Dear LDAP Advisor:
Your previous three columns were very enlightening. Now I know LDAP search, search filters, and accessing LDAP searches from practically anywhere. There are so many Microsoft Windows compatible LDAP browsers to choose. Could you give me some tips and tricks on the right one for me in terms of easy of use and features?
—LDAP Browser Challenged Reader
Filter City, Iowa
Dear LDAP Advisor:
I have been doing the LDAP search thing for a while. I have a crush on that LDAP guru woman. Which LDAP browser should I use to impress her? Is there a search that I can show her that will win me a date?
—In Love with an LDAP Guru
Hopeless, New York
No, this is not the latest installment of LDAP advice for the lovelorn, just the fourth of our five-part series on LDAP search tools. This time, we will be discussing LDAP browsers and their uses.
Below you’ll find a comparison between several free or inexpensive Microsoft Windows LDAP Browsers so that you can locate just the right one for your LDAP searching needs. Since there are so many LDAP browsers available, we have limited the discussion to Windows platform products only. Now, on to the wonderful world of LDAP browsers.
Before we dig in to the discussion of the tools themselves, you need to have a basic understanding of what features you would expect to find in a typical LDAP browser. Nearly all browsers have these features in common:
- Access and bind (authenticate) against one of a specified list of directories
- Some type of anonymous access
- Some degree of bind and search session messages
- The capability to set basic search parameters such as search scope (how far down the directory tree to search), TCP port (default 389), LDAP version (2 or 3), search base (such as o=fizzydizzy.com), etc.)
- The capability to search the directory and display the results
- The capability to export the results to another application (usually in an LDIF format as specified in RFC 2489)
LDAP Browsers Uses
Why do you need an LDAP browser anyway? After all, there are plenty of ways to run LDAP searches via e-mail, Web browsers and command line. What does an LDAP browser offer that you cannot get using the other available tools? The answer is that these alternatives generally have only limited functionality. For example, an e-mail LDAP search might return e-mail and contact information lookups.
Most tools provide limited or non-existent LDAP search filter functionality. Remember if you are using a general-purpose tool like a Web browser, rather than a purpose-built application, you will never have the kind of extended features that you would expect using an LDAP browser.
Browsers and More Browsers
Most available LDAP browsers assume that you are fairly computer savvy and have a working knowledge of LDAP search syntax. A few browsers have a more limited feature set, or are considered particularly easy to use. Note that your opinion may vary about whether or not a certain browser is appropriate for typical or power users. As Stuart Smalley usually says, “And that’s OK.”
Note” Information on obtaining all the browser tools discussed in the article is located in the reference section.
Maxware Directory Explorer is a commercial product available from a company headquartered in Norway. The older version, 3.0 is available as a free download. The latest version (4.0) costs $9.95, and offers additional capabilities such as configurable, sort-able columns, and an enable/disable LDAP administration capability.
“Maxware 3.0 has a limited feature set and is aimed at a beginning audience, 4.0 with its enhanced functionality will appeal to the intermediate user who is looking for an integrated product.”
To access a directory, double-click the Maxware Directory Explorer icon in Windows Explorer. Then, double-click the “add directory server” icon to add a new LDAP directory. If the directory has already been added, then right-click the directory icon to access it. Select the “Find” choice or you can also open the directory and do a find at any directory tree level. Alternatively, you can use the “Browse” button in the “Find Menu” to do the same thing. Under the “Search For” field, pull down the desired attribute name. Enter the value to match under “Desired Value.” Then click “Find Now“. On the Advanced tab, change the size and time limit if needed.
The results will appear below the “Find” menu. To see all attributes of the record, double-click on the desired object. Maxware has a useful feature for copying attributes. By going to the “General” tab of a record, highlighting an attribute and selecting the Copy button on the bottom of the screen, it will place the value in the Windows Clipboard. Maxware Directory Explorer will also display Photos and digital certificates associated with a record.
The 4.0 version includes enhanced search capabilities, Office XP integration, a fully configurable browser for your company directory, and the able to enable/disable directory administration. Maxware also sells a Virtual Directory that works well with Directory Explorer. The Maxware folks are available to customize the browser for your environment, such as adding splash screens, specifying which attributes to display, and so on.
Maxware 3.0 has a limited feature set and is aimed at a beginning audience, 4.0 with its enhanced functionality will appeal to the intermediate user who is looking for an integrated product.
Cygsoft LDAP Browser
India’s Cygsoft’s main product is IP Management software, but they also sell a useful LDAP browser designed for users at all levels. LDAP Browser 2.0 is available for a 15-day trial and costs $24.95 if you decide to keep it.
Double-click on the “Tree” icon to start the LDAP Browser. Once the browser appears, select the “Connect” “New Connection” menu option to configure your connection to your LDAP directory. Once configured, select the “Connect” “Login” menu option to bind to the directory. Select your desired profile, user details, LDAP version, and enter password if required. The product allows anonymous logins as well. Progress messages will appear in the connect box during the connection.
Do any of the following for searching, Right-click at the desired directory level and select LDAP search, or under the “Tools” Menu select LDAP Search. What follows is a combination of a canned and ad-hoc query.
A screen appears that allows you to pull-down the desired objectclass (default of all), and create up to three search filters. These search filters include
pull-down attribute names, choose any or all of the attributes (equivalent of LDAP OR/AND operators)and an attribute value with wildcards. The only condition for the three search filters is “equals“. Click on the search button to start the search.
The search results are on the left and complete record details on the right of the window. Other menu options include counting the number of entries, LDAP user administration, Set number of entries to view, Export to LDIF, General and LDIF Logs, XML Rendering to administration templates, schema manager, and much more.
Cygsoft is designed for the beginning to intermediate user, but it does have some features that will appeal to the guru. The product works best with Novell NDS, SunOne/Iplanet Directory Server, and Open LDAP, but there is limited support for Microsoft Active Directory and Exchange server. Check out their Feature List document for more details on directory capability. This is a good overall directory product. We hope that the product continues to be enhanced in future releases.
LDAP Explorer Tool
LDAP Explorer tool is a noncommercial open source package available for download. Version 0.6 is still in beta. It includes explicit support for OpenLDAP, Novell eDirectory, and Sun OneDirectory Server, but it will work with any LDAP-compliant server. Once you have configured the “Connect To” button and clicked OK, you can access and optionally bind to the LDAP server. Use the account name of anonymous with no password to initiate an anonymous session. Right-click on the desired level on the directory to search (such as ou=People,o=cameraobscura.com).
By selecting the search option, the search box appears. Enter your LDAP search request and press OK. Note that you need to understand proper LDAP search syntax for it to work. After your results are returned, click on the desired record on the left side of the screen and the full record is displayed in the right. LDAP Explorer Tool also has the ability to perform LDAP administration on objects, records and binaries.
LDAP Explorer is written for the casual user who is familiar with LDAP syntax. This looks like a promising tool, and we look forward to seeing what future releases may offer.
LDAP Browser/Editor (or as a colleague of Hallett’s calls it — “the little browser”) is a noncommercial Java-based product available for download. It was created by Jarek (Jaroslaw)Gawor while he was a student. Jarek’s effort was awarded best student application in the Novell Developer’s Contest a few years ago. The current release is 2.82b2 and runs on either Windows or Unix. Jarek seems to be busy with other computing endeavors, so it is unclear if this browser will ever be updated beyond the current release.
Double-click on the lbe batch/shell file to start the Browser. This file may have to be modified to support your Java configuration. After a series of progress messages, the session list appears. Click “Edit” to add your local directory settings including results sorting. After this step is completed, click the “Connect” button on the bottom right of the browser. The Directory tree then appears in the left half of the window. To do a search, use the following approaches: Right-click on the appropriate level of the directory and select “Search“.
Alternatively, select the third icon from the top left, which looks like a green planet with binoculars, or select “Search” under the “View” Menu. This highly configurable browser allows the user to specify the default search base, search filter (searches on all objectclasses by default), attributes (returns all by default), and search scope (one level).
After you have made your selection, the matching records are returned. Right click and select “view entry” to see more details. You may export your results by selecting the “export” Button in the search window. This browser also allows you to view/edit sounds, GIF and JPEG Images, and digital certificates. It can also show operational attributes as well. A log will display any LDAP error messages encountered during your search.
LDAP Browser/Editor is a very popular tool in the LDAP community, probably because of the powerful feature set and configurability. However, like the LDAP Explorer Tool, you do need to know LDAP search syntax to use it, so it is unlikely to appeal to the casual user.
Keep on Browsing
As you can see, whatever your budget or directory background, there is a directory browser available that is just right for you. Some of them are highly customizable for people comfortable with LDAP syntax, while others are useful for the casual user who just wants to do some more complex searches than what is available in the their e-mail application.
In the final article of this series, we will review advanced features available in the most powerful LDAP browsers, which can further fine tune your searches to exactly what you desire.
http://perl-ldap.sourceforge.net/rfc.html – One location (of many) to find LDAP
LDAP Public Directories
http://www.emailman.com/ldap/public.html – List of public directories for testing queries
www.hawaii.edu/brownbags/ldap/ldap2.pdf – Good presentation on LDAP and LDAP
http://ldaptool.sourceforge.net/ – LDAP Explorer Information and Download Site
http://www.maxware.com/Products/MDE/Directory-Explorer-index.html – Maxware Directory Explorer and pointer to 3.0 download.
http://www.iit.edu/~gawojar/ldap/ – LDAP Browser/Editor “the Little Browser”
http://www.cygsoft.com/products/other/ldap.html — Cgysoft’s LDAP Browser
http://www.tldp.org/HOWTO/LDAP-HOWTO/graphicaltools.html – Some Linux LDAP Browsers
http://www3.baylor.edu/~Carl_Bell/files/LDapper2.0.3.dmg – Simple LDAP Browser for Macintosh called LDapper
Beth Cohen is president of Luth Computer Specialists Inc., a consulting practice specializing in IT infrastructure for smaller companies. She has been in the trenches supporting company IT infrastructure for over 20 years in different industries including manufacturing, architecture, construction, engineering, software, telecommunications, and research. She is available for consulting, teaching college IT courses, and writing a book about IT for the small enterprise.
Hallett German is launching Alessea Consulting — focusing on network identity, electronic directories/messaging consulting. He has 20 years experience in a variety of IT positions and in implementing stable infrastructures. Hal is the founder of the Northeast SAS Users Group and former President of the REXX Language Association. He is the author of three books on scripting languages. He would welcome the opportunity to solve your network identity, directory, and messaging, challenges.