Lisa Baquina, a Unix system administrator for a small company in the Northeast, was feeling good about her LDAP implementation. She had added human resources, asset, and detailed global partner information to the corporate directory, despite budget cuts and limited resources.
Then disaster struck. The company president requested a complex report on the firm’s international business partners in anticipation of an upcoming meeting with a large potential client with global presence. Her corporate LDAP browser could not handle international characters. How was she going to deliver the required report without a proper tool?
Softerra and CodeMerc to the rescue! Both of these products are LDAP browsers that leave most ordinary browser tools in the dust. Designed with capabilities and features with the power user in mind, they have enough user friendliness to appeal to all types of LDAP users.
In the previous article, we discussed some of the more popular LDAP browsers currently available. In this fifth in a series of six articles on LDAP search, we will quickly review LDAP search technology, and then evaluate Softerra and CodeMerc, two powerful LDAP browsers with advanced search capabilities.
In case you may have forgotten, here is a bullet list of the key take-away points from previous articles in the series.
- LDAP searches, like other database search queries, are tools to allow users to access the information in an LDAP directory in a usable form.
- LDAP searches can be performed through e-mail, Web browsers, or command line interfaces.
- If you need more features and flexibility, then you should be using LDAP browsers for your searches.
- Most LDAP Browsers have common features across products. These include access and bind, export, anonymous access, set search scope, specify other parameters, and more.
LDAP Browsers for Power Users
Now that you have gotten reoriented to the LDAP search tools and what they can do for you, we will take a closer look at two powerful and popular LDAP browsers.
Softerra Directory Browser
Softerra is an offshore development company based in the Ukraine. Somewhere along the way, they released LDAP-compliant products that are available to the public. One of these products is the free Directory Browser currently at release 2.5.3. For those who need to perform LDAP administration tasks, there is an LDAP Administrator as well. Release 3.0 is available for a 30-day demo and costs $215.
Accessing the Softerra browser is straightforward. Select Softerra LDAP Browser from the Program Manager menu. Then click on the Softerra LDAP Browser version_number icon. The four-part browser window then appears on your screen.
- Tree View (Top Left) – On starting, Tree View will display the list of vendor- and user- supplied directory configurations. Once you complete your search query, it will show the various levels of the directory tree including record names.
- List View (Top Right) – On starting, List View will display a more detailed list of directory configurations. After a search query, it will display the record details.
- Output Window (Bottom) – This window displays easy-to-understand messages about user LDAP operations such as bind and search.
- Status window (Bottom – below output window) – This window gives a one line status summary of your LDAP Operations
If you are not satisfied with the pre-configured directory profiles, you can quickly create your own in a variety of ways. Either right-click on the Browser Root icon that appears in the List View window, press Control-N keys, or Select “New Profile” from the “File” menu. Many of the defaults are already selected and unless you are doing something very complex, you should not need to change them. There is also a check box to enable/disable anonymous logins.
If you are already comfortable with LDAP syntax, feel free to try out the features under the advanced tab. Softerra contains some useful features missing in most browsers including the following:
- View the Server Monitor information – If supported, it could be useful in debugging certain problems and providing a clue to general server health. This may include server version, last time started, total connections since starting, back-end database status, current connections and more. If supported, the processes will usually use the application id of cn=monitor. Note that because Monitor is not part of the LDAP standard and is supported only by a few vendors: Sun/Iplanet/Netscape, OpenLDAP, and the original University of Michigan distribution among others.
- Select server and client controls – This feature displays the list of server and client controls that are supported and enabled by your LDAP server/browser. These controls are used to extend the functionality of your LDAP server/browser beyond the standard features. These are displayed in OID (Object Identifier format.) For example, 2.16.840.1.1137126.96.36.199 is a control for Persistent Search. Knowing this information could be useful in problem-solving a bad search query.
- Attributes to Display – Specify which attributes to return including operational attributes.
- Schema Properties – This extremely handy utility shows attribute types, object classes, and matching rules for the specified directory. This is useful in determining the right object class/attribute to search.
To initiate a search either select the Tools Directory Search, press the Control-F keys, click on the binoculars icon on top, or right-click at the appropriate level in the directory tree. Whatever approach is used to initiate the query, the next step is to enter the search criteria in the dialog box. A very handy feature is the capability to easily recall past choices for search base, search filter (default is all object classes), and attributes returned (default is all). After the search is started, the results are displayed in the lower half of the search dialog box. The results can then be saved in XLS, TXT, CSV, or HTML formats. All of these formats support either UNICODE or UTF8 for international characters, so poor Lisa can deliver that report to her boss without a problem.
Space allows us to just mention just a few of this browser’s other valuable features: Schema Viewer, Favorites (to save directory entries that you use often), LDIF Export, detailed help documents, Software Version Update Checker, Access the Server Monitor (if supported), Viewers for X.509 Certificates, JPEG Photo, and Audio. Overall, Softerra is a powerful and popular directory browser that will continue to be enhanced in future releases.
CodeMerc LDAP Search/LDAP Director
CodeMerc LDAP Search/Director, a combined browser and administrator tool, is a worthy competitor to Softerra. The author of CodeMerc does not want to reveal her/his whereabouts. However, our sources revealed the center of the company’s operations appears to be on the island of Crete. Ten-day free evaluations of the current release 188.8.131.52 are available. After that, you can purchase the software for $55.
To start, select the File Menu icon. The Connection Window appears as the default. You can specify the usual directory startup options (search base, port and so on.) plus many advanced features (log file, anonymous login checkbox, interpret display font, display schema, display base distinguished names, checkbox to handle unexpected characters,UTF-8 support for international data and so on). One feature that may be useful is interpret escape sequences. This will allow you to escape characters with a backslash. For example, typing 5c allows you add another backslash to an attribute. Refer to RFC 2254 or the search filter article for further details on how to incorporate escape sequences in search functions.
Click the connect button. User-friendly messages on your session progress appear in the message window and the status bar at the bottom of the screen. If they appear, error messages are generally easy to understand and follow.
Click on the magnifying glass icon to initiate a search. You may re-use your
last search. Search parameters are similar to those found in other browsers:
Search filter (default equals all objectclasses), search scope, de-reference aliases, and return attributes. Most of these are pull-down selections.
When the search results are returned, they are split across two windows. The left window contains the search records and the right includes the record details. Right-clicking the attribute detail, lists several record manipulation options including viewing as a hexadecimal dump.
This product includes many useful features. These include a Unicode calculator and an Import/Export LDIF that copies to the clipboard. You can save JPEG, or base64 attribute content to a text or binary file, providing a pre-loaded OpenLDAP directory for testing. There are also granular extract options, and a detailed help document with LDAP Search Filter Syntax.
LDAP Search/Director appears to have been written in Visual Basic. Our testing revealed minor issues with windows handling involving resizing, moving, and closing. Once these issues are resolved, this will become one of the top choices for directory administrators and users alike because of the many wonderful features included in the package.
As you can see after delving into the details of two of the more powerful LDAP browsers available and discussed their rich functionality, there is much you can do using LDAP search capabilities to mine your LDAP directory for useful information. For the final article in the series, we will conclude by looking at two more browsers: LDP and Coral Directory and discuss what we would like to see in our ideal browser. Until next time, happy searching
http://perl-ldap.sourceforge.net/rfc.html — One location (of many) to find LDAP
LDAP Public Directories
http://www.emailman.com/ldap/public.html — List of public directories that you can use for testing queries.
LDAP Search Overview
www.hawaii.edu/brownbags/ldap/ldap2.pdf — Good presentation on LDAP and LDAP
OID (Object Identifiers)
http://www.alvestrand.no/objectid/2.16.840.1.113730.3.4.html — Sun/Iplanet LDAP server controls as an example.
http://www.alvestrand.no/objectid/ — Tutorial on OID
http://www.alvestrand.no/objectid/top.html — Top of OID hierarchary for searches
http://www.softerra.com/products/products.php Softerra LDAP Administrator & Browser
http://www.codemerc.com/ CodeMerc LDAP Search/Director
Beth Cohen is president of Luth Computer Specialists Inc., a consulting practice specializing in IT infrastructure for smaller companies. She has been in the trenches supporting company IT infrastructure for over 20 years in different industries including manufacturing, architecture, construction, engineering, software, telecommunications, and research. She is available for consulting, teaching college IT courses, and writing a book about IT for the small enterprise. Hallett German is launching Alessea Consulting — focusing on network identity, electronic directories/messaging consulting. He has 20 years experience in a variety of IT positions and in implementing stable infrastructures. Hal is the founder of the Northeast SAS Users Group and former President of the REXX Language Association. He is the author of three books on scripting languages. He would welcome the opportunity to solve your network identity, directory, and messaging challenges.
Hallett German is launching Alessea Consulting — focusing on network identity, electronic directories/messaging consulting. He has 20 years experience in a variety of IT positions and in implementing stable infrastructures. Hal is the founder of the Northeast SAS Users Group and former President of the REXX Language Association. He is the author of three books on scripting languages. He would welcome the opportunity to solve your network identity, directory, and messaging challenges.