Saturday 8PM: “McNulty: LDAP Consultant.” Jaye McNulty, ex-pastry chef, continuously thwarts major LDAP security threats in global corporations. Tonight’s episode: “Corporation in Fear” has our hero and her assistant/off-hours nutritionist Tom-Bob fighting DIP (Data is Power)’s scheme to limit corporate directory searches to queries for area codes. That action-packed drama, “McNutly: LDAP Consultant,” is unlikely […]
Saturday 8PM: “McNulty: LDAP Consultant.” Jaye McNulty, ex-pastry chef,
continuously thwarts major LDAP security threats in global
corporations. Tonight’s episode: “Corporation in Fear” has our hero
and her assistant/off-hours nutritionist Tom-Bob fighting DIP (Data is
Power)’s scheme to limit corporate directory searches to queries for
area codes.
That action-packed drama, “McNutly: LDAP Consultant,” is unlikely
to be showing on TV any time soon. However, many business users do
need to understand the mysteries of corporate data. In the last of our
six articles on LDAP search, we will review the search capabilities of
three LDAP browsers: LDP, Coral Directory and JXplorer. All of the
browsers reviewed have features that appeal all levels of users —
novices as well as knowledgeable gurus. And finally, after all the
practical discussions about LDAP search engines, we will provide a
fast pass at the features we would like to see in our ideal
browser. Who knows? there may be some reader or future vendor ready to
make it happen!
An Unlikely Pair: LDP and Coral Directory
Microsoft’s Active Directory Administration tool, LDP, is an Active
Directory browser packaged with Windows XP, 2000, and 2003 Server
CDs. Be forewarned — the XP version is stripped down compared to the
2xxx version. Still, it is useful enough to perform most directory
operations. The product has been available since 1996 making it one
of the oldest LDAP browsers still in existence. We used the 3.0
version for testing. LDP and many other useful utilities are found in
the CD’s SupportTools directory.
For XP and 2003, double-click suptools.msi to initiate the
install. For Windows 2000, double-click setup.exe as
Administrator to install the entire Support Tools set. See the
following Knowledge Base articles for more details on the
installation:
Even though LDP supports the latest Active Directory features (a
series in itself), it can also be used as a workhorse LDAP
Browser. Note that LDP was designed for Windows 2xxx Administrators
and not typical users. This may explain why the only assistance
provided is a modest Word help document included on the CD. Unlike
most Microsoft products, there are no help files within the LDAP
browser itself. However, the venerable Microsoft Knowledge Base yields
these gems packed with useful information:
Like many Microsoft utilities, LDP is usually started from the DOS
command line. Once started, the LDP Utility appears with a menu and a
blank screen. From the File menu, select “Connection”. The connection
dialog box then appears. You may then enter the server/port or re-use
the last one. Unfortunately, there is no means to save multiple
profiles. Messages will then appear in the Result Window, which is
located on the right three-quarters of the screen. These messages are
the ROOT DSE record specific entry. DSE stands for DSA or X.500-speak
for directory server. This will tell you about your session and some
information about your directory (such as server controls supported,
the parent object classes (the abstract classes) etc). Select “Bind”
from the “Connection” menu if you need to authenticate with a user
id. The dialog box supports name, password and NT/Active Directory
Domain. Clicking on the “Advanced” button allows selection of
authentication types and methods. Once in the directory, you may
change options for bind, search, pending, controls, many different
connection options, sort keys, and font.
Use “Tree” under the View menu to view the entire LDAP
tree. The tree will appear in the left half of the screen. To start a
search, do any of the following: press Control- S, Select Search from
the Browse menu, or right click on the desired level in the directory
tree then select “Search.” Once in the search window, you may
specify search base, search filter in parentheses, and search
scope. Other options may be specified at run time. A serious drawback
to the program is that the program does not support any way search
filter to saveing a search filter. The search results appear in the
right half of screen. The only way to save these results is to cut and
paste. The product sorely needs a built-in LDIF export. Knowledge Base
255602 talks about using a the separate cumbersome but powerful LDIFDE
command line utility. LDP includes other features such as
administration capabilities, virtual list view, compare, get last
error, extended operations, a large integer converter utility, and, of
course, lots of Active Directory goodies.
Overall, LDP is a good LDAP browser, but it is clearly meant for
Active Directory administrators rather than general users. In its
favor is the large installed base of Windows 2xxx/XP, so it is probably
freely available at your company. If some of the missing features are
important to you, then consider one of the other browsers discussed in
the series.
Continued on Page 2: Considering Coral Directory and JExplorer
Continued From Page 1
Yet another LDAP Browser – Coral Directory
Coral Directory is a new LDAP Browser that bears close watching. Hans
Maeda, the author, is actively working on the application. There were
four updates in March alone. It is available as freeware in the United
States and as shareware in Japan. The software explicitly supports
Open LDAP and Sun/iPlanet Directory. The Current release is 1.32331.
Coral Directory uses Flat Buttons and Menus to get you to the
appropriate functions. The Configure tab allows you to store
and reuse vendor and user supplied configurations. Press the Connect
(pine tree icon) at the bottom right to bind. A floating message
window pops up during your session. Other Flat Buttons in the current
version include edit, administration (including backup and recovery),
schema view and help.
Coral’s directory search offers the most comprehensive combination
we’ve seen so far for all classes of users. It includes a pull-down on
attribute, condition and value. The only thing missing is handling of
multiple conditions (such as AND,OR,NOT). Hans Maeda (who has been
reading this series) has plans to add the following features in future
releases:
These features should be available in the coming months.
Other Flat Buttons in the current version include edit,
administration (including backup and recovery), schema view and help.
Since this product is still very much a work in progress, there are
a number of minor issues that will most likely be addressed in the
coming months. The application is in need for a true installer, it is
not intuitive to create and save a new connection, we had to scroll up
to see text for some windows, and there were sporadic DLL error
messages in earlier releases. These are all minor compared to the
overall positive user experience. Although this admittedly is not a
finished product, it shows promise as a powerful and flexible browser
when completed.
JXplorer – Sheer Power for the Masses
Space does not allow us to do justice to this product. JXplorer
was originally sold as part of Computer Associate’s eTrust Directory
package. However, it was recently donated and transformed into an open
source offering instead. It was created using Java and runs on
Windows, Solaris, Linux, and OS390.
To create a configuration, you can enter the standard information in a
default or DSML template (server name, user id, a rich list of
authentication types, etc). Then click OK and your session begins.
What makes Jxplorer unique is that it has two types of searches:
Jxplorer has an incredibly rich feature list. The following are
just a few samples from the incredibly rich feature list:
This product has many features that will appeal to novices, but other
advanced features that may be seen scare them away. A novice
administrator might easily wipe out a crucial operation with tree
operations. (Luckily, the default is safety mode, in which the user
has to confirm tree operations.) Other concerns are that multiple
configurations are not easy to save, the help functions are not
context-sensitive, and the error/status messages are not useful or
understandable.
JXEplorer is an extremely powerful directory that offers some useful
and unique features. In its favor, it offers more customization
capabilities than many of its counterparts. We hope that it continues
to be enhanced for some time to come. If it continues to be developed
by the open source community, it has the potential to be a very
powerful LDAP tool.
Continued on Page 3: Our LDAP Browser Wishlist
Continued From Page 2
Our Ideal Directory Browser
Having looked at all of the major LDAP browsers, we thought we would
share our first thoughts about the features we’d like to see in our
ideal LDAP directory browser:
None of the current offerings that were reviewed for this article were
close to having even a fraction of the featured listed above. This
list is just a starting point for a dialogue about the features that
are important to include in a powerful LDAP search tool. We plan to
continue enhancing this list. We welcome your thoughts on this
as well.
Conclusions
After six articles and looking at many multiple browsers and LDAP
search tools, hopefully you now have enough information to get you
started using LDAP Search and browser applications. Even though LDAP
search can be a powerful and useful tool for accessing distributed
directory information, there is still much work to be done to perfect
the available tools. We will continue to review products as they
become available in this rapidly evolving area, and write down our
thoughts on what to look for in an LDAP browser.. Some of these likely
will be found here as well as under the tutorial section of ldapguru.net. Keep watching these
spaces!
With the rise in E-business, the need for better network identity and
single sign-on will continue to grow. These tools will become
increasingly important in helping to shape how companies do business
in the twenty-first century. For now, happy LDAP searching! May all
your LDAP searches be as rewarding as you desire them to be.
Additional Resources
RFCs
LDAP Public Directories
Overview
Microsoft Active Directory Admin Tool (Knowledge Base
Articles)
Coral Directory
JXplorer
Beth Cohen is president of Luth Computer Specialists, Inc., a consulting practice specializing in IT infrastructure for smaller companies. She has been in the trenches supporting company IT infrastructure for over 20 years in different industries including manufacturing, architecture, construction, engineering, software, telecommunications, and research. She is available for consulting to help your company identify the right IT infrastructure to meet your business objectives.
Hallett German is launching Alessea Consulting — focusing on network identity, electronic directories/IT, and business development consulting. He has 20 years experience in a variety of IT positions and in implementing stable infrastructures. Hal is the founder of the Northeast SAS Users Group and former President of the REXX Language Association. He is the author of three books on scripting languages. He would welcome the opportunity to solve your network identity, directory, IT and business challenges.
Enterprise Networking Planet aims to educate and assist IT administrators in building strong network infrastructures for their enterprise companies. Enterprise Networking Planet contributors write about relevant and useful topics on the cutting edge of enterprise networking based on years of personal experience in the field.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
