree function.
Renames the selected entry on the tree. It only changes the name, not the base dn or prefix. An input window will appear asking for the new name. Enter just the name of the entry without prefix (e.g 'cn=') and suffix (e.g. 'ou=Airius.com'). Press RENAME to proceed with the change.
Creates a template from the selected entry on the tree. The template is later used to add new entries. A window asking for the template name will appear. Press SAVE to create the template file and add the template name under the Add Entry menu.
The template file contains a list of the attributes of the object it was created from. It is a simple text file and can be easily edited with any text editor.
The template file contains two sections: REQUIRED ATTRIBUTES and OPTIONAL ATTRIBUTES. To set the attribute as required or optional move the attribute name to the appropriate section. To set the attribute type edit the attribute configuration file (see attribute configuration section)
Notes:
- When the template is created all attributes are placed in the optional section by default.
- This version of LDAP Browser/Editor does not check for required attributes.
Allows modification of the currently selected entry. An editor window will appear. Each attribute will be edited with either the default editor for the attribute's value or the specific editor as specified in the attribute configuration file.
It is possible to add additional values to an attribute or to delete them by right clicking on the attribute label. (it will highlight when the mouse is over it). It is also possible to add additional attributes in the same manner. Press APPLY to update the entry.
Allows modification of the currently selected attributes of an entry. It works in a similar manner to the Edit Entry function except no new attributes can be added.
Allows addition of new entries to the directory. It uses object templates created by the Create Template function. It only works when at least one template has been created.
When the template name is selected, an editor window with all the attributes for that entry will be displayed. Fill in the required fields and press APPLY to proceed. If the entry is successfully created, it will be shown and selected on the tree.
Values for the attributes can be added or removed by clicking on the attribute label.
Allows addition of a single attribute to the selected entry on the tree. It is necessary to entry the attribute name, specify the attribute type and then fill in values for the attribute.
First, a window prompting for the attribute name and type will appear. Enter the attribute name and select if this attribute should be treated as a string or as a binary. Press OK to continue. Next, an editor window will appear with the attribute name and a single value. To add or remove additional values right click on the attribute label. Press APPLY to add.
If the attribute type is set to binary, it will automatically be added to the attributes configuration file.
Also, if the attribute was previously set in the attributes configuration file to be of a different type or to use a different editor, the current settings will be ignored and previous ones used.
Note: If the attribute already exists in the entry it will overwrite the current values.
The Browser supports a simplified version of the LDIF file format. For example, it does not support 'changetypes'. All binary attributes will be Base64 encoded.
This function saves the selected entry or entries into a LDIF file. Depending on the option chosen only the selected entry will be saved, or the entries below this entry (one level scope) or the entire tree below this entry (sub tree scope).
This function reads entries from a LDIF file and updates or inserts them into the ldap directory. When inserting and the imported entries already exist in the directory, an appropriate error message will be produced and the entries will be skipped.
Viewers/Editors
Viewers/Editors are used to view and/or edit contents of attributes. They either work with string or binary data. Currently the browser contains the following viewers/editors:
Built-in:
- DefaultEditor - for editing any string values
- BinaryEditor - for editing any binary values
- ImageEditor - for displaying JPEG and GIF images.
Extensions:
- SoundEditor - for playing sounds
- CertificateEditor - for displaying X.509 certificates
DefaultEditor is basically a textbox used to edit string values. It is the default editor for any string values.
BinaryEditor is a panel that displays the size of the value of an attribute and contains a 'save as' button. It also contains an 'insert from' button when editing the attribute. The 'save as' button saves the current value in a specified file and the 'insert from' button loads the new value from a given file. This editor is the default editor for any binary values.
ImageEditor displays JPEG or GIF files. It is an extension of the BinaryEditor and depending on the settings it adds an additional button to the panel or displays the image in the panel. By default, the editor adds a 'view' button that displays the image in a separate window when pressed. If the '-autoview' argument is specified, the editor will display the image in the panel automatically. Also, it is possible to resize or scale the image. The switch '-s <value in %>' will scale the image by the specified percentage. The set of switches '-w <width> -h <height>' will resize the image to the specified width and height. Resizing or scaling is a computational intensive process.
ImageEditor arguments syntax:
ImageEditor [-autoview] [ [-s <value>] or [-h <height> -w <width> ] ]
SoundEditor plays sound files such as WAV, AU, AIFF, RMF and MIDI TYPE 0 and 1. It works only with Java 1.2. SoundEditor is an extension of the BinaryEditor. It adds an additional 'play' button to the panel.
CertificateEditor displays the X.509 certificate information. It is also an extension of the BinaryEditor and requires Java 1.2. It adds a 'view' button that displays the certificate info in a separate window. By default, the editor displays the significant parts of the certificate such as the certificate version, issuer DN, subject DN, validation days, key, and algorithm. To display all the info in raw form specify the '-raw' argument.
CertificateEditor arguments syntax:
CertificateEditor [-raw]
No comments:
Post a Comment