From Java CoG Kit

THIS PAGE IS UNDER CONSTRUCTION

The current page is still maintained at http://www-unix.mcs.anl.gov/~gawor/ldap/index.html

NOT YET INCLUDED

ttp://www-unix.mcs.anl.gov/~gawor/ldap/demo.html

yesnds1.gif (3352 bytes)

The LDAP Browser/Editor provides a user-friendly Windows Explorer-like interface to LDAP directories with tightly integrated browsing and editing capabilities. It is entirely written in Java with the help of the JFC (SwingSet) and JNDI class libraries. It connects to LDAP v2 and v3 servers.

Contents 1 INSTALLATION 2 FEATURES 3 Features: 4 NEWS 5 MANUAL 5.1 Introduction 5.2 Configuration 5.3 Attributes configuration file 5.4 General functions 5.4.1 View Attribute 5.4.2 View Entry 5.4.3 Refresh 5.4.4 Show error log 5.4.5 Find DN 5.4.6 Search 5.4.7 Directory Manager functions 5.4.8 Delete Attribute 5.4.9 Delete Value 5.4.10 Delete Tree 5.4.11 Copy Tree 5.4.12 Rename Tree 5.4.13 Delete Entry 5.4.14 Rename Entry 5.4.15 Create Template 5.4.16 Edit Entry 5.4.17 Edit Attribute 5.4.18 Add Entry 5.4.19 Add Attribute 5.5 LDIF Functions 5.5.1 Export 5.5.2 Import 5.6 Viewers/Editors 5.6.1 Built-in 5.6.2 Extensions 5.6.3 DefaultEditor 5.6.4 BinaryEditor 5.6.5 ImageEditor 5.6.6 ImageEditor arguments syntax 5.6.7 SoundEditor 5.6.8 CertificateEditor 5.6.9 CertificateEditor arguments syntax 6 NOTES 6.1 VLV support 6.2 Browserissues

INSTALLATION

Installation Instructions LDAP Browser/Editor requires Java 1.2.2 or greater. Assuming Java is installed on your system follow these simple steps to run LDAP Browser:

1. Download and unpack the archive (it extracts into 'ldapbrowser' directory)
2. On a Windows machine, double-click on browser.jar to run the browser. If on a UNIX machine or if the above step failed do the following:
   1. If needed, modify lbe.bat (for Win9x/NT) or lbe.sh (for UNIX) with your Java settings.
   2. Run the browser by executing 'lbe.bat' on a Windows machine or 'lbe.sh' on an UNIX box.

FEATURES

What's new in 2.8.1?

• Improved SSL integration (allows for automatic detection of the missing CA certificates)
• Improved DnD and copy-and-paste interface.
• A number of bug fixes and UI improvements.
• A couple of new attribute editors/viewers (e.g. ExtBinaryEditor allows for launching external programs to view the contents of an attribute, e.g. certificates)

Features:

   * Browsing, searching and editing of the DIT.
         o Browsing
               + easy navigation through the hierarchical DIT
               + viewing of entries' contents
         o Editing
               + adding, removing, modifying and editing of a single entry or an attribute
               + copying, renaming, deleting, and moving entries or entire sub trees in DIT
         o Searching
               + search results can be saved into an LDIF file
   * LDIF support. Entire trees and single entries can be easily exported to and imported from LDIF.
   * Object templates. Object templates are used for creating and adding new entries. The templates can be manually or automatically (from existing entries) created.
   * Binary value support. Attribute contents can be saved or loaded from a file.
   * LDAP v3 aware. Handles and manages referrals, allows for specifying and displaying operational attributes and also for retrieving the naming contexts from the server root DSE.
   * SSL support.
   * Drag and drop, copy-and-paste interface. Allows for copying and pasting or dragging and dropping entries or attributes between multiple instances or within a single instance of the browser.
   * Named sessions. Allows for working with LDAP severs with different configurations.
   * Attribute viewers/editors. Each attribute can be associated with a particular viewer/editor that helps to display/edit the contents of the attribute in a specific manner.
         o Built-in viewers:
               + CertificateViewer for displaying certificate information
               + ImageViewer for displaying any gif or jpg images
               + PasswordEditor for verifying and generating MD5, SHA and Unix Crypt passwords
         o Custom viewers:
               + can be written by users and easily plugged-in into the browser
   * Applet support. The browser can be ran as a singed or unsigned applet within a web browser.

NEWS

• April 25th, 2001 - LDAP Browser/Editor 2.8.2 beta II is now available for download. It is mainly a maintenance release containing bug fixes, enhancements, and various optimizations. Beta II has improved UTF8 support, and provides multiple window interface (multiple ldap sessions) Please see the release notes for a complete list of changes.

• January 30th, 2001 - LDAP Browser/Editor 2.8.1 released. It is a maintenance release containing a number of bug fixes and improvements. One of the improvements is better integration with the SSL protocol. For example, the configuration of SSL is now much easier and the Browser is able to automatically detect the missing CA certificates of the server. Also, the DnD and the copy-and-paste interface was updated to allow copying of a DN of an entry into an attribute of another entry, thus, allowing for example, adding a user to a group, or even creating a v3 referral. Please see the release notes for a complete list of changes.

• September 14, 2000 - LDAP Browser/Editor 2.8 final released. It mainly consists of fixes for bugs found in the beta versions. It also introduces a couple of minor modifications and improvements such as key accelerators for the most common functions. In addition, this version contains an executable jar file that can be used to start the browser. The user just needs to double-click on the browser.jar file. This feature, however, will only work on Windows platforms.

• July 26, 2000 - LDAP Browser/Editor 2.8 beta II released. It contains a couple of new enhancements such as a new certificate viewer, and a new connect window with a session list. Also the updated password viewer/editor is now able to generate and verify MD5, SHA and Unix Crypt passwords! A few minor bugs were also fixed.

• June 1, 2000 - LDAP Browser/Editor 2.8 beta released! Lots of updates and new advanced features such as support for v3 referrals and SSL. The interface was also updated to support drag and drop, and copying and pasting between multiple browsers. It also contains a password viewer/editor that is able to generate and verify SHA passwords.

• September 17, 99. LDAP Browser/Editor 2.7 awarded Best Student Application in the Novell Developers’ Contest!

• July 10, 99. LDAP Browser/Editor version 2.7 released. It contains bug fixes and small GUI enhancements. Users are now able to save and load configuration files directly from the Browser. Also, a test version with Virtual List View support is available for ownload.

• May 12, 99. LDAP Browser/Editor version 2.6 released. It has two new major features: LDIF file importing/exporting and dn tree copy/rename. Plus it contains a number of various updates such as tree sorting, error logging, and gui enhancements. One unique function also allows to automatically retrieve dn context from v3 ldap servers with only hostname and port number specified.

• Jan 25, 99. LDAP Browser/Editor version 2.5 released. It introduced many new features and various improvements including searching, tree deleting, refreshing and on-line help. Also, it contained lots of GUI updates, pop-up menus, and sortable attribute tables. The 2.5 version added binary attribute support with the ability to save and insert values from files. It also added the ability to customize attributes' editors/viewers and use them to display the contents of the attributes! For example, the attribute 'myphoto' could be set to use the ImageEditor viewer to display the images right there from the Browser! It could do the same for sound or certificate attributes

MANUAL

Introduction

The LDAP Browser/Editor allows users to view the items stored in a LDAP directory in an hierarchical manner. It also allows modifications of the LDAP contents if the user is logged in as the Directory Manager.

The LDAP objects are displayed in the form of a tree and all attributes of the entries in the form of a table.

The current status of the browser is displayed on the status bar. All status messages are displayed in black, warning messages in yellow and error messages in red.

The DN tree is expanded or collapsed by a double click on a node. With each selection change on a DN tree, attributes for the selected DN will be retrieved and displayed in the attribute table.

The attribute names and values displayed in the attribute table can be sorted in ascending order by clicking on the column names. To sort in descending order hold the shift key down while clicking on the column header.

To display pop-up menus over a tree or table select an entry or an attribute and then press the right mouse button.

The following functions work with multiple selections:

• On table:
  • view attribute
  • delete attribute
  • edit attribute
  • delete value
• On tree:
  • delete entry

Also, most functions require a DN to be selected on the tree.

Configuration

Browser configuration file:

Holds host related information such as hostname, port, base dn, directory manger dn, password, etc.

• Default name: browser.cfg
• Command line: User can specify different config file using the command line switch in the following way: Browser -f config_name
• File format: option=value

Option	Description	Allowed values	Notes
host	hostname	anything
port	port number	number
basedn	base dn	anything
mangerdn	directory manger dn	anything
password	directory manager password	anything
version	ldap version	2 (default), 3
autoconnect	automatic connection option	yes or no (default)	if set to yes, host, port, basedn must be specified
mangerlogin	manger login option	yes or no (default)	if set to yes, managerdn and password must be specified
timeout	time limit on a search	0..n, 0 or not specified - no limit (default)
limit	number of results limit	0..n, 0 or not specified - no limit (default)
libtype	ldap sdk to use	jndi (default) or netscape
debug	debug mode	yes or no (default)
logisze	size of error log	10240 if not specifed (default)
fixlocation	fixes windows position	not specifed (default) used for virtual window managers

Attributes configuration file

Holds attribute properties information such as which attribute type and attribute editor to use.

• Default name: attributes.config
• Command line: Cannot specify different file from command line.
• File format: attribute=type [, editorname arg1 arg2 arg3... ]
  • attribute: attribute name. Must be lowercase.
  • type: attribute type - string or binary.
  • editorname: name of an editor - classname - must be accessible from classpath. It is optional. If editor is not specified or it failed to load a default editor will be used for the attribute type.
  • arg1...argN: arguments passed to the editor (as a single string)

General functions

View Attribute

Shows all the selected attributes and values of the selected entry in a separate window. Each attribute is viewed with the default viewer for the value or the viewer specified in the attribute configuration file.

View Entry

Shows all the attributes and values of the selected entry in a separate window. Each attribute is viewed with the default viewer for the value or the viewer specified in the attribute configuration file.

Refresh

Refreshes the tree under the selected entry. Use this function if the tree structure has changed but the changes are not visible.

Show error log

Displays an error log window with N last errors. Any errors encountered during ldap operations will be stored in the log.

Find DN

Finds the DN on the tree. This function only works when the value of the selected attribute is a valid DN and can be found on the tree.

Search

Searches the directory using a filter. A search window will appear. Enter the base dn of the search, filter, scope and optionally the attributes to return. If no attributes are specified, the dns of the returned entries will be displayed. Hit the search button to proceed.

The results are returned as a table of attributes. The results can be sorted by columns (just like the attribute table) by clicking on the column header. Sorting treats all values as strings and sometimes numerical data might not seem to be sorted correctly. If an attribute contains multiple values only one is shown. If the returned entry does not contain the specified attribute (the return attribute) 'N/A' will be displayed instead.

The following operations can be performed on the search results: (at least one entry must be selected to display the popup menu)

• Find DN
  • finds the dn on the tree and selects it.
• Set DN
  • takes the selected entry dn and sets it as new search base dn.
• View Entry
  • views the selected entry
• Delete Entry
  • deletes the selected entry or entries
• Edit Entry
  • edits the selected entry

Directory Manager functions

All the modifications must follow the LDAP rules, such as:

• cannot delete required attributes,
• cannot add attributes/objects without filling in the required attributes
• cannot use object classes that are not defined on the server side
• etc.

If an error occurs during LDAP modifications the detailed error message will be shown when you position the mouse over the status bar on the bottom of the browser window.

Delete Attribute

Deletes the selected attribute or attributes of the specified entry. The entry must first be selected on the tree. The confirmation box will appear. Press YES to proceed with removal.

This operation will remove the whole attribute with all its values even if only a single value is selected. Use the Delete Value function to remove just a single value of an attribute.

Delete Value

Deletes the selected value or values of the specified entry. The values can span across multiple attributes. The entry must first be selected on the tree. The confirmation box will appear. Press YES to proceed with removal.

Delete Tree

Deletes the selected entry and all its children. The confirmation box will appear. Press YES to proceed with removal.

Copy Tree

Attempts to duplicate a selected tree. Because of the way it is implemented it might fail as described in notes.

Rename Tree

Attempts to rename a selected tree. Because of the way it is implemented it might fail as described in notes.

Delete Entry

Deletes the selected entry or entries on the tree. A confirmation box will appear. Press YES to proceed with removal. This will only work if the entries have no children. To remove entries with children use the Delete Tree function.

Rename Entry

Renames the selected entry on the tree. When connected to ldap server v2 only the dn name can be changed. When connected to ldap v3 the whole dn can be changed. An input window will appear asking for the new name or dn. Press RENAME to proceed with the change.

Create Template

Creates a template from the selected entry on the tree. The template is later used to add new entries. A window asking for the template name will appear. Press SAVE to create the template file and add the template name under the Add Entry menu.

The template file contains a list of the attributes of the object it was created from. It is a simple text file and can be easily edited with any text editor.

The template file contains two sections: REQUIRED ATTRIBUTES and OPTIONAL ATTRIBUTES. To set the attribute as required or optional move the attribute name to the appropriate section. To set the attribute type edit the attribute configuration file (see attribute configuration section)

Notes:

• When the template is created all attributes are placed in the optional section by default.
• This version of LDAP Browser/Editor does not check for required attributes.

Edit Entry

Allows modification of the currently selected entry. An editor window will appear. Each attribute will be edited with either the default editor for the attribute's value or the specific editor as specified in the attribute configuration file.

It is possible to add additional values to an attribute or to delete them by right clicking on the attribute label. (it will highlight when the mouse is over it). It is also possible to add additional attributes in the same manner. Press APPLY to update the entry.

Edit Attribute

Allows modification of the currently selected attributes of an entry. It works in a similar manner to the Edit Entry function except no new attributes can be added.

Add Entry

Allows addition of new entries to the directory. It uses object templates created by the Create Template function. It only works when at least one template has been created.

When the template name is selected, an editor window with all the attributes for that entry will be displayed. Fill in the required fields and press APPLY to proceed. If the entry is successfully created, it will be shown and selected on the tree.

Values for the attributes can be added or removed by clicking on the attribute label.

Add Attribute

Allows addition of a single attribute to the selected entry on the tree. It is necessary to entry the attribute name, specify the attribute type and then fill in values for the attribute.

First, a window prompting for the attribute name and type will appear. Enter the attribute name and select if this attribute should be treated as a string or as a binary. Press OK to continue. Next, an editor window will appear with the attribute name and a single value. To add or remove additional values right click on the attribute label. Press APPLY to add.

If the attribute type is set to binary, it will automatically be added to the attributes configuration file.

Also, if the attribute was previously set in the attributes configuration file to be of a different type or to use a different editor, the current settings will be ignored and previous ones used.

Note: If the attribute already exists in the entry it will overwrite the current values.

LDIF Functions

The Browser supports a simplified version of the LDIF file format. For example, it does not support 'changetypes'. All binary attributes will be Base64 encoded.

Export

This function saves the selected entry or entries into a LDIF file. Depending on the option chosen only the selected entry will be saved, or the entries below this entry (one level scope) or the entire tree below this entry (sub tree scope).

Import

This function reads entries from a LDIF file and updates or inserts them into the ldap directory. When inserting and the imported entries already exist in the directory, an appropriate error message will be produced and the entries will be skipped.

Viewers/Editors

Viewers/Editors are used to view and/or edit contents of attributes. They either work with string or binary data. Currently the browser contains the following viewers/editors:

Built-in

• DefaultEditor - for editing any string values
• BinaryEditor - for editing any binary values
• ImageEditor - for displaying JPEG and GIF images.

Extensions

• SoundEditor - for playing sounds
• CertificateEditor - for displaying X.509 certificates

DefaultEditor

DefaultEditor is basically a textbox used to edit string values. It is the default editor for any string values.

BinaryEditor

BinaryEditor is a panel that displays the size of the value of an attribute and contains a 'save as' button. It also contains an 'insert from' button when editing the attribute. The 'save as' button saves the current value in a specified file and the 'insert from' button loads the new value from a given file. This editor is the default editor for any binary values.

ImageEditor

ImageEditor displays JPEG or GIF files. It is an extension of the BinaryEditor and depending on the settings it adds an additional button to the panel or displays the image in the panel. By default, the editor adds a 'view' button that displays the image in a separate window when pressed. If the '-autoview' argument is specified, the editor will display the image in the panel automatically. Also, it is possible to resize or scale the image. The switch '-s <value in %>' will scale the image by the specified percentage. The set of switches '-w <width> -h <height>' will resize the image to the specified width and height. Resizing or scaling is a computational intensive process.

ImageEditor arguments syntax

ImageEditor [-autoview] [ [-s <value>] or [-h <height> -w <width> ] ]

SoundEditor

SoundEditor plays sound files such as WAV, AU, AIFF, RMF and MIDI TYPE 0 and 1. It works only with Java 1.2. SoundEditor is an extension of the BinaryEditor. It adds an additional 'play' button to the panel.

CertificateEditor

CertificateEditor displays the X.509 certificate information. It is also an extension of the BinaryEditor and requires Java 1.2. It adds a 'view' button that displays the certificate info in a separate window. By default, the editor displays the significant parts of the certificate such as the certificate version, issuer DN, subject DN, validation days, key, and algorithm. To display all the info in raw form specify the '-raw' argument.

CertificateEditor arguments syntax

CertificateEditor [-raw]

NOTES

Notes (mostly for 2.7) General

• VLV support
• Browser issues
• Running with Netscape LDAP Java SDK
• Problems with launching Browser
• Modifications of 'runnit' scripts

VLV support

The 2.8 version does not support VLV control at this point. To enable Virtual List View controls support on 2.7 VLV version of the LDAP Browser edit the browser.cfg file and add following lines:

usevlv=yes vlvsize=20

usevlv enables virtual list view controls, and vlvsize defines the list size.

The Browser will use the VLV control whenever it's connected to LDAP v3 server and the server supports this control.

Notes: In some cases, you may need to bind as a non-anonymous user to actually use VLV.

Browserissues

• LDIF Import/Export

The Browser only supports 'simplified' type of LDIF file format. It does not support 'changetypes'

• Tree Copy/Rename (2.7 only)

This functionality is very tricky and might not work in some cases at all. During this operation, the Browser searches though each attribute of an entry for the old dn reference and replaces it with a new dn. The occurrence in the attribute must match exactly the old dn to be replaced, if not it will be ignored. e.g. "o=globus, c=us" vs. "o=globus,c=us" (Note the space between comma and 'c=us') In this case, even though the dns are the same the operation will fail. Alternatively, the same functionality can be achieved through the LDIF operations: export the dn tree to a file, modify the file and entries as needed and import it back.

• Fetch DN (in Connect Window)

This function automatically retrieves the DN context(s) from a ldap server with only host name and port number specified. This function only works with ldap v3 servers.

Running the Browser with Netscape LDAP Java SDK

This only applies to LDAP Browser/Editor version 2.7. To configure the browser to use Netscape LDAP libraries follow these steps:

1. Download the LDAP SDK from Netscape and put the jar files found in the 'packages' directory into the 'browser\lib' directory. 2. Modify the runnit script to include the extracted jar in the classpath. 3. Add or modify the line in the browser.config file to read 'libtype=netscape' 4. Run it.

Problems with running the Browser

• 'Can't find class Browser' error

If you get the following error message: Can't find class Browser you can try two things to fix it. Try the first one first and if that does not work try to other one.

Sol. 1: Unpack the Browser.jar file

Unpack: jar xvf Browser.jar

Modify following line in the runnit script

   EXEC='Browser.jar Browser' 
   to:
   EXEC=' Browser'
         ^ 
         the space is important.

Sol. 2: Recompile the Browser

Download the source code and recompile it in your environment.

• 'Out of environment space' error

That usually happens on Windows 95/98 machines. To fix this try following: go to Start -> MSDOS Prompt (Properties) -> Memory -> Initial enviornment and change this value from 'auto' to 4096. Try to run the browser again.

Modification of 'runnit' scripts

Edit runnit script and modify the following lines to reflect your Java settings.

For Java 2, edit JAVA_HOME variable, e.g:

• Unix:

         JAVA_HOME=/sandbox/jdk1.2

• Windows:

         set JAVA_HOME=c:\jdk1.2