Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
3K views

Apache Directory Studio LDAP Browser User Guide

Apache Directory Studio LDAP Browser: User's Guide Version 1.5.2.v20091211 copyright (c) 2006 - 2009 Apache Software Foundation Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. The ASF licenses this file to you under the Apache License, Version 2. (the "License"); you may not use this file except in compliance with the License.

Uploaded by

VBuga84
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
3K views

Apache Directory Studio LDAP Browser User Guide

Apache Directory Studio LDAP Browser: User's Guide Version 1.5.2.v20091211 copyright (c) 2006 - 2009 Apache Software Foundation Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. The ASF licenses this file to you under the Apache License, Version 2. (the "License"); you may not use this file except in compliance with the License.

Uploaded by

VBuga84
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 142

Apache Directory

Studio LDAP Browser


User's Guide
Apache Directory Studio LDAP Browser: User's Guide
Version 1.5.2.v20091211
Copyright © 2006 - 2009 Apache Software Foundation

Licensed to the Apache Software Foundation (ASF) under one


or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,


software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
Table of Contents
I. Getting started ................................................................................................................ 1
1. Download and installation ........................................................................................ 1
2. Open LDAP perspective ........................................................................................... 4
3. Create connection ................................................................................................... 4
4. Browse the directory ............................................................................................... 6
5. Search the directory ................................................................................................ 6
II. Tools ............................................................................................................................ 9
1. LDAP perspective ................................................................................................... 9
2. Views and editors ................................................................................................. 10
2.1. Connections view ....................................................................................... 10
2.2. LDAP Browser view ................................................................................... 12
2.3. Entry editors .............................................................................................. 25
2.4. Search Result editor .................................................................................... 37
2.5. Schema Browser ......................................................................................... 44
2.6. Modification Logs view ............................................................................... 49
2.7. Search Logs view ....................................................................................... 51
2.8. Progress view ............................................................................................. 52
3. Wizards and dialogs .............................................................................................. 53
3.1. New Connection wizard ............................................................................... 53
3.2. New Entry wizard ....................................................................................... 59
3.3. New Context Entry wizard ........................................................................... 62
3.4. Edit Entry wizard ....................................................................................... 63
3.5. Attribute wizard ......................................................................................... 65
3.6. Search dialog ............................................................................................. 66
3.7. Batch Operation wizard ............................................................................... 69
3.8. LDIF Import wizard .................................................................................... 70
3.9. DSML Import wizard .................................................................................. 71
3.10. Import Connections wizard ......................................................................... 72
3.11. LDIF Export wizard .................................................................................. 73
3.12. DSML Export wizard ................................................................................ 74
3.13. CSV Export wizard ................................................................................... 75
3.14. Excel Export wizard .................................................................................. 76
3.15. ODF Export wizard ................................................................................... 77
3.16. Connections Export wizard ......................................................................... 78
3.17. Select Referral Connection dialog ................................................................ 79
3.18. Filter Editor dialog .................................................................................... 79
3.19. Rename Entry dialog ................................................................................. 80
3.20. Move Entries dialog .................................................................................. 81
3.21. Go to DN dialog ....................................................................................... 81
3.22. Certificate Trust dialog .............................................................................. 81
4. Value Editors ....................................................................................................... 83
4.1. Concept .................................................................................................... 83
4.2. In-Place Text Editor .................................................................................... 83
4.3. Text Editor ................................................................................................ 84
4.4. Hex Editor ................................................................................................. 84
4.5. Password Editor ......................................................................................... 85
4.6. Image Editor .............................................................................................. 86
4.7. Object Class Editor ..................................................................................... 87
4.8. Address Editor ........................................................................................... 87
4.9. DN Editor ................................................................................................. 88
4.10. Date & Time Editor .................................................................................. 89

iv
Apache Directory
Studio LDAP Browser

4.11. OID Editor ............................................................................................... 90


4.12. Certificate Editor ....................................................................................... 90
5. Properties ............................................................................................................. 91
5.1. Connection properties .................................................................................. 91
5.2. Entry properties .......................................................................................... 98
5.3. Attribute properties ..................................................................................... 99
5.4. Value properties ......................................................................................... 99
5.5. Search properties ....................................................................................... 100
5.6. Bookmark properties .................................................................................. 101
6. Preferences ......................................................................................................... 102
6.1. Connections ............................................................................................. 102
6.2. Certificate Validation ................................................................................. 103
6.3. Attributes preferences ................................................................................ 103
6.4. Binary Attributes preferences ...................................................................... 104
6.5. Entry Editors preferences ............................................................................ 105
6.6. Table Entry Editor preferences .................................................................... 105
6.7. Search Result editor preferences .................................................................. 107
6.8. Text Formats preferences ............................................................................ 107
6.9. Value Editors preferences ........................................................................... 112
6.10. Browser View preferences ......................................................................... 112
6.11. Modification Logs View preferences ........................................................... 113
6.12. Search Logs View preferences ................................................................... 114
III. Tasks ....................................................................................................................... 116
1. Managing connections .......................................................................................... 116
1.1. Creating a connection ................................................................................ 116
1.2. Modifying connection parameters ................................................................. 116
1.3. Renaming a connection .............................................................................. 116
1.4. Deleting a connection ................................................................................ 116
1.5. Opening a connection ................................................................................ 116
1.6. Closing a connection ................................................................................. 117
1.7. Enabling secure connections ........................................................................ 117
1.8. Sharing connections ................................................................................... 117
2. Browsing directory .............................................................................................. 118
2.1. Handling large number of entries ................................................................. 118
2.2. Showing RootDSE and Schema entry ........................................................... 118
2.3. Showing subentries .................................................................................... 119
2.4. Displaying entry's attribute .......................................................................... 119
2.5. Filtering entry's attribute ............................................................................. 119
2.6. Displaying entry's operational attribute .......................................................... 119
3. Managing entries ................................................................................................. 119
3.1. Creating an entry ...................................................................................... 119
3.2. Renaming an entry .................................................................................... 119
3.3. Moving entries ......................................................................................... 119
3.4. Deleting entries ......................................................................................... 119
3.5. Adding an attribute .................................................................................... 119
3.6. Adding a value ......................................................................................... 119
3.7. Modifying a value ..................................................................................... 120
3.8. Deleting attributes and values ...................................................................... 120
3.9. Modifying the object class .......................................................................... 120
IV. Reference ................................................................................................................. 121
V. Tips and tricks ........................................................................................................... 122
VI. What's new ............................................................................................................... 123
VII. Release notes ........................................................................................................... 129

v
Chapter I. Getting started
This getting started guide provides a brief introduction to the Apache Directory Studio Browser.

1. Download and installation


Beside the integration in Apache Directory Studio the Apache Directory Studio Browser could also be
installed as a plug-in into a regular Eclipse installation. This section describes this alternative.

Using the Eclipse Install/Update Manager is the easiest way to install the Apache Directory Studio Browser
plug-in. From workbench menu choose Help # Software Updates # Find and Install... .

In the opened wizard choose Search for new features to install and click Next.

Next please specify the Apache Directory Studio update site. Click the New Remote Site... button. In the
dialog input the following and press OK:

• Name: Apache Directory Studio Update Site

• URL: http://directory.apache.org/studio/update/1.x

Make sure the new update site is checked an press Finish.

1
Getting started

Now the install manager checks the update site and presents the search results. Select the feature you want
to install - of course the Apache Directory Studio Browser - and click Next.

Accept the license agreement, the Apache Directory Studio Browser is distributed under the Apache
License, Version 2.0.

2
Getting started

In the next dialog ensure that the Apache Directory Studio Browser feature is selected and click to Finish.

Now the install manager loads the necessary files. When download is finished you have to verify the
installation, please click to Install.

3
Getting started

After installation it is recommended to restart the Eclipse workbench.

2. Open LDAP perspective


To use the Apache Directory Studio Browser plug-in open the LDAP perspective. Therefore go to
Window # Open Perspective # Other... and select the LDAP perspective.

For more information about the LDAP perspective see LDAP perspective

3. Create connection
The bottom left corner shows all of the LDAP connections. As can be seen, the view is empty, meaning
a connection still needs to be specified.

To create a new connection click the New Connection button.

In the wizard's first page enter a connection name as well as the hostname and the port of the LDAP server.
To check the connection parameter you entered you may click to Check Network Parameter. Click Next
when done.

4
Getting started

Here is a list of common directory servers and the ports they use by default:

Directory Server Default Port


Apache Directory Server 10389
OpenDS 1389
OpenLDAP, Fedora, Sun, Active Directory 389

In the wizard's second page select the authentication method. If you choose the simple bind method also
enter your bind DN or user and bind password. To check the authentication parameter you entered you
may click to Check Authentication. Click Finish when done.

Here is a list of common directory servers and the administrator's bind DN and password they use by
default:

Directory Server Default Bind DN Default Bind


Password
Apache Directory Server uid=admin,ou=system
secret

5
Getting started

Directory Server Default Bind DN Default Bind


Password
OpenDS, Sun, Fedora cn=Directory specified at setup
Manager
OpenLDAP specified at setup, specified at setup,
see slapd.conf see slapd.conf

Observe that the Connections view now shows the created connection.

For more information see Connections view

4. Browse the directory


The LDAP Browser view is on the top left. The category DIT shows the hierarchical content of the
directory. You may expand and collapse the tree.

When selecting an entry its attributes and values will be displayed in an Entry editor.

For more information see LDAP Browser view and Entry editors.

5. Search the directory


For a basic search you could use the Quick Search.

For a more advanced serach you may use the search function.

1. In the toolbar click the Search button.

2. If it is not already selected, select the LDAP Search tab.

6
Getting started

In the search dialog type in a search name. Select a connection to search on and the search base DN.
Specify a valid LDAP filter and the returning attributes as comma separated list, hit Ctrl-Space to get
content assistance. Additionally you may choose scope, limits, alias and referral options.

3. Press the Search button.

4. The category Searches in the LDAP Browser shows the searches. You may expand the search to
see all search result enties.

When selecting a search the search results and returning attributes will be displayed in the Search
Result editor.

When selecting a search result entry its attributes and values will be displayed in the Entry editor.

7
Getting started

For more information see LDAP Browser view and Search Result editor.

8
Chapter II. Tools
1. LDAP perspective
The Apache Directory Studio Browser plug-in provides a LDAP perspective. It is designed for working
with an LDAP directory (browse, edit, search) as well as for editing LDIF files. The views and edtiors
are arranged as follows:

The bottom left view shows all the Connections. It is used to create, edit, delete, open and close
connections. When selecting a single connection the LDAP Browser shows the content of the selected
connection.

The LDAP Browser view is on the top left. It shows the directory information tree (DIT), the persistent
searches and bookmarks of the selected connection. With the LDAP Browser you are able to navigate
and modify the DIT, perform searches and manage bookmarks. When selecting a single entry the Entry
editor shows its attributes and values. When selecting a single search the Search Result editor shows the
search results.

The editor area in the top middle. The following LDAP specific editors are available:

• The Entry editor displays the attributes and values of the currently selected entry. Further it is possilbe
to add, edit and delete attributes

• The Search Result editor shows the result of the currently selected search in a table. Further it is
possible to edit the search result in a spreadsheet-like manner.

• With the Schema Browser you could browse the schema with its object class and attribute definitions.

9
Tools

• The LDIF editor is a rich editor to create LDIF files. It provides well-known Eclipse features like syntax
highlighting and content assistance

The Outline view on the top right displays the structure of the entry currently opended in the entry editor
or the structured outline of the currently opened LDIF file.

The bottom centered view displays all Modifications made on the currently selected connection as LDIF
change records and all Searches performed on the on the currently selected connection as LDIF records.

The bottom right Progress view displays long-running operations like connecting to the directory or
import/export operations.

2. Views and editors


2.1. Connections view
The Connections view shows all the LDAP connections that you have added. Here is an example screenshot
of the Connection view:

Organize Connections
It is possible to organize connections in folders and sub-folders. Use drag-and-drop to re-organize
connections and folders.

You could copy and paste the connection parameters as LDAP URL to/from the clipboard. This makes it
very easy to share connection parameters with other users.

Icons
The following icons can appear in the Connections view:
Icon Description
Connection is opened.
Connection is closed.
Secure Connection is opened.
Secure Connection is closed.
Connection folder

Toolbar
Icon Action Description
New Connection... Starts the New Connection wizard

10
Tools

Icon Action Description

Open Connection Opens the selected connection(s)


Close Connection Closes the selected connection(s)
Expand All Expands all connection folders
Collapse All Collapses all connection folders

Context Menu
Icon Action Description Shortcut
New Connection... Starts the New Connection wizard
New Connection Opens a dialog to create a new connection
Folder... folder.
Open Connection Opens the selected connection(s)
Close Connection Closes the selected connection(s)
Open Schema Opens the Schema Browser and shows the
Browser schema of the selected connection
Copy Connection Copies the selected connection(s) as LDAP Ctrl-C or Ctrl-Insert
URL(s) to the clipboard. To duplicate an
existing connection please combine copy and
paste.
Paste Connection Pastes the copied connection(s) or LDAP Ctrl-V or Shift-
URL(s) from clipboard. Only enabled if there Insert
are connections or LDAP URLs in clipboard.
Delete Connection Deletes the selected connections(s). Only Delete
enabled if the selected connections are closed.
Select All Selects all connections. Ctrl-A
Rename Connection... Opens a dialog to rename the selected F2
connection.
Rename Connection Opens a dialog to rename the selected F2
Folder... connection folder.
Import # LDIF Starts the LDIF Import wizard.
Import...
Import # DSML Starts the DSML Import wizard.
Import...
Import # Import Starts the Import Connection wizard.
Connections...
Export # LDIF Starts the LDIF Export wizard.
Export...
Export # DSML Starts the DSML Export wizard.
Export...
Export # CSV Starts the CSV Export wizard.
Export...
Starts the Excel Export wizard.

11
Tools

Icon Action Description Shortcut


Export # Excel
Export...
Export # ODF Starts the ODF Export wizard.
Export...
Export # Export Starts the Export Connections wizard.
Connections...
Properties Opens the connection properties dialog. Alt-Enter

2.2. LDAP Browser view


The LDAP Browser shows the directory information tree (DIT), the persistent searches and bookmarks of
the selected connection in three separate categories. It allows you to explore the directory content.

2.2.1. Overview
This section describes general aspects of the LDAP Browser view.

Example screenshot

Icons
The following icons can appear in the LDAP Browser view:

Icon Description
The top-level category containing the directory information tree.
Entry, the icon depends on its object classes.
Alias or referral entry.
The schema entry.
The root DSE entry.
A container for folded entries.

12
Tools

Icon Description

The top-level category containing persistent searches.


A search.
The top-level category containing bookmarks.
A Bookmark.

Toolbar

The toolbar contains the following items:

Icon Action Description


Up Selects the parent node of the currently selected node.
Refresh Refreshes the selected objects
Collapse All Collapses the whole tree, only the three top-level categories
remain visible.
Link With Editor Links the editor with the current selection and the selection
with the current editor.

Drop Down Menu

The drop down menu contains the following items:

• Sorting...: Opens the Sort Dialog .

• Show Quick Search: Shows/Hides the . Quick Search .

• Show DIT: Shows the DIT category.

• Show Searches: Shows the Searches category.

• Show Bookmarks: Shows the Bookmarks category.

• Show Directory Metadata: Shows the directory metadata entries (e.g. the root DSE or the schema entry)
inside the DIT category.

• Preferences...: Opens the LDAP Browser preferences dialog.

Quick Search

The Quick Search allows searching the DIT with specifying only a single search attribute and value.

13
Tools

To use the quick search select an entry in the DIT first. It is used as search base.

In the left input field you could type in the search attribute. There is an auto-completion of known attributes.
You could also select a recently used attribute from the drop-down box.

In the next drop-down box you could select the search operations.

In the right input field you could type in the search value. You could use '*' as wildcard. You could also
select a recently used value from the drop-down box.

The icon toggles the search scope: To search only the direct descendants of the selected entry uncheck
the button. Check the button to search the whole subtree.

When pressing the button the search is executed. You could also press Enter in one of the input fields
to execute the search.

The search result is presented directly under the selected entry using a Quick Search icon.

Sort dialog
With the sort dialog you can set the sorting behaviour of the LDAP Browser view.

Field Description Default


Leaf entries first If enabled, entries without children are grouped on
before the entries with children.
Container entries first If enabled, entries with children are grouped before on
the entries without children.

14
Tools

Field Description Default


Mixed If enabled, entries with and without children are not on
group before each other.
Meta entries last If enabled, meta entries (e.g. root DSE or schema on
entry) are grouped after all other entries.
Sort by Sort criteria and order of entries in DIT and search RDN Value and
results. Select either 'RDN' or 'RDN Value' from Ascending
the drop-down list as sort critera and select the sort
order. Or select 'No sorting' to disable sorting.
Sort limit If there are more than the specified number of 10000
children or search results they won't be sorted.
Hint: For performance reasons the maximum value
should be 10000!

2.2.2. DIT category


This section describes the DIT category in the LDAP Browser view.

Navigation
In the DIT category the directory information tree of the LDAP directory is displayed in its natural
hierarchical structure. The first hierachy level contains the base entries, the Root DSE and the schema
entry. When expanding an entry its direct children are fetched from directory. To expand and collapse an
entry you could also double-click.

Children detection
While browsing the directory the LDAP Browser tries to find out if a fetched entry has children. Entries
without children couldn't be expanded. This behaviour could be changed in the LDAP Browser preferences
.

Labels
By default the RDN of the entries is used as label and the length of the label is limited to 50 characters.
This behaviour could be changed in the LDAP Browser preferences . For the Base entries always the
whole DN is used as label.

If an entry has child entries the number of children is appended in parentheses to the label. If the directory
server returned a partial result (e.g. because of count or time limits) a plus (+) character is appended to the
number of children to indicate that there are more child entries. Note: The limit parameters are inherited
from connection properties.

Icons
The following icons are used to distinguish entry types:

Icon Description
Entry with object class person, inetOrgPerson, posixAccount, user
Entry with object class groupOfNames, groupOfUniqueNames, posixGroup,
group

15
Tools

Icon Description
Entry with object class organization, organizationalUnit, container
Entry with object class domain, domainComponent, country, locality
Entry with object class alias
Entry with object class referral
The schema entry.
The root DSE entry.
All other entries

Alias and referral entries


To manage alias entries you have the following options:

• Disable the options "Finding Base DN" and "Search" in the "Aliases Dereferencing" group of the
Connection properties . This setting will display alias entries in the tree.

• If you know that an entry contains alias child entriy you could select Fetch > Fetch Aliases from the
browser's context menu.

To manage referral entries you have the following options

• Enable the option "Use ManageDsaIT control" in the "Controls" group of the Connection properties .
This setting will display referral entries in the tree.

• If you know that an entry contains referrals child entriy you could select Fetch > Fetch Referrals from
the browser's context menu.

Folding
By default the entries of large branches are folded into virtual folders each with 100 entries. This may
help to keep the displayed tree smaller. This behaviour could be changed in the LDAP Browser preferences
.

Filter Children
With the Filter Children action you can define a filter to select entries returned by the server for your
needs. You could recognise a filtered entry by its modified icon and label.

2.2.3. Searches category


This section describes the Searches category in the LDAP Browser view.

New Search
To perform a new search please choose one of the following methods:

16
Tools

• Select a search or entry and choose New Search... from the context menu. The selected search or
entry is used to preset search parameters.

• Use the Workbench Search action.

Please see Search dialog how to define the search parameters.

Navigation
In the Searches category the searches and belonging search results are displayed. The first hierachy level
contains the Searches, the second hierarchie level shows the search result entries. To expand and collapse
a search the double-click could be used.

With the Open Search Result in DIT action the search result entry could be located in the DIT.

Unperfomed Searches
An unperfomed search could be identified by the gray search icon and the absent number in parentheses
at the end of the search name label. To perfom the search expand it or press the refresh button.

Perfomed Searches
A perfomed search could be identified by the yellow search icon If a search is performed the number of
search results is appended in parentheses to the search name label. If the directory server returned a partial
result (e.g. because of count or time limits) a plus (+) character is appended to the number of search results
to indicate that there are more results. To perfom the search again press the refresh button.

Search Results
By default the DN of the search results is used as label and the length of the label is limited to 50 characters.
This behaviour could be changed in the LDAP Browser preferences .

The icons of the search results depends on the RDN type, see DIT category . Additional the search results
have a small overlay image

Folding
By default large search results folded into virtual folders each with 100 entries. This may help to keep
the displayed tree smaller. This behaviour could be changed in the LDAP Browser preferences .

Batch Operation
With the New Batch Operation... action you can execute a modify operation to all search results.

2.2.4. Bookmarks category


This section describes the Bookmark category in the LDAP Browser view.

17
Tools

Bookmarks could be used to quickly access frequently used entries.

New Bookmark
To create a new bookmark select an entry or search result and choose New Bookmark... from the
context menu.

Navigation
With the Open Bookmark in DIT action the bookmark entry could be located in the DIT.

2.2.5. Context Menu


This section describes the context menu of the LDAP Browser view.

New > New Entry...


• Icon:

• Description: Opens the New Entry wizard . The selected entry is used as template or to preset the
parent entry.

• Enabled: If one entry, search result or bookmark is selected.

New > New Context Entry...


• Icon:

• Description: Opens the New Context Entry wizard .

• Enabled: If one entry, search result or bookmark is selected.

New > New Search...


• Icon:

• Description: Opens the Search dialog . The selected search or entry is used to preset the search
parameters.

• Enabled: If one search, entry, search result or bookmark is selected.

• Shortcut: Ctrl-H

New > New Bookmark...


• Icon:

• Description: Opens the bookmark dialog. The selected entry is used to preset the new bookmarks name
and DN.

• Enabled: If one entry, search result or bookmark is selected.

New > New Batch Operation...


• Icon:

18
Tools

• Description: Opens the Batch Operation wizard . If one or multiple entries are selected they are used
as operation objects. If a search is selected its search results are used as operation objects.

• Enabled: If one search is selected or if one or multiple entries, search results or bookmarks are selected.

Open Entry
• Description: Opens the selected entry in the default entry editor.

• Enabled: If one entry, search result or bookmark is selected.

Open With >


Opens the selected entry in a custom Entry editor. The follwing editor types are available:

• Table Entry Editor (single-tab)

• Icon:

• Description: Displays attributes and values in a table grid. Single-tab means that only one instance of
the editor is used, all entries are opened in the same editor tab. This is the traditional Entry editor.

• Table Entry Editor (multi-tab)

• Icon:

• Description: Displays attributes and values in a table grid. Multi-tab means that each entry is opened
in its own editor tab.

• LDIF Entry Editor (multi-tab)

• Icon:

• Description: Displays attributes and values in LDIF format. Multi-tab means that each entry is opened
in its own editor tab.

• LDIF Entry Editor (single-tab)

• Icon:

• Description: Displays attributes and values in LDIF format. Single-tab means that only one instance
of the editor is used, all entries are opened in the same editor tab.

Open Search Result in DIT / Open Bookmark in DIT


• Icon: /

• Description: Opens the selected search result or bookmark in DIT.

• Enabled: If one search result or bookmark is selected.

• Shortcut: F3

Up
• Icon:

• Description: Opens the parent node of the selected node.

19
Tools

• Enabled: If a node with a parent is selected.

• Shortcut: F4

Copy Entries / DNs


• Icon:

• Description: Copies the selected entries and DNs to the system clipboard. The entries are copied in an
internal format and could be pasted inside the LDAP Browser view. The DNs are copied as text and
could be pasted even outside of Studio.

• Enabled: If one or multiple entries, search results or bookmarks are selected.

• Shortcut: Ctrl-C or Ctrl-Insert

Paste Entries
• Icon:

• Description: Pastes the previously copied entries as children into the selected entry. If the copied entries
have children you are asked for the copy depth.

The new entries will receive the same RDNs and attributes as the copied entries. If there is already an
entry with the same RDN you are asked how to proceed.

• Enabled: If one entry is selected and the system clipboard contains entries.

• Shortcut: Ctrl-V or Shift-Insert

Delete
• Icon:

• Description: Deletes the selected elements, the real action depends on the selected elements type:

• Entries or Search Results: The entries and its children are deleted physically from directory. It is not
possible to delete base entries or the root DSE.

• Searches: The selected searches are removed from the view. No entries from directory are deleted.

• Bookmarks: The selected bookmarks are removed from the view. No entries from directory are
deleted.

20
Tools

• Enabled: If one or multiple searches, entries, search results or bookmarks are selected.

• Shortcut: Delete

Move Entries...
• Description: Moves the selected entries to another parent. The Move Entries dialog is opened to select
the new parent DN.

• Enabled: If one or multiple entries or search results are selected.

Rename...
• Description: Renames the selected element, the real action depends on the selected element type:

• Entry or Search Result: Renames the selected entry in directory. The Rename Entry dialog is opened
to specify a new RDN.

• Search: Renames the selected search.

• Bookmark: Renames the selected bookmark.

• Enabled: If one search, entry, search results or bookmark is selected.

• Shortcut: F2

Advanced > Copy DN


• Icon:

• Description: Copies the distinguished name of the selected entry (e.g. cn=John
Fowler,ou=People,o=JNDITutorial)

• Enabled: If one entry, search result or bookmark is selected.

Advanced > Copy URL


• Icon:

• Description: Copies the URL of the selected entry (e.g. ldap://localhost:389/cn=John


Fowler,ou=People,o=JNDITutorial)

• Enabled: If one entry, search result or bookmark is selected.

Advanced > Copy Entry as LDIF


Copies the selected entries in LDIF content format. There are four options:

• DN only

• Icon:

• Description: Copies the distinguished names of the selected entries in LDIF format. If a search is
selected the distinguished names of all search results are copied.

• Enabled: If one search is selected or if one or multiple entries, search results or bookmarks are
selected.

21
Tools

• returning attributes only

• Icon:

• Description: Copies all returning attributes of the selected search result entries in LDIF format. If a
search is selected the returning attributes of all search results are copied.

• Enabled: If one search is selected or if one or multiple search results are selected.

• all user attributes

• Icon:

• Description: Copies all user attributes of the selected entries in LDIF format. If a search is selected
the user attributes of all search results are copied.

• Enabled: If one search is selected or if one or multiple entries, search results or bookmarks are
selected.

• include operational attributes

• Icon:

• Description: Copies all user attributes and operational attributes of the selected entries in LDIF format.
If a search is selected the attributes of all search results are copied.

• Enabled: If one search is selected or if one or multiple entries, search results or bookmarks are
selected.

Advanced > Copy Entry as CSV


Copies the selected entries in CSV format. By default the tabulator is used as attribute delimiter, a pipe is
used as value delimiter and each attribute is wrapped by double-quotes, these settings could be changed
in Text Formats preferences . There are four options:

• DN only

• Icon:

• Description: Copies the distinguished names of the selected entries in CSV format. If a search is
selected the distinguished names of all search results are copied.

• Enabled: If one search is selected or if one or multiple entries, search results or bookmarks are
selected.

• returning attributes only

• Icon:

• Description: Copies all returning attributes of the selected search result entries in CSV format. If a
search is selected the returning attributes of all search results are copied.

• Enabled: If one search is selected or if one or multiple search results are selected.

• all user attributes

• Icon:

22
Tools

• Description: Copies all user attributes of the selected entries in CSV format. If a search is selected
the user attributes of all search results are copied.

• Enabled: If one search is selected or if one or multiple entries, search results or bookmarks are
selected.

• include operational attributes

• Icon:

• Description: Copies all user attributes and operational attributes of the selected entries in CSV format.
If a search is selected the attributes of all search results are copied.

• Enabled: If one search is selected or if one or multiple entries, search results or bookmarks are
selected.

Filter Children...
• Icon:

• Description: Opens the Filter Children dialog to specify a children filter for the selected entry.

• Enabled: If one entry in DIT category is selected.

Remove Children Filter


• Icon:

• Description: Removes the children filter.

• Enabled: If one entry in DIT category is selected and a children filter is set.

Import > LDIF Import...


• Icon:

• Description: Starts the LDIF Import wizard .

Import > DSML Import...


• Icon:

• Description: Starts the DSML Import wizard .

Export > LDIF Export...


• Icon:

• Description: Starts the LDIF Export wizard .

Export > DSML Export...


• Icon:

• Description: Starts the DSML Export wizard .

23
Tools

Export > CSV Export...


• Icon:

• Description: Starts the CSV Export wizard .

Export > Excel Export...


• Icon:

• Description: Starts the Excel Export wizard .

Export > ODF Export...


• Icon:

• Description: Starts the ODF Export wizard .

Refresh
• Icon:

• Description: Refreshes the selected elements. If entries, search results or bookmarks are selected their
attributes and children are refreshed. If searches are selected this searches are performed

• Enabled: If one or multiple searches, entries, search results or bookmarks are selected.

• Shortcut: F5

Fetch -> Fetch Operational Attributes


• Description: Enables/disables fetching of operational attributes. If the server supports the 'All
Operational Attributes' feature the operation attributes are requested using a '+', otherwise all available
operational attributes available in the schema are requested.

• Enabled: If one or multiple entries, search results or bookmarks are selected.

• Note: This menu item is not available if "Fetch operational attributes while browsing" in the connection
properties is enabled because in that case operational attributes are always loaded.

Fetch -> Fetch Aliases


• Description: Enables/disables fetching of alias entries. If enabled an additional search request with alias
dereferncing mode 'never' is necessary when loading the children of an entry.

• Enabled: If one or multiple entries are selected.

• Note: This menu item is not available if no alias dereferencing is enabled in the connection properties
because in that case alias entries are always visible.

Fetch -> Fetch Referrals


• Description: Enables/disables fetching of referral entries. If enabled an additional search request with
ManageDsaIT controls is necessary when loading the children of an entry.

• Enabled: If one or multiple entries are selected.

24
Tools

• Note: This menu item is not available if "Use ManageDsaIT control while browsing" is enabled in the
connection properties because in that case referral entries are always visible.

Fetch -> Fetch Subentries


• Description: Enables/disables fetching of subentries. If enabled an additional search request with
Subentries controls is necessary when loading the children of an entry.

• Enabled: If one or multiple entries are selected.

• Note: This menu item is not available if "Fetch subentries while browsing" is enabled in the connection
properties because in that case subentries are always fetched.

Properties
• Description: Opens the entry properties , search properties or bookmark properties dialog.

• Enabled: If one search, entry, search result or bookmark is selected.

• Shortcut: Alt-Enter

2.3. Entry editors


Entry editors are used to view and edit the attributes and values of an entry.

Editor Types
There are two editor types available.

• Table Entry editor: Displays the entry's attributes and values in a table grid.

• LDIF Entry editor: Displays the entry's attributes and values in LDIF format.

By default the single-tab Table Entry editor is used, you could change that setting in the Entry Editor
preferences.

Single-Tab vs. Multi-Tab


Each editor type can be used in single-tab or multi-tab mode.

• Single-tab means that only one instance of the editor is used, all entries are opened in the same editor tab.

• Multi-tab means that each entry is opened in its own editor tab.

Open Mode
With the open mode you could define how an entry should be opened while navigating through the DIT
in the LDAP Browser view.

• Traditional: Editors open on single-click, using arrow keys triggers the opening of a new editor.

• Application-wide open mode + double-click: Editors open on double-click, using arrow keys requires
an explicit enter to open the entry in an editor.

• Application-wide open mode + single-click: Editors open on single-click, arrow key and hover
behaviour could be configured.

25
Tools

By default the traditional open mode is used, you could change that setting in the Entry Editor preferences.

2.3.1. Table Entry Editor Overview


This section describes general aspects of the Table Entry editor.

Example screenshot

Layout
The Entry editor has a two-column layout. The left column contains the attribute descriptions (names), the
right column contains the attribute values. Each line represents a name-value pair.

The Entry editor has its own toolbar. The left part displays the distinguished name of the current entry.
The right part contains the toolbar icons and menu.

Colors and Fonts


To distinguish the different attribute classes the Entry editor uses different fonts. By default the following
colors and fonts are used:

Attribute class Default Default Example


font color
objectClass attribute bold and black
italic
Must attributes bold black
May attributes normal black
Operational attributes italic black

26
Tools

These colors and fonts could be changed in the Colors and Fonts preferences .

Toolbar
The toolbar contains the following items:

Icon Action Description Shortcut


New Value Adds a new value to the selected attribute and starts the Ctrl-+
edit mode.
New Attribute... Opens the New Attribute wizard . When finishing the Shift-
wizard a new attribute is created and the edit mode is Ctrl-+
started to enter a value.
Delete Deletes the selected values. Delete
Delete Attributes Deletes all values of the selected attributes. Applicable to
multi-valued attributes, if you want to delete the complete
attribute just select one value use this action.
Reload Attributes Reloads the attributes of the current entry. F5
Expand All Expands all folded attributes.
Collapse All Collapses all folded attributes.
Show Quick Filter Shows/Hides the Quick Filter . Ctrl-F

Drop Down Menu


The drop down menu contains the following items:

• Sorting...: Opens the Sort Dialog to set default sorting.

• Show Operational Attributes: If checked the operational attributes (e.g. createTimestamp and
modifyTimestamp) are displayed.

• Show Decorated Values: If checked decorated values are displayed, this means some additional
information is displayed:

• Images: Image format, width, height, and size.

• Binary data: Data size.

• Passwords: Used hash method.

• Timestamps: Locale dependent date and time format.


If unchecked the raw values (as stored in directory) are displayed.

• Save Automatically: If checked, each modifcation (add attribute, edit value, delete attribute) is saved
automatically and a modify request is sent to the server. If unchecked the editor becomes dirty (an
asterisk '*' appears in the editor tab) if the entry is modified. Multiple modifications could be applied to
the entry. The editor must be saved explicitely using Ctrl+S.

• Preferences...: Opens the Entry editor preferences dialog.

2.3.2. Table Entry Editor Features


This section describes the features of the Table Entry editor.

27
Tools

Sorting
You could sort the displayed attributes by attribute description or value by clicking to the column header.
The current sort criteria and direction is indicated by an arrow. The default sorting behaviour could be
changed in the Sort Dialog ( Toolbar menu -> Sorting ):

Sort dialog
The default sorting behaviour of the entry editor could be changed in this dialog.

Field Description Default


ObjectClass and must If enabled, objectClass and must attributes are on
attributes first grouped at the top.
Operational attributes If enabled, operational attributes (e.g. on
last createTimestamp and modifyTimestamp) are
grouped at the bottom.
Sort by Default sort criteria and order of attribute and Attribute Description
values. Select either 'Attribute Description' or and Ascending
'Value' from the drop-down list as sort critera and
select the sort order. Or select 'No sorting' to disable
default sorting.

Quick Filter
If an entry has many attributes and values it is difficult to find a specific attribute. The Quick Filter provides
a client-side filter. To show/hide the Quick Filter toggle the button or press Ctrl-F . Enter (even parts
of) attribute descriptions or values into the input fields, only matching attributes keep displayed. When
hiding the filter is removed.

Visible attributes
By default all user attributes of an entry are fetched and displayed in the Entry editor. In the Entry editor
preferences it is possible to define which classes of attributes (must, may, operational) are displayed.

28
Tools

Note: Operational attributes must be requested from the directory. You could define to request operational
attributes for each entry for the whole connection, see Connection properties for details. Another way is
to request operational attributes for the selected entry only, choose Fetch Operational Attributes from
the context menu.

Folding
By default attributes with more than 10 values are folded. The attribute is displayed as single line containing
the number of values

Expand the attribute to make the values visible (double-click works also). To expand/collapse all folded
attributes use the Collapse All and Expand All and buttons from toolbar.

You could change this setting in Entry editor preferences .

Locate DN in DIT
If a value contains a distinguished name the Locate DN in DIT action can be used to locate and open
the entry in the DIT.

Query by example
When selecting attributes these attribute-value-pairs are used to build a search filter, this feature could be
used for "query by example".

• Select example attributes and choose New Search... from context menu. Watch the search filter in the
search dialog.

• Select example attributes and choose Advanced -> Copy [NOT|AND|OR] Search Filter from context
menu. This copies the search filter to system clipboard.

When building a filter necessary value encoding is supported (*->\2a, (->\28, )->29, \->\5c, NUL->\00).

Edit Attributes and Values


It is possible to add, edit or delete attributes and values of an entry in the Entry editor.

To enter the edit mode using the default value editor select a value and press Enter or F7 or double-click
the value. If the attribute is a simple string (like givenName or telephoneNumber) the value could be edited
in-place, otherwise a specific value editor dialog is opened. To use a specific value editor choose one from
Context Menu -> Edit Value With .

To finish editing press Enter or click to another value or click the OK button in a value editor dialog. To
cancel editing press ESC or click the Cancel button in a value editor dialog.

Edit Entry Offline and Save Automatically


Sometimes you may want to make multiple modifications on an entry and to send these modifications as
one request to the server. This is necessary e.g. when adding an additional object class which requires
addional attributes. There are two ways to accomplish this.

29
Tools

One way is to toggle the "save modifications automatically" setting. This could be done from the editor's
drop-down menu or in the Table Entry Editor preferences. This mode could be set independently for the
single-tab and the multi-tab editor. For the single-tab editor it is enabled by default, for the multi-tab editor
it is disabled by default. If disabled the editor becomes dirty (an asterisk '*' appears in the editor tab) if the
entry is modified. The editor must be saved explicitely using Ctrl+S.

Another way is to use the Editor Entry Wizard. To start the wizard press F8 or choose Edit Entry... from
the context menu.

2.3.3. Table Entry Editor Context Menu


This section describes the context menu of the Table Entry editor.

New Attribute...
• Opens the New Attribute wizard . When finishing the wizard a new attribute is created and the edit
mode is started to enter a value.

• Icon:

• Shortcut: Shift-Ctrl-+

New Value
• Adds a new value to the selected attribute and starts the edit mode.

• Icon:

• Enabled: If one attribute or value is selected.

• Shortcut: Ctrl-+

New Search...
• Opens the Search dialog . The selected attributes and values are used to build the search filter (Query
by example).

• Icon:

• Enabled: If attributes or values are selected.

• Shortcut: Ctrl-H

New Batch Operation...


• Opens the Batch Operation wizard . If one or multiple DN values are selected these DNs are used as
operation objects. Otherwise the selected attributes and values are used to build the search filter (Query
by example).

• Icon:

• Enabled: If attributes or values are selected.

Locate DN in DIT
• Locates the entry of the selected DN in DIT.

• Icon:

30
Tools

• Enabled: If one value is selected and this value is a distinguished name.

• Shortcut: F3

Open Schema Browser -> Object Class Definition


• Opens the Object Class page in Schema Browser and selects the object class definition of the currently
selected objectClass value.

• Icon:

• Enabled: If one objectClass value is selected and the schema contains this object class.

Open Schema Browser -> Attribute Type Definition


• Opens the Attribute Type page in Schema Browser and selects the attribute type definiton of the
currently selected attribute.

• Icon:

• Enabled: If one attribute or value is selected and the schema contains this attribute type.

Open Schema Browser -> Equality Matching Rule Definition


• Opens the Matching Rule page in Schema Browser and selects the equality matching rule definiton
of the currently selected attribute.

• Icon:

• Enabled: If one attribute or value is selected, the attribute provides an equality matching rule and the
schema contains this matching rule.

Open Schema Browser -> Substring Matching Rule Definition


• Opens the Matching Rule page in Schema Browser and selects the substring matching rule definiton
of the currently selected attribute.

• Icon:

• Enabled: If one attribute or value is selected, the attribute provides a substring matching rule and the
schema contains this matching rule.

Open Schema Browser -> Ordering Matching Rule Definition


• Opens the Matching Rule page in Schema Browser and selects the ordering matching rule definiton
of the currently selected attribute.

• Icon:

• Enabled: If one attribute or value is selected, the attribute provides an ordering matching rule and the
schema contains this matching rule.

Open Schema Browser -> Syntax Definition


• Opens the Syntax page in Schema Browser and selects the syntax definiton of the currently selected
attribute.

• Icon:

31
Tools

• Enabled: If one attribute or value is selected, the attribute provides an syntax and the schema contains
this syntax.

Copy Values
• Copies the selected values. The values are copied to clipboard in an internal format so they could be
pasted to another entry even in the search result editor. Additional the displayed values are copied to
the system clipboard as string so they could be pasted in other applications. New-line is used as value
separator.

• Icon:

• Shortcut: Ctrl-C or Ctrl-Insert

Paste Values
• Pasted the previously copied values to the current entry. Each value is copied separately, when an error
occurs while adding the value the paste operation will continue with the next value.

• Icon:

• Enabled: If the system clipboard contains values.

• Shortcut: Ctrl-V or Shift-Insert

Delete
• Deletes the selected attributes and values.

• Icon:

• Enabled: If attributes and values are selected.

• Shortcut: Delete

Select All
• Selects all attributes and values.

• Shortcut: Ctrl-A

Advanced > Copy DN


• Copies the distinguished name of the current entry (e.g. cn=John Fowler,ou=People,o=JNDITutorial)

• Icon:

Advanced > Copy URL


• Copies the URL of the current entry (e.g. ldap://localhost:389/cn=John
Fowler,ou=People,o=JNDITutorial)

• Icon:

Advanced > Copy Attribute Descriptions


• Copies the attribute descriptions of the selected attributes and values as string to the system clipboard.

32
Tools

• Icon:

Advanced > Copy Display Values


• Copies the values as displayed in the entry editor, either decorated or not.

• Icon:

Advanced > Copy Values (UTF-8)


• Copies the selected values UTF-8 encoded to the system clipboard.

• Icon:

Advanced > Copy Values (BASE-64)


• Copies the selected values BASE-64 encoded to the system clipboard.

• Icon:

Advanced > Copy Values (HEX)


• Copies the selected values HEX encoded to the system clipboard.

• Icon:

Advanced > Copy Name-Value-Pairs as LDIF


• Copies the selected attribute and values in LDIF format to the system clipboard.

• Icon:

Advanced > Copy Search Filter


Builds search filters from the selected attributes and values. There are four options:

• Default

• Copies the selected attribute and value as LDAP search filter (attribute=value).

• Icon:

• Enabled: If one value is selected.

• NOT

• Copies the selected attribute and value as LDAP NOT search filter (!(attribute=value)).

• Icon:

• Enabled: If one value is selected.

• AND

• Copies the selected attributes and values as LDAP AND search filter (&(attribute1=value1)...
(attributeN=valueN)).

• Icon:

33
Tools

• OR

• Copies the selected attributes and values as LDAP OR search filter (|(attribute1=value1)...
(attributeN=valueN)).

• Icon:

Advanced > Delete Attributes


• Deletes all values of the selected attributes. Applicable to multi-valued attributes, if you want to delete
the complete attribute just select one value use this action.

• Icon:

• Enabled: If values of multi-valued attributes are selected.

Edit Attribute Description


• Opens the Edit Attribute wizard . When changing the attribute description a add operation and a delete
operation is performed.

• Enabled: If one attribut or value is selected.

• Shortcut: F6

Edit Value
• Edits the selected value using the default value editor. To change the default value editor see Value
Editors preferences .

• Enabled: If one value is selected.

• Shortcut: F7 or Enter

Edit Value With


• Depending on the selected value there could be alternate value editors. To edit the selected value with
another value editor choose one of the listed editors.

• Enabled: If one value is selected.

Edit Entry...
• Opens the Editor Entry Wizard, used to edit the entry offline.

• Shortcut: F8

Reload Attributes
• Reloads the attributes of the current entry.

• Icon:

• Shortcut: F5

Fetch Operational Attributes


• Loads the operational attributes of the current entry.

34
Tools

Properties
• Opens the Properties dialog with the Attribute properties page or Value properties page .

• Shortcut: Alt-Enter

2.3.4. LDIF Entry Editor Overview


The LDIF Entry editor allows you to view and edit an entry using its LDIF representation. An LDIF content
record is used to display all attributes and values.

You could add, modify and delete attributes. To save the modifications to the directory server you must
explicitly save the editor.

It is not possible to modify the distinguished name. It is also not possible to add change the record type
or to add additional records.

Example screenshot

2.3.5. LDIF Entry Editor Context Menu


This section describes the context menu of the LDIF Entry editor.

Undo Typing
• Undo the last typing.

• Shortcut: Ctrl-Z

Revert File
• Reverts all unsaved modifications.

Save
• Saves the modified entry to the directory server.

35
Tools

• Shortcut: Ctrl-S

Cuts
• Cuts the selected text to the clipboard.

• Shortcut: Ctrl-X

Copy
• Copies the selected text to the clipboard.

• Icon:

• Shortcut: Ctrl-C or Ctrl-Insert

Paste
• Pastes the content of the clipboard.

• Icon:

• Shortcut: Ctrl-V or Shift-Insert

Edit Attribute Description


• Opens the Edit Attribute wizard.

• Enabled: If one attribute is selected.

• Shortcut: F6

Edit Value
• Edits the selected value using the default value editor. To change the default value editor see Value
Editors preferences .

• Enabled: If one value is selected.

• Shortcut: F7

Edit Value With


• Depending on the selected value there could be alternate value editors. To edit the selected value with
another value editor choose one of the listed editors.

• Enabled: If one value is selected.

Edit Record
• Opens the LDIF Record Editor dialog.

• Shortcut: F8

Reload Attributes
• Reloads the attributes of the current entry.

36
Tools

• Icon:

• Shortcut: F5

Fetch Operational Attributes


• Loads the operational attributes of the current entry.

Preferences
• Opens the LDIF Editor preferences.

2.4. Search Result editor


The Search Result editor is used to view and edit search results. Although it is placed in the editor area
there is only a single instance of the Search Result editor.

2.4.1. Overview
This section describes general aspects of the Search Result editor.

Example screenshot

Layout
The Search Result editor has a multi-column layout, one column for each returning attribute defined in
search parameters. Each line represents a search result with its values.

The cells have the following meaning:

• A value indicates that the entry has such an attribute with exacly one value.

• An empty cell indicates that the entry hasn't such an attribute.

• X values: ... indicates that the entry has multiple values for that attribute.

You can choose whether the DN of each search result is displayed as first column. Toggle Toolbar menu
-> Show DN .

Fonts and Colors


To distinguish the different attribute classes the Search Result editor uses the same fonts and colors as
the Entry editor .

Toolbar
The toolbar contains the following items:

37
Tools

Icon Action Description Shortcut


New Value Adds a new value to the selected attribute and Ctrl-+
starts the edit mode.
Delete Deletes the selected attribute. Delete
Refresh Performs the current search. F5
Copy Table Copies values as displayed in the table as
CSV. By default the tabulator is used as
attribute delimiter, a pipe is used as value
delimiter and each attribute is wrapped by
double-quotes. These settings are suitable
to paste the copied data into Excel or
OpenOffice, the settings could be changed in
Text Formats preferences .
Show Quick Filter Shows/Hides the Quick Filter . Ctrl-F

Drop Down Menu


The drop down menu contains the following items:

• Show DN: If checked the distinguished name of each search result is displayed as first column.

• DN as link: If checked the distinguished name of each search result is a link. Clicking to this link will
open the search result entry.

• Show Decorated Values: If checked decorated values are displayed, this means some additional
information is displayed:

• Images: Image format, width, height, and size.

• Binary data: Data size.

• Passwords: Used hash method.

• Timestamps: Locale dependent date and time format.


If unchecked the raw values (as stored in directory) are displayed.

• Preferences...: Opens the Search Result editor preferences dialog.

2.4.2. Features
This section describes the features of the Search Result editor.

Sorting
To sort the search results by attributes click the column header. The current sort attribute and direction
is indicated by an arrow.

Quick Filter
If there are many search results it is difficult to find a specific one. The Quick Filter provides a client-side
filter. To show/hide the Quick Filter toggle the button or press Ctrl-F . Enter (even parts of) a value
into the input field, only matching search results keep displayed. When hiding the filter is removed.

38
Tools

Navigation
The Locate DN in DIT action locates and opens the entry of a selected DN in the DIT.

The Open Search Result action locates and opens the selected search result.

Copy Table
The Copy Table action copies attributes as displayed in the table to the system clipboard.

By default the tabulator is used as attribute delimiter, a pipe is used as value delimiter and each attribute is
wrapped by double-quotes. These settings are suitable to paste the copied data into Excel or OpenOffice,
the settings could be changed in Text Formats preferences .

Editing
It is possible to add, edit or delete the displayed attributes of the search results in the Search Result editor.

To enter the edit mode using the default value editor select a cell and press Enter or F7 or double-click
the cell. If the attribute is a simple string (like givenName or telephoneNumber) the value could be edited
in-place, otherwise a specific value editor dialog is opened. To use a specific value editor choose one from
Context Menu -> Edit Value With .

To finish editing press Enter or click to another cell or click the OK button in a value editor dialog. To
cancel editing press ESC or click the Cancel button in a value editor dialog.

Multivalued Editor
In LDAP it is possible (and even normal) that an entry has multivalued attributes. To handle this in a
spreadsheet-like editor a special editor is necessary:

• In the cell a multivalued attribute is displayed as "X values: ..." to show the number of values and a
preview

• When entering edit mode the Multivalued Editor dialog is opened.

The Mulivalued Editor is similar to the Entry editor: you could add, edit and delete values. Of course it is
limited to edit only the current attribute, not the whole entry.

When editing a multivalued attribute the Multivalued Editor is used as default value editor. When editing
a singlevalued attribute you could select Context Menu -> Edit Value With -> Multivalued Editor .

2.4.3. Context Menu


This section describes the context menu of the Search Result editor.

New Value
• Icon:

39
Tools

• Description: Adds a new value to the selected attribute and starts the edit mode. If the attribute already
contains one or multiple values the Multivalued Editor is opened.

• Enabled: If an attribute is selected.

• Shortcut: Ctrl-+

New Search...
• Icon:

• Description: Opens the Search dialog . The selected attribute is used to build the search filter (Query
by example).

• Enabled: If an attribute is selected.

• Shortcut: Ctrl-H

New Batch Operation...


• Icon:

• Description: Opens the Batch Operation wizard . If an attribute with one or multiple DNs values are
selected these DNs are used as operation objects. Otherwise the selected attribute is used to build the
search filter (Query by example).

• Enabled: If an attribute is selected.

Locate DN in DIT
• Icon:

• Description: Locates the entry of the selected DN in DIT.

• Shortcut: F3

Open Search Result


• Icon:

• Description: Locates and opens the search result.

• Shortcut: F4

Open Schema Browser -> Object Class Definition


• Icon:

• Description: Opens the Object Class page in Schema Browser and selects the object class definition
of the currently selected objectClass attribute.

• Enabled: If the objectClass attribute is selected and the schema contains this object class.

Open Schema Browser -> Attribute Type Definition


• Icon:

• Description: Opens the Attribute Type page in Schema Browser and selects the attribute type definiton
of the currently selected attribute.

40
Tools

• Enabled: If an attribute is selected and the schema contains this attribute type.

Open Schema Browser -> Equality Matching Rule Definition


• Icon:

• Description: Opens the Matching Rule page in Schema Browser and selects the equality matching
rule definiton of the currently selected attribute.

• Enabled: If an attribute is selected, the attribute provides an equality matching rule and the schema
contains this matching rule.

Open Schema Browser -> Substring Matching Rule Definition


• Icon:

• Description: Opens the Matching Rule page in Schema Browser and selects the substring matching
rule definiton of the currently selected attribute.

• Enabled:If an attribute is selected, the attribute provides a substring matching rule and the schema
contains this matching rule.

Open Schema Browser -> Ordering Matching Rule Definition


• Icon:

• Description: Opens the Matching Rule page in Schema Browser and selects the ordering matching
rule definiton of the currently selected attribute.

• Enabled: If an attribute is selected, the attribute provides an ordering matching rule and the schema
contains this matching rule.

Open Schema Browser -> Syntax Definition


• Icon:

• Description: Opens the Syntax page in Schema Browser and selects the syntax definiton of the
currently selected attribute.

• Enabled: If an attribute is selected, the attribute provides an syntax and the schema contains this syntax.

Copy Values
• Icon:

• Description: Copies the values of the selected attribute. The values are copied to clipboard in an internal
format so they could be pasted to another entry even in the entry editor. Additional they are copied to
the system clipboard as string so they could be pasted in other applications. New-line is used as value
separator. Binary values are copied BASE-64 encoded.

• Shortcut: Ctrl-C or Ctrl-Insert

Paste Values
• Icon:

• Description: Pastes the previously copied values to the selected attribute.

41
Tools

• Enabled: If the system clipboard contains values.

• Shortcut: Ctrl-V or Shift-Insert

Delete
• Icon:

• Description: Deletes the selected attribute.

• Enabled: If an attributes is selected.

• Shortcut: Delete

Advanced -> Copy DN


• Icon:

• Description: Copies the distinguished name of the current search result (e.g. cn=John
Fowler,ou=People,o=JNDITutorial)

Advanced -> Copy URL


• Icon:

• Description: Copies the URL of the current search result (e.g. ldap://localhost:389/cn=John
Fowler,ou=People,o=JNDITutorial)

Advanced -> Copy Attribute Description


• Icon:

• Copies the attribute description of the selected attribute as string to the system clipboard.

Advanced -> Copy Values (UTF-8)


• Icon:

• Copies the selected values UTF-8 encoded to the system clipboard.

Advanced -> Copy Values (BASE-64)


• Icon:

• Copies the selected values BASE-64 encoded to the system clipboard.

Advanced -> Copy Values (HEX)


• Icon:

• Copies the selected values HEX encoded to the system clipboard.

Advanced -> Copy Name-Value-Pairs as LDIF


• Icon:

• Copies the selected attribute in LDIF format to the system clipboard.

42
Tools

Advanced -> Copy Search Filter


Builds search filters from the selected attribute. There are four options:

• Default

• Icon:

• Description: Copies the selected attribute as LDAP search filter (attribute=value).

• Enabled: If a singlevalued attribute is selected.

• NOT

• Icon:

• Description: Copies the selected attribute as LDAP NOT search filter (!(attribute=value)).

• Enabled: If a singlevalued value is selected.

• AND

• Icon:

• Description: Copies the selected attribute as LDAP AND search filter (&(attribute1=value1)...
(attributeN=valueN)).

• OR

• Icon:

• Description: Copies the selected attribute as LDAP OR search filter (|(attribute1=value1)...


(attributeN=valueN)).

Edit Value
• Edits the selected attribute using the default value editor. To change the default value editor see Value
Editor preferences .

• Enabled: If an attribute is selected.

• Shortcut: F7 or Enter

Edit Value With


• Depending on the selected attribute there could be alternate value editors. To edit the selected attribute
with another value editor choose one of the listed editors.

• Enabled: If an attribute is selected.

Search Again
• Icon:

• Performs the search again.

• Shortcut: F5

43
Tools

Properties
• Description: Opens the Properties dialog with the attribute properties page or entry properties page .

• Shortcut: Alt-Enter

2.5. Schema Browser


With the Schema Browser you can browse the schema with its schema elements like object classes,
attribute types, matching rules and syntaxes. It is placed in the editor area.

2.5.1. Overview
This section describes general aspects of the Schema Browser.

Example screenshot

Layout
The header of the Schema Browser contains the title and the toolbar. The toolbar shows the connection of
the currently displayed schema and a Browse... button to select another connection.

The Schema Browser consists of five pages:

• Object Classes page

• Attribute Type page

• LDAP Syntaxes page

• Matching Rules page

• Matching Rule Use page

Each page has a master-detail layout. The left part of a page shows a list of all schema elements (like
object class names or attribute types). To search a schema element you can filter the list by typing the

44
Tools

name of the schema element into the filter input field. When selecting one schema element the right part
of the page shows the details.

Navigation
In the detail section references to other schema elements are displayed as hyperlinks. Click to the hyperlink
to jump to the target schema element.

Toolbar
The toolbar contains the following items:

Icon Action Description


Show Default Schema Shows the default schema instead of the schema of the
currently selected connection.
Reload Schema Reloads the schema of the currently selected connection.

2.5.2. Object Classes


The Object Classes page shows the object classes defined in schema.

45
Tools

The left part of the page lists the available object classes.

The right part of the page shows the details of the selected object class:

• Details: Shows the OID, names, description and kind of the object class.

• MUST Attributes: Shows all MUST attributes, even those inherited from superclasses.

• MAY Attributes: Shows all MAY attributes, even those inherited from superclasses.

• Superclasses: Shows the object classes this object class is directly derived from (in other words the
parents).

• Subclasses: Shows the object classes derived from this object class (in other words the children).

• Raw Schema Definition: Shows the raw value of the object class definition as returned from server.

2.5.3. Attribute Types


The Attribute Types page shows the attribute types defined in schema.

46
Tools

The left part of the page lists the available attribute types.

The right part of the page shows the details of the selected attribute type:

• Details: Shows the OID, names, description and usage of the attribute type.

• Flags: Shows if the attribute type is single-valued, read-only and/or collective. Non-matching flags are
greyed-out.

• Syntax: Shows the syntax OID and description and optional a length of the attribute type.

• Matching Rules: Shows the equality, substring and ordering matching rules of the attribute type.

• Other Matching Rules: Shows additional matching rules applicable to the attribute type.

• Used as MUST: Shows object classed where this attribute type is used as MUST.

• Used as MAY: Shows object classed where this attribute type is used as MAY.

• Supertype: Shows the attribute type where this attribute is derived from (in other words the parent).

• Subtypes: Shows attribute types derived from this attribute types (in other words the children).

• Raw Schema Definition: Shows the raw value of the attribute type definition as returned from server.

2.5.4. Syntaxes
The Syntaxes page shows the syntaxes defined in schema.

The left part of the page lists the available syntaxes.

The right part of the page shows the details of the selected syntax:

47
Tools

• Details: Shows the OID description of the syntax.

• Used from: Shows attribute types using this syntax.

• Raw Schema Definition: Shows the raw value of the syntax definition as returned from server.

2.5.5. Matching Rules


The Matching Rules page shows the matching rules defined in schema.

The left part of the page lists the available matching rules.

The right part of the page shows the details of the selected matching rule:

• Details: Shows the OID, name and description of the matching rule.

• Syntax: Shows the syntax OID and description of the matching rule.

• Used from: Shows attribute types using this matching rule.

• Raw Schema Definition: Shows the raw value of the matching rule definition as returned from server.

2.5.6. Matching Rule Use


The Matching Rule Use page shows the matching rule uses defined in schema.

48
Tools

The left part of the page lists the available matching rule use descriptions.

The right part of the page shows the details of the selected matching rule use:

• Details: Shows the OID, namees and description of the matching rules.

• Applies: Shows attribute types this matching rule applies to.

• Raw Schema Definition: Shows the raw value of the matching rule use definition as returned from server.

2.6. Modification Logs view


The Modification Logs view shows all sucessful and failed modifications.

Concept
All modify operations are logged to a logfile in LDIF format. Additionally the result (OK or ERROR) is
prepended as LDIF comment to every log record.

Example log of a sucessfully performed modification:


#!RESULT OK
#!CONNECTION ldap://localhost:389
#!DATE 2006-11-04T21:32:40.134
dn: cn=Ted Geisel,ou=People,o=JNDITutorial
changetype: modify
add: mail
mail: Ted.Geisel@JNDITutorial.com
-

49
Tools

Example log of a failed modification:


#!RESULT ERROR
#!CONNECTION ldap://localhost:389
#!DATE 2006-11-04T21:33:05.739
#!ERROR [LDAP: error code 20 - modify/add: mail: value #0 already
exists]
dn: cn=Ted Geisel,ou=People,o=JNDITutorial
changetype: modify
add: mail
mail: Ted.Geisel@JNDITutorial.com
-

The modification logging mechanism works with logfile rotation. By default 10 logfiles each with 100KB
per connection are used, you may change these settings in the Modification Logs preferences .

Example screenshot

Toolbar
Icon Action Description
Clear Clears the current modification logfile.
Refresh Reloads the current modification logfile.
Older Loads an older modification logfile.
Newer Loads a newer modification logfile.
Export Modification Logs... Exports the modification logs to a file.

Drop Down Menu


The drop down menu contains the following items:

50
Tools

• Enable Modification Logs: Enables/Disables the modification logs.

• Preferences...: Opens the Modification Logs preferences dialog.

2.7. Search Logs view


The Search Logs view shows all search requests and optionally all received search result entries.

Concept
All search requests are logged in LDIF to a logfile, it consists of three parts:

• The initial SEARCH REQUEST record. It contains all search request parameters like search filter, scope
and requested attributes. It also contains the command line argument that could be used to send the same
request using the ldapsearch command line tool.

• Optional multiple SEARCH RESULT ENTRY records, one for each received entry.

• The final SEARCH RESULT DONE record. It contains the number of received entries.

Each part contains a unique number that helps to put together all parts for a specific request in case that
there are multiple requests in parallel.

Example log of a SEARCH REQUEST record:


#!SEARCH REQUEST (112) OK
#!CONNECTION ldap://localhost:10389
#!DATE 2008-08-26T16:31:59.271
# LDAP URL : ldap://localhost:10389/dc=example,dc=com?
objectClass,cn,description?one?(objectClass=*)
# command line : ldapsearch -H ldap://localhost:10389 -x -D
"uid=admin,ou=system" -W -b "dc=example,dc=com" -s one -a always -z 1000
"(objectClass=*)" "objectClass" "cn" "description"
# baseObject : dc=example,dc=com
# scope : singleLevel (1)
# derefAliases : derefAlways (3)
# sizeLimit : 1000
# timeLimit : 0
# typesOnly : False
# filter : (objectClass=*)
# attributes : objectClass cn description

Example log of a SEARCH RESULT ENTRY record:


#!SEARCH RESULT ENTRY (112) OK
#!CONNECTION ldap://localhost:10389
#!DATE 2008-08-26T16:31:59.272
dn: cn=test,dc=example,dc=com
objectClass: person
objectClass: top
cn: test

Example log of a SEARCH RESULT DONE record:


#!SEARCH RESULT DONE (112) OK
#!CONNECTION ldap://localhost:10389
#!DATE 2008-08-26T16:31:59.273
# numEntries : 1

51
Tools

The search logging mechanism works with logfile rotation. By default 10 logfiles each with 100KB per
connection are used, you may change these settings in the Search Logs preferences

Example screenshot

Toolbar
Icon Action Description
Clear Clears the current search logfile.
Refresh Reloads the current search logfile.
Older Loads an older search logfile.
Newer Loads a newer search logfile.
Export Search Logs... Exports the search logs to a file.

Drop Down Menu


The drop down menu contains the following items:

• Enable Search Request Logs: Enables/Disables the search request and search result done logs.

• Enable Search Result Entry Logs: Enables/Disables the search result entry logs. Note: You should only
activate this options for debug reasons, otherwise your logfile will overfill very fast.

• Preferences...: Opens the Search Logs preferences dialog.

2.8. Progress view


Long-running operations, especially every access to directories, are executed in background. The Progress
view shows such pending operations.

52
Tools

To cancel a long-running operation press the stop button.

3. Wizards and dialogs


3.1. New Connection wizard
This wizard helps you to create a new connection to a LDAP directory.

To start the wizard choose one of the following options:

• In the Connections view select the New Connection... button or select New Connection... from the
context menu.

• In the Workbench window's toolbar, activate the drop-down menu on the New Wizard button and select
LDAP Connection

• In the Workbench menu bar select File > New > LDAP Connection .

The creation of a new LDAP connection is a four-step process:

1. Define network parameters.

2. Define authentication parameters.

3. Define additional browser options (optional).

4. Define additional edit options (optional).

Page 1
The first page allows you to enter a connnection name and the network parameters.

53
Tools

Option Description Default


Connection name The name of the connection. In the Connections empty
view the connection is listed with this name. The
name must be unique.
Hostname The hostname or IP address of the LDAP server. empty
A history of recently used hostnames is available
through the drop-down list.
Port The port of the LDAP server. The default port for 389
non-encyrpted connections is 389. The default port
for ldaps:// connections is 636. A history of recently
used ports is available through the drop-down list.
Encryption method The encryption to use. Possible values are 'No No encryption
encrypton', 'ldaps://' and 'StartTLS extension'.
Check network Use this function if you want validate that the -
parameter entered information is correct and the server is
reachable.

Page 2
On the second page you could specify the authentication parameters.

Option Description Default


Authentication Method Select your authentication method between: Simple Authentication

• Anonymous Authentication: connects to the


directory without authentication.

• Simple Authentication: uses simple


authentication using a bind DN and password, the
credentials are transmitted in clear-text over the
network.

54
Tools

Option Description Default


• CRAM-MD5 (SASL): authenticates to
the directory using a challenge-response
authentication mechanism, the credentials are not
transmitted in clear-text over the network.

• DIGEST-MD5 (SASL): another challenge-


response authentication mechanism, additionally
you could define your realm and QoP parameters.

• GSSAPI (Kerberos): users Kerberos based


authentication, additional parameters could be
defined.
Bind DN or user The distinguished name or user ID used to bind. empty
Previously entered DNs could be selected from
drop-down list.
Bind Password The password used to bind. empty
Save password If checked the password will be saved in checked
configuration. If not checked you have to enter
the password whenever you connect to the server.
Warning: The password is saved as plain text!
Check Authentication Use this function if you want to attempt a connection -
plus a bind to the host upon completion of the wizard
to validate that the entered information is correct.

Additional authentication parameters for SASL and Kerberos:

Option Description Default


SASL Realm The SASL Relam used to bind, only applicaple if empty
DIGEST-MD5 is choosen.
Quality of Protection The QoP to use: authentication only, with integrity Authentication only
protection, and with privacy protection

55
Tools

Option Description Default


Protection Strength The protection strength to use High
Mutual Authentication If checked mutual authentication is used, that means unchecked
the server has to authenticate itself to the client. If
unchecked only the client authenticates itself to the
server.
Use native TGT If checked the native credential cache is used, thus checked
no additional authentication is necessary. Note that
on Windows systems that requires a modification of
the registry.
Object TGT from KDC If checked a new TGT is obtained from the KDC. unchecked
Username and password must be provided.
Use native system If checked the native Kerberos configuration is used checked
configuration (e.g. /etc/krb5.conf).
Use configuration file If checked a custom configuration file could be unchecked
used.
Use following If checked the Kerberos configuration parameters unchecked
configuration (realm, host, port) could be set in the dialog.

Page 3
On the third page you could enter additional browser options .

Option Description Default


Get base DNs from Root If checked the base DNs are fetched from checked
DSE namingContexts attribute of the Root DSE.

56
Tools

Option Description Default


Fetch Base DNs Use this function to get the namingContext values -
from the Root DSE. The returned values will appear
in the 'Base DN' drop-down list.
Base DN The base DN to use. You may enter a DN manually empty
or you may select one from the drop-down list. This
field is only enabled if the option 'Get base DNs
from root DSE' is off.
Count Limit Maximum number of entries returned from server 1000
when browsing the directory, it is also used as
default value when searching the directory. A value
of 0 means no count limit. Note that this value is a
client-side value, its possible that also a server-side
limit is used.
Time Limit The maximum time in seconds the server searches 0
for results. This is used as default value when
browsing or searching the directory. A value of 0
means no limit. Note that this value is a client-side
value, its possible that also a server-side limit is
used.
Alias Dereferencing Specifies whether aliases should be dereferenced Both finding and
while finding the search base entry or when searching
performing the search or both. To manage (create,
modify, delete) alias objects you have to uncheck
both options.
Referrals Handling Specifies the referral handling. Follow Referrals
manually
• Follow Referrals manually: Received referrals
and search continuations are just displayed in the
Browser. As soon as you open or expand such
an search continuation the search is continued.
You are asked which connection you want to
use to follow a specific referral URL, this way
you have full control regarding encryption and
authentication options when following referrals.

• Follow Referrals automatically: Follows referrals


and search continuations immediately if they are
received from the directory server. You are asked
which connection you want to use to follow a
specific referral URL, this way you have full
control regarding encryption and authentication
options when following referrals.

• Ignore Referrals: Any referral or search


continuation received from the directory server
is silently ignored. No error is logged, no dialog
appears, no special entry is displayed in the DIT,
no ManageDsaIT control is sent to the server.

57
Tools

Option Description Default


Use ManageDsaIT If enabled the ManageDsaIT control is sent to unchecked
control while browsing the server in each request. This signals the
directory server to not send referrals and search
continuations, but return the special referral objects.
This only works if the directory server supports the
ManageDsaIT control.
Fetch subentries while If enabled enabled both, normal and subentries unchecked
browsing according to RFC 3672 are fetched. This causes
additional search requests while browsing the
directory.
Paged Search If enabled the simple paged result control is used unchecked
while browsing the directory. With the page size you
could define how many entries should be retrieved
in one request. If Scroll Mode is enabled only
one page is fetched from the server at once while
browsing, you could 'scroll' through the pages by
using the 'next page' and 'top page' items. If disabled
all entries are fetched from the server, the paged
result control is only used in background to avoid
server-side limits.
Fetch operational If enabled enabled both, user attributes and unchecked
attributes while browsing operational attributes are retrieved while browsing.
If the server supports the feature 'All Operational
Attributes' then a '+' is used to retrieve operational
attributes, otherwise all operational attributes
defined in the schema are requested.

Page 4
On the fourth page you could enter additional edit options.

Option Description Default


Modify Mode Specify the modify mode for attributes with an Optimized Modify
equality matching rule. Description of options: Operations

58
Tools

Option Description Default


• Optimized Modify Operations: uses add/delete
by default, uses replace if operation count is less

• Always REPLACE: always uses replace


operations to perform entry modifications

• Always ADD/DELETE: always uses add and/or


delete operations to perform entry modifications
Modify Mode (no Specify the modify mode for attributes with *no* Optimized Modify
equality matching rule) equality matching rule. Description of options: Operations

• Optimized Modify Operations: uses add/delete


by default, uses replace if operation count is less

• Always REPLACE: always uses replace


operations to perform entry modifications

• Always ADD/DELETE: always uses add and/or


delete operations to perform entry modifications

Recommended values for various LDAP servers:

• ApacheDS: Optimized Modify Operations or


REPLACE

• OpenLDAP: REPLACE

• OpenDS / SunDSEE: Optimized Modify


Operations or REPLACE

• FedoraDS / 389DS: Optimized Modify


Operations (missing equality matching rules for
many standard attribute types)

• Active Directory: Optimized Modify Operations


(exposes no equality matching rules at all)

• eDirectory: Optimized Modify Operations


(exposes no equality matching rules at all)
Modify Order Specify the modify order when using add and delete Delete first
operations.

3.2. New Entry wizard


This wizard helps you to create a new entry.

To start the wizard choose one of the following options:

59
Tools

• In the LDAP Browser view select an entry or search result or bookmark. Then choose New > New
Entry... from context menu.

• In the Workbench window's toolbar, activate the drop-down menu on the New Wizard button and select
LDAP Entry

• In the Workbench menu bar select File > New > LDAP Entry .

The creation of a new LDAP entry is a four-step process:

1. Select entry creation method.

2. Specify object classes of the new entry.

3. Specifiy the distinguished name of the new entry.

4. Enter attributes and values of the new entry.

Page 1
First you have to select the entry creation method.

With the option Create entry from scratch you could create a the new entry from scratch. All object
classes and attributes have to be specified in the wizard.

The option Use existing entry as template allows you to use an existing entry with its object classes and
attributes as template. The entry used as template could be specified in the input field:

• By default the DN of entry that was selected when the wizard has been started is used as template entry.

• You could manually edit the DN of the templayte entry.

• You could choose a previously used DN from drop-down list.

• By clicking Browse.... you could open a dialog to select the DN of the template entry.

Page 2
On the second page you have to choose the object classes of the new entry.

60
Tools

The list Available object classes on the left side lists the object classes provided from schema of the
current connection. The list Selected object classes lists the object classes of the new entry. To add object
classed to the "selected" list select some in the "available" list and click the Add button. You could also
double-click an object class in the "available" list. To remove object classed from the "selected" list select
some in the "selected" list and click the Remove button. You could also double-click an object class in
the "selected" list.

Page 3
On the third page you have to define the distinguished name of the new entry.

The parent of the new entry could be specified in the input field:

• If you choosed the "from scratch" method the DN of entry that was selected when the wizard has been
started is used by default. If you choosed the "template" method the parent of the template entry is used
by default.

61
Tools

• You could manually edit the parent DN.

• You could choose a previously used DN from drop-down list.

• By clicking Browse.... you could open a dialog to select the parent DN.

To specify the RDN select an attribute from the drop-down list and enter the value. If you choosed
the "template" method the RDN is preset with the RDN of the template entry. The wizard also support
multivalued RDNs. With the + and - buttons you can add and remove name-value pairs.

The DN preview field shows a preview of the DN.

When clicking to Next the wizard checks if an entry with the specified DN already exists. In that case you
have to change the DN of the new entry.

Page 4
On the fourth page you have to define the attributes of the new entry.

The layout and features are similar to the Entry editor. You could add, edit or delete attributes and values.

If you have choosed the "template" method all attributes of the template entry are already filled in the new
entry. Otherwise only the selected object classes and the RDN attribute are filled.

As soon as all MUST attributes are filled the Finish button is activated. When clicking the button the new
entry will be created in directory.

3.3. New Context Entry wizard


This wizard helps you to create a new context entry.

To start the wizard choose one of the following options:

62
Tools

• In the LDAP Browser view select an entry or search result or bookmark. Then choose New -> New
Context Entry... from context menu.

• In the Workbench window's toolbar, activate the drop-down menu on the New Wizard button and select
LDAP Context Entry

• In the Workbench menu bar select File > New > LDAP Context Entry .

The creation of a new LDAP entry is a four-step process:

1. Select entry creation method.

2. Specify object classes of the new context entry.

3. Specifiy the distinguished name of the new context entry.

4. Enter attributes and values of the new context entry.

Page 1
This page is identical to the New Entry wizard.

Page 2
This page is identical to the New Entry wizard.

Page 3
On the third page you have to define the distinguished name of the new entry.

The distinguished name the new context entry could be specified in the input field. The drop-down list
provides all available values from the Root DSE namingContexts attribute.

Page 4
This page is identical to the New Entry wizard.

3.4. Edit Entry wizard


This wizard helps you to edit an entry offline. You could make multiple modifications, when finishing
the wizard all your modifications are sent to the directory in one request. This wizard is especially helpful
when adding additional object classes which require additional attributes.

63
Tools

To start the wizard choose Edit Entry... from the Entry editor's context menu or use the F8 shortcut.

The wizard is also the default value editor for the objectClass attribute, so you could also start the wizard
by editing the objectClass attribute.

Editing the LDAP entry is a two-step process:

1. Specify object classes of the entry.

2. Edit attributes and values of the entry.

Page 1
On the first page you could change the object classes of the entry.

The list Available object classes on the left side lists the object classes provided from schema of the
current connection. The list Selected object classes lists the object classes of the entry. To add object
classed to the "selected" list select some in the "available" list and click the Add button. You could also
double-click an object class in the "available" list. To remove object classed from the "selected" list select
some in the "selected" list and click the Remove button. You could also double-click an object class in
the "selected" list.

Page 2
On the second page you could change the attributes of the entry.

64
Tools

The layout and features are similar to the Entry editor. You could add, edit or delete attributes and values.

As soon as all MUST attributes are filled the Finish button is activated. When clicking the button all
modifications will be sent to to the direcrory.

3.5. Attribute wizard


The Attribute wizard is used to create an attribute or to edit the attribute description of an existing attribute.

To create a new attribute select the New Attribute... button in the Entry editor's tool bar or select New
Attribute... from the Entry editor's context menu or hit Shift-Strg-+.

To edit the attribute description select an attribute in the Entry editor and select Edit Attribute Description
from context menu or use the F6 shortcut.

Page 1
On the first page you have to enter the attribute type.

65
Tools

Option Description Default


Attribute type The attribute type. Enter the Empty in New Attribute wizard,
attribute type into the input field filled in Edit Attribute Description
or select one from drop-down-list. wizard.
Show subschema attributes only If checked the drop-down list Checked
contains only attributes suitable to
the entry's subschema.
Hide existing attributes If checked the drop-down list Checked in New Attribute wizard,
contains only attributes not yet unchecked in Edit Attribute
assigned to the entry. Description wizard.
Preview Shows a preview of the attribute -
description.

Page 2
On the second page you could specify options.

Option Description
Language tags To provide language-specifc attributes you could use language tags if
supported by the directory. Enter a language code and optionally a country
code into the input fields or select values from drop-down lists. With the + and
- buttons you could add and remove tags.
Other options If needed you may enter specific options. With the + and - buttons you could
add and remove options.
Binary option If checked the binary option is added to attribute description.
Preview Shows a preview of the attribute description.

3.6. Search dialog


In the LDAP Search page you can specify search parameters to query a directory. It is integrated within
the Eclipse search dialog.

To start the LDAP Search page the following procedure is recommended:

1. Select a entry, search, attribute or value in the LDAP Browser view, in the Entry editor or in the Search
Result editor.

66
Tools

2. Then choose New Search... from context menu or use the shortcut Ctrl-H or press the Search
button in the Workbench toolbar.

Option Description Default


Search Name A meaningful name of the search. With this name the search Current timestamp
is listed in the Searches category.
Connection The connection to search on. Use the Browse... button to *)
select a connection.
Search Base The base DN of the search. You could edit the DN or select a *)
recently used DN from drop-down list or click to Browse....
to open the DN Selector dialog.
Filter Enter a valid LDAP search filter. The drop-down list provides *)
a history of recently used filters. A click to the Filter Editor
button opens the Filter Editor dialog , it also explains how the
content assistance works.
*
Returning A comma-separated list of attributes that should be returned )
Attributes and displayed in the Search Result editor. Hit Strg-Space to
get content assistance. The drop-down list provides a history
of recently used attributes.
ManageDsaIT If checked the ManageDsaIT control is sent to the server. unchecked
Subentries If checked the Subentries control (RFC 3672) is sent to the unchecked
server.

67
Tools

Option Description Default


Paged Search If checked the simple paged result control is sent to the server. unchecked
With the page size you could define how many entries should
be retrieved in one request. If Scroll Mode is enabled only
one page is fetched from the server at once, you could 'scroll'
through the pages by using the 'next page' and 'top page' items.
If disabled all entries are fetched from the server, the paged
result control is only used in background to avoid server-side
limits.
*
Scope The search scope. Object searches on the base DN only )
(compare); One Level searches the direct children of the base
DN; Subtree searches the base DN an all its descendants.
*
Count Limit The maximum number of entries the server should return, )
value 0 means no limit. Note that this value is a client-side
limit, its possible that also a server-side limit is used.
*
Time Limit The maximum time in seconds the server should search. Value )
0 means no limit. Note that this value is a client-side value, its
possible that also a server-side limit is used.
*
Alias Specifies whether aliases should be dereferenced while finding )
Dereferencing the search base entry or when performing the search or both. To
manage (create, modify, delete) aliases you have to uncheck
both options.
*
Referrals Handling Specifies the referral handling. )

• Follow Referrals manually: Received referrals and search


continuations are just displayed As soon as you open or
expand such an search continuation the search is continued.
You are asked which connection you want to use to
follow a specific referral URL, this way you have full
control regarding encryption and authentication options
when following referrals.

• Follow Referrals automatically: Follows referrals and


search continuations immediately if they are received from
the directory server. You are asked which connection you
want to use to follow a specific referral URL, this way you
have full control regarding encryption and authentication
options when following referrals.

• Ignore Referrals: Any referral or search continuation


received from the directory server is silently ignored. No
error is logged, no dialog appears, no special entry is
displayed, no ManageDsaIT control is sent to the server.

*
) The default values depends on the element that was selected when the wizard has been started:

• Search: All search parameters are taken from the selected search

• Entry, search result or bookmark:

• Connection: the connection behind the entry

68
Tools

• Search Base: the entry's DN

• Filter: (objectClass=*)

• Returning Attributes: -

• Scope: One Level

• Limits, aliases and referral handling are taken from the entry's connection

• Attribte and/or values:

• Connection: the connection behind attribute's entry

• Search Base: the DN of the attribute's entry

• Filter: The filter is build from the selected attributes and values (Query by example)

• Returning Attributes: -

• Scope: One Level

• Limits, aliases and referral handling are taken from connection behind attribute's entry

3.7. Batch Operation wizard


This wizard helps you to execute a batch operation to several entries.

To start the wizard choose one of the following options:

• In the LDAP Browser view select an entry or search. Then choose New Batch Operation... from
context menu.

• In the Workbench window's toolbar, activate the drop-down menu on the New Wizard button and select
LDAP Batch Operation

• In the Workbench menu bar select File > New > LDAP Batch Operation .

The execution of a batch operation is a four-step process:

1. Select entries where the batch operation should be applied to.

2. Select the operation type.

3. Specifiy the modifications.

4. Choose execution method.

Page 1
TODO..

Page 2
TODO..

69
Tools

Page 3
TODO..

Page 4
TODO..

3.8. LDIF Import wizard


This wizard imports LDIF files into the directory. It supports LDIF content files as well as LDIF
modification files.

To start the wizard choose one of the following options:

• In the Connections view select a connection and choose Import > LDIF Import... from context
menu.

• In the LDAP Browser view select an entry and choose Import > LDIF Import... from context menu.

• In the Workbench menu bar select File > Import... and choose LDIF into LDAP .

Logging
When importing LDIF files the import operations could be logged. Every imported record is completely
written into logfile and the result (OK or ERROR) is prepended to every log record as LDIF comment.

Example log of a sucessfully imported record:


#!RESULT OK
#!CONNECTION ldap://localhost:389
#!DATE 2006-11-03T14:12:21.050
dn: cn=John Fowler,ou=Testdata,o=JNDITutorial
...

Example errol log:


#!RESULT ERROR
#!CONNECTION ldap://localhost:389
#!DATE 2006-11-03T14:12:21.050
#!ERROR [LDAP: error code 21 - telephoneNumber: value #0 invalid per
syntax]
dn: cn=John Fowler,ou=Testdata,o=JNDITutorial
...

70
Tools

The wizard

Option Description Default


LDIF file The LDIF file to import. Type in the full path or empty
Browse... to select the path on the file system. The
drop-down list provides a history of recently used
files.
Import into The connection into which the LDIF should be The connection that was
imported. Use the Browse... button to select a selected when the wizard
connection. has been started.
Enable logging When checked every imported LDIF record is on
logged into a logfile.
Use default logfile By default the extension ".log" is appended the on
import filename.
Use custom logfile When checked you could specify a custom logfile. off
Overwrite existing If the default or custom logfile already exist, you off
logfile must permit to overwrite the logfile.
Update existing entries This options applies for LDIF content records and off
LDIF add records. If enabled and the entry to add
already exists it will be updated with the attributes
defined in the LDIF record. In detail a replace
operation for each attribute is performed. Attributes
of the existing entry that are not defined in the LDIF
record remain without modification.
Continue on error If checked the import process continues if an error off
occurs while importing a record. If not checked the
import process interrupts.

3.9. DSML Import wizard


This wizard imports DSMLv2 files into the directory.

To start the wizard choose one of the following options:

71
Tools

• In the Connections view select a connection and choose Import > DSML Import... from context
menu.

• In the LDAP Browser view select an entry and choose Import > DSML Import... from context
menu.

• In the Workbench menu bar select File > Import... and choose DSML into LDAP .

The wizard

Option Description Default


DSML file The DSML file to import. Type in the full path or empty
Browse... to select the path on the file system. The
drop-down list provides a history of recently used
files.
Import into The connection into which the DSML should be The connection that was
imported. Use the Browse... button to select a selected when the wizard
connection. has been started.
Save response When checked the response of the DSML request on
execution is saved into a response file.
Use default response file By default the extension ".response.xml" is on
appended the import filename.
Use custom response file When checked you could specify a custom response off
file.
Overwrite existing If the default or custom response file already exist, off
response file you must permit to overwrite the response file.

3.10. Import Connections wizard


This wizard imports previously exported connections to the Connections view.

To start the wizard select Import > Import Connections... from the context menu of the Connections
view.

72
Tools

On the wizard page you have to select the source file.

Option Description Default


From file The file containing all the connections. Type in the empty
full path or Browse... to select the path on the
file system. The drop-down list provides a history
of recently used files.

3.11. LDIF Export wizard


This wizard is used to export entries to LDIF content files.

To start the wizard choose one of the following options:

• In the LDAP Browser view select an entry or a search and choose Export > LDIF Export... from
context menu.

• In the Connections view select a connection and choose Export > LDIF Export... from context
menu.

• In the Workbench menu bar select File > Export... and choose LDAP to LDIF .

Data to Export
On the Data to Export page you have to specify which entries and attributes to export.

The layout of the page is similar to the LDAP Search page . In the Returning Attributes section you
can also choose the following options:

Option Description Default


All user attributes Exports all user attributes. on if the Returning Attributes field
is empty
Operational attributes Exports all operational attributes. off

LDIF File
On the LDIF File page you have to select the target LDIF file.

73
Tools

Option Description Default


LDIF File The LDIF file to export to. Type in the full path or empty
Browse... to select the path on the file system. The
drop-down list provides a history of recently used
files.
Overwrite existing LDIF If the export file already exist, you must permit to off
file overwrite the file.
Text Formats Opens the Text Formats preferences where you -
could modify the LDIF format.

3.12. DSML Export wizard


This wizard is used to export entries to DSMLv2 files.

To start the wizard choose one of the following options:

• In the LDAP Browser view select an entry or a search and choose Export > DSML Export... from
context menu.

• In the Connections view select a connection and choose Export > DSML Export... from context
menu.

• In the Workbench menu bar select File > Export... and choose LDAP to DSML .

Data to Export
On the Data to Export page you have to specify which entries and attributes to export.

The layout of the page is similar to the LDAP Search page . In the Returning Attributes section you
can also choose the following options:

Option Description Default


All user attributes Exports all user attributes. on if the Returning Attributes field
is empty
Operational attributes Exports all operational attributes. off

DSML File
On the DSML File page you have to select the target DSML file.

74
Tools

Option Description Default


DSML File The DSML file to export to. Type in the full path or empty
Browse... to select the path on the file system. The
drop-down list provides a history of recently used
files.
Overwrite existing If the export file already exist, you must permit to off
DSML file overwrite the file.

3.13. CSV Export wizard


This wizard is used to export entries to CSV files.

To start the wizard choose one of the following options:

• In the LDAP Browser view select an entry or a search and choose Export > CSV Export... from
context menu.

• In the Connections view select a connection and choose Export > CSV Export... from context menu.

• In the Workbench menu bar select File > Export... and choose LDAP to CSV .

Data to Export
On the Data to Export page you have to specify which entries and attributes to export.

The layout of the page is similar to the LDAP Search page . In the Returning Attributes section you
can also choose the following option:

Option Description Default


Export DN Exports the distinguished name as first column in on
the CSV file.

CSV File
On the CSV File page you have to select the target CSV file.

75
Tools

Option Description Default


CSV File The CSV file to export to. Type in the full path or empty
Browse... to select the path on the file system. The
drop-down list provides a history of recently used
files.
Overwrite existing CSV If the export file already exist, you must permit to off
file overwrite the file.
Text Formats Opens the Text Formats preferences where you -
could modify the CSV format.

3.14. Excel Export wizard


This wizard is used to export entries to Excel files.

To start the wizard choose one of the following options:

• In the LDAP Browser view select an entry or a search and choose Export > Excel Export... from
context menu.

• In the Connections view select a connection and choose Export > Excel Export... from context
menu.

• In the Workbench menu bar select File > Export... and choose LDAP to Excel .

Data to Export
On the Data to Export page you have to specify which entries and attributes to export.

The layout of the page is similar to the LDAP Search page . In the Returning Attributes section you
can also choose the following option:

Option Description Default


Export DN Exports the distinguished name as on
first column in the Excel file.
All user attributes Exports all user attributes. on if the Returning Attributes field
is empty
Operational attributes Exports all operational attributes. off

Excel File
On the Excel File page you have to select the target Excel file.

76
Tools

Option Description Default


Excel File The Excel file to export to. Type in the full path or empty
Browse... to select the path on the file system. The
drop-down list provides a history of recently used
files.
Overwrite existing Excel If the export file already exist, you must permit to off
file overwrite the file.
Text Formats Opens the Text Formats preferences where you -
could modify the Excel format.

3.15. ODF Export wizard


This wizard is used to export entries to OpenDocument Spreadsheet files.

To start the wizard choose one of the following options:

• In the LDAP Browser view select an entry or a search and choose Export > ODF Export... from
context menu.

• In the Connections view select a connection and choose Export > ODF Export... from context menu.

• In the Workbench menu bar select File > Export... and choose LDAP to ODF .

Data to Export
On the Data to Export page you have to specify which entries and attributes to export.

The layout of the page is similar to the LDAP Search page . In the Returning Attributes section you
can also choose the following option:

Option Description Default


Export DN Exports the distinguished name as on
first column in the ODF file.
All user attributes Exports all user attributes. on if the Returning Attributes field
is empty
Operational attributes Exports all operational attributes. off

ODF File
On the ODF File page you have to select the target ODF file.

77
Tools

Option Description Default


ODF File The ODF file to export to. Type in the full path or empty
Browse... to select the path on the file system. The
drop-down list provides a history of recently used
files.
Overwrite existing ODF If the export file already exist, you must permit to off
file overwrite the file.
Text Formats Opens the Text Formats preferences where you -
could modify the ODF format.

3.16. Connections Export wizard


This wizard is used to export all defined connections in the Connections view to a file.

To start the wizard select Export > Export Connections... from the context menu of the Connections
view.

On the wizard page you have to select the target file.

Option Description Default


To file The file to export all the connections to. Type in empty
the full path or Browse... to select the path on the
file system. The drop-down list provides a history
of recently used files.
Overwrite existing file If the export file already exist, you must permit to off
overwrite the file.

78
Tools

3.17. Select Referral Connection dialog


The Select Referral Connection dialog is used to select the target connection of an referral. If the host
and port one of the available connection matches the host and port of the referral URL this connection is
preselected. It is also possible to create a new connection for the referral.

3.18. Filter Editor dialog


To edit complex and nested filters you could use the filter editor dialog. It provides syntax highlighting,
content assistance and a formatter for nested filters.

Syntax coloring
Syntax coloring helps you to distinguish the different elements of an LDAP filter. The following colors
and fonts are used:

Element Color
opening and closing parenthesis black and bold
filter operator (& | !) green and bold
attribute violett
filter type red and bold
assertion value blue

Content assistance and code completion


The filter editor provides the following helpful features when editing an LDAP filter:

• Automatically adds and removes opening and closing parenthesis: just start typing the attribute or filter
operator.

• Hit Strg-Space to open a list of available code completions, press Esc to close the list.

• Attribute completion: when typing an attribute, e.g. "tel" a list with attributes that start with the "tel"
is opened.

79
Tools

• Object class completion: if the attribute is objectClass a list with available object classes is opened.

• Matching rule completion: for filters with extensible matching a list with available matching rules is
provided.

Formatting
In the filter editor it is possible to format complex and nested filters. The formatter is invoked by pressing
the Format button and formats the filter the following way:

• Each filter item gets its own line.

• Each level of a nested filter is intended according to the level.

When opening the editor the filter is formatted automatically. When pressing OK the line breaks and
white-spaces are removed.

3.19. Rename Entry dialog


The Rename Entry dialog is used to rename an entry. In detail the relative distinguished name (RDN) is
modified by sending a modrdn operation to the directory.

To start the Rename Entry dialog select the entry you want to rename, then choose Rename... from context
menu or press F2.

Note 1: Some directories don't support renaming whole trees but only renaming of leaf entries. In that
case you are ask if you want to simulate the rename operation, this is done by copying the whole tree and
deleting the old tree afterwards.

Note 2: It is not possible to rename the Root DSE.

Option Description Default


RDN The new RDN of the entry. The drop-down list on Current attribute type
the left side contains possible attribute types. The and value
input field on the right side contains the attribute
value.
+ Adds a new name-value pair to RDN -

80
Tools

Option Description Default


- Removes a name-value pair from RDN -
RDN Preview Shows a preview of the new RDN Current RDN

3.20. Move Entries dialog


The Move Entries dialog is used to move entries to another parent.

To start the Move Entries dialog select the entries you want to move, then choose Move... from context
menu.

Note 1: Some directories don't support moving whole trees but only moving of leaf entries. In that case
you are ask if you want to simulate the move operation, this is done by copying the whole tree and deleting
the old tree afterwards.

Note 2: It is not possible to move the root DSE.

Option Description Default


Parent The new parent of the entries. You could edit the DN The current parent
or select a recently used DN from drop-down list or
click to Browse.... to open the DN Selector dialog.

3.21. Go to DN dialog
The Goto DN dialog is used find an entry in the DIT by its distinguished name.

To start the Go to DN dialog choose Go to DN... from context menu.

Enter the DN of the entry into the input field and press OK.

3.22. Certificate Trust dialog


The Certificate Trust dialog pops up if a secure connection (ldaps or StartTLS) is established and the
validation of the server's certificate failed.

81
Tools

Option Description
Dont't trust this certificate. If you don't trust the certificate choose this option, the connection
won't be established
Trust this certificate for this The certificate is only valid within this session and added to
session. the temporary certificate store. After a restart of Studio you are
asked again You could see all temporary trusted certificates in the
Certificate Validation preferences.
Always trust this certificate. The certificate is permanently valid and added to the permanent
certificate store. You could see all permanent trusted certificates in
the Certificate Validation preferences
View Certificate... Opens the Certificate Viewer dialog, where you could examine the
certificate.

82
Tools

4. Value Editors
4.1. Concept
An LDAP entry contains different attribute types with different syntaxes: objectClasses, names, passwords,
images, etc. To handle the different data types Value Editors are used. Value Editors know how to edit
a value .

The default Value Editor for an attibute is determined using the following procedure:

1. If a Value Editor for the attribute type is specified, this one is used.

2. If a Value Editor for the attribute's syntax is specified, this one is used.

3. If the attribute is binary according to its syntax, the Binary Editor is used.

4. If the attribute is string according to its syntax, the Text Editor is used.

The default Value Editor could be specified by attribute type or syntax in the Value Editors preferences

Another task of a Value Editor is to provide the displayed value for the Entry editor and Search Result
editor. Especially binary data can't be displayed "as-is".

4.2. In-Place Text Editor


The In-Place Text Editor is the default editor for string values without line breaks.

Display value
Values are displayed as stored in directory:

83
Tools

Edit value
Values are edited directly within the entry editor or search result editor. To save the new value press Enter
or click somewhere outside the edit field. To cancel the modification press Esc.

4.3. Text Editor


The Text Editor is the default editor for string values with line breaks.

Display value
Values are displayed as stored in directory:

Edit value
Values are edited in a dialog which provides a simple text area. To finish editing press OK to save the
new value or Cancel to discard your modification.

4.4. Hex Editor


The Hex Editor is the default editor for binary values.

Display value
The displayed value "Binary Data" indicates that the value contains binary data, additional the size in
bytes is shown.

Edit value
The Hex Editor dialog displays the binary data as hex. To create or modify a value load the binary data
from a file using the Load data... button.

84
Tools

Save value
You could also save the current binary data to a file with the Save data... button.

4.5. Password Editor


The Password Editor is the default editor for passwords.

Display value
The real password isn't displayed but only the encryption method.

Details
In the Current Passord tab you see some details about the password.

The current password could also be verified. Enter the compare password into the Verify Password field.
The Verify function compares the current password with the hashed value of the entered password. The
Bind function binds to the directory using the DN of the current entry and the entered password.

85
Tools

Edit value
In the New Passord tab you can enter a new passord. Type in the password in the input field and select a
hash (encryption) method. The preview field shows the resulting password.

4.6. Image Editor


The Image Editor is the default editor for images.

Display value
The image type, width, height and size in bytes is used as display value.

Details
In the Current Image tab you see the image and some details about it.

You could also save the current image to a file with the Save... button.

Edit value
In the New Image tab you can load a new image from a file using the Browse... button.

86
Tools

4.7. Object Class Editor


The Object Class Editor is the default editor for the objectClass attribute.

Display value
The objectClass name and the type of object class (structural, auxiliary, abstract) is used as display value.

Edit value
In the Object Class Editor dialog you can select the available object classes from a drop-down list.

4.8. Address Editor


The Address Editor is the default editor for attributes with postal address syntax. In the postal address
syntax the dollar character '$' is used as line separator.

Display value
Values are displayed as stored in directory, dollar characters are replaced by commas.

87
Tools

Edit value
Values are edited in a dialog which provides a simple text area. Dollar characters are replaced by line
breaks.

4.9. DN Editor
The DN Editor is the default editor for attributes with distinguished name syntax.

Display value
Values are displayed as stored in directory.

Edit value
The edit dialog looks as follows:

To edit the DN you can use the following options:

• You could manually edit the DN in the input field.

• You could choose a previously used DN from drop-down list.

• By clicking Parent the parent DN of the current DN appears in the input field.

• Browse.. opens a DN Selector, similar to the LDAP Browser. You can browse and filter to find an entry.
When selecting an entry its DN appears int the input field.

88
Tools

4.10. Date & Time Editor


The Date & Time Editor is the default editor for attributes with generalized time syntax.

Display value
The values are converted to local time.

Edit value
The edit dialog looks as follows:

To edit date and time you have the following options:

• You could set the time, pick a date from the calendar and choose a time zone.

• You could manually edit the raw value in the input field.

89
Tools

4.11. OID Editor


The OID Editor is the default editor for attributes with OID syntax.

Display value
The values are suffixed with the textual description of the OID.

Edit value
The In-Place Text Editor is used to edit values.

4.12. Certificate Editor


The Certificate Editor is the default editor for certificates.

Display value
The certificate type, version and owner are displayed.

Certificate Editor Dialog


The full certificate data could be exampined in the Certificate Editor dialog. Load data... button.

You could also save the current certificate to a file with the Save Certificate... button.

90
Tools

To modify the certificate in the directory server load the new certificate from a file using the Load
Certificate... button and press the OK. button.

5. Properties
5.1. Connection properties
The following properties can be modified on the Connection properties pages:

Network Parameter

Field Description
Connection name The name of the connection. In the Connections view the connection
is listed with this name. The name must be unique.
Hostname The hostname or IP address of the LDAP server. A history of recently
used hostnames is available through the drop-down list.
Port The port of the LDAP server. The default port for non-encyrpted
connections is 389. The default port for ldaps:// connections is 636. A
history of recently used ports is available through the drop-down list.
Encryption method The encryption to use. Possible values are 'No encrypton', 'ldaps://'
and 'StartTLS extension'.
Check Network Parameter Use this function if you want validate that the entered information is
correct and the server is reachable.

91
Tools

Authentication

Field Description
Authentication Method Select your authentication method between:

• Anonymous Authentication: connects to the directory without


authentication.

• Simple Authentication: uses simple authentication using a bind DN


and password, the credentials are transmitted in clear-text over the
network.

• CRAM-MD5 (SASL): authenticates to the directory using a


challenge-response authentication mechanism, the credentials are
not transmitted in clear-text over the network.

• DIGEST-MD5 (SASL): another challenge-response authentication


mechanism, additionally you could define your realm and QoP
parameters.

• GSSAPI (Kerberos): users Kerberos based authentication,


additional parameters could be defined.
Bind DN or user The distinguished name or user ID used to bind. Previously entered
DNs could be selected from drop-down list.
Bind Password The password used to bind.
Save password If checked the password will be saved in configuration. If not checked
you have to enter the password whenever you connect to the server.
Warning: The password is saved as plain text!

92
Tools

Field Description
Check Authentication Use this function if you want to attempt a connection plus a bind to
the host upon completion of the wizard to validate that the entered
information is correct.

Additional authentication parameters for SASL and Kerberos:

Option Description
SASL Realm The SASL Relam used to bind, only applicaple if DIGEST-MD5 is
choosen.
Quality of Protection The QoP to use: authentication only, with integrity protection, and
with privacy protection
Protection Strength The protection strength to use
Mutual Authentication If checked mutual authentication is used, that means the server
has to authenticate itself to the client. If unchecked only the client
authenticates itself to the server.
Use native TGT If checked the native credential cache is used, thus no additional
authentication is necessary. Note that on Windows systems that
requires a modification of the registry.
Object TGT from KDC If checked a new TGT is obtained from the KDC. Username and
password must be provided.
Use native system configuration If checked the native Kerberos configuration is used (e.g. /etc/
krb5.conf).
Use configuration file If checked a custom configuration file could be used.
Use following configuration If checked the Kerberos configuration parameters (realm, host, port)
could be set in the dialog.

93
Tools

Browser Options

Field Description
Get base DNs from Root DSE If checked the base DNs are fetched from namingContexts attribute
of the Root DSE.
Fetch Base DNs Use this function to get the namingContext values from the Root DSE.
The returned values will appear in the 'Base DN' drop-down list.
Base DN The base DN to use. You may enter a DN manually or you may select
one from the drop-down list. This field is only enabled if the option
'Get base DNs from root DSE' is off.
Count Limit Maximum number of entries returned from server when browsing the
directory, it is also used as default value when searching the directory.
A value of 0 means no count limit. Note that this value is a client-side
value, its possible that also a server-side limit is used.
Time Limit The maximum time in seconds the server searches for results. This
is used as default value when browsing or searching the directory. A
value of 0 means no limit. Note that this value is a client-side value,
its possible that also a server-side limit is used.
Alias Dereferencing Specifies whether aliases should be dereferenced while finding the
search base entry or when performing the search or both. To manage
(create, modify, delete) alias objects you have to uncheck both
options.
Referrals Handling Specifies the referral handling.

• Follow Referrals manually: Received referrals and search


continuations are just displayed in the Browser. As soon as you
open or expand such an search continuation the search is continued.
You are asked which connection you want to use to follow a

94
Tools

Field Description
specific referral URL, this way you have full control regarding
encryption and authentication options when following referrals.

• Follow Referrals automatically: Follows referrals and search


continuations immediately if they are received from the directory
server. You are asked which connection you want to use to follow
a specific referral URL, this way you have full control regarding
encryption and authentication options when following referrals.

• Ignore Referrals: Any referral or search continuation received from


the directory server is silently ignored. No error is logged, no dialog
appears, no special entry is displayed in the DIT, no ManageDsaIT
control is sent to the server.
Use ManageDsaIT control while If enabled the ManageDsaIT control is sent to the server in each
browsing request. This signals the directory server to not send referrals and
search continuations, but return the special referral objects. This only
works if the directory server supports the ManageDsaIT control.
Fetch subentries while browsing If enabled enabled both, normal and subentries according to RFC 3672
are fetched. This causes additional search requests while browsing the
directory.
Paged Search If enabled the simple paged result control is used while browsing
the directory. With the page size you could define how many entries
should be retrieved in one request. If Scroll Mode is enabled only one
page is fetched from the server at once while browsing, you could
'scroll' through the pages by using the 'next page' and 'top page' items.
If disabled all entries are fetched from the server, the paged result
control is only used in background to avoid server-side limits.
Fetch operational attributes while If enabled enabled both, user attributes and operational attributes
browsing are retrieved while browsing. If the server supports the feature 'All
Operational Attributes' then a '+' is used to retrieve operational
attributes, otherwise all operational attributes defined in the schema
are requested.

95
Tools

Edit Options

Field Description
Modify Mode Specify the modify mode for attributes with an equality matching rule.
Description of options:

• Optimized Modify Operations: uses add/delete by default, uses


replace if operation count is less

• Always REPLACE: always uses replace operations to perform


entry modifications

• Always ADD/DELETE: always uses add and/or delete operations


to perform entry modifications
Modify Mode (no equality Specify the modify mode for attributes with *no* equality matching
matching rule) rule. Description of options:

• Optimized Modify Operations: uses add/delete by default, uses


replace if operation count is less

• Always REPLACE: always uses replace operations to perform


entry modifications

• Always ADD/DELETE: always uses add and/or delete operations


to perform entry modifications

Recommended values for various LDAP servers:

96
Tools

Field Description
• ApacheDS: Optimized Modify Operations or REPLACE

• OpenLDAP: REPLACE

• OpenDS / SunDSEE: Optimized Modify Operations or REPLACE

• FedoraDS / 389DS: Optimized Modify Operations (missing


equality matching rules for many standard attribute types)

• Active Directory: Optimized Modify Operations (exposes no


equality matching rules at all)

• eDirectory: Optimized Modify Operations (exposes no equality


matching rules at all)
Modify Order Specify the modify order when using add and delete operations.

Root DSE

The Root DSE properties page provides information about the connected directory server like directory
type and version, controls, extensions and features.

97
Tools

Schema

The Schema properties page provides some information about the schema. The 'Schema Information' group
shows the schema DN an modification timestamp. With the 'Reload Schema' button a schema reload could
be forced, the schema is reloaded automatically if the directory's schema is newer than the cached one.
The 'Schema Cache' group shows information about the cached schema.

5.2. Entry properties


The Entry properties page shows some information about the entry.

The first two lines shows the DN and LDAP-URL of the entry.

The 'Create and Modify Information' group shows the create and modify timestamp and DN. If no values
are shown use the 'Refresh' button to load the attributes.

98
Tools

The 'Sizing Information' group shows information about the entry size in bytes, the number of children,
attributes and values. To take operational attributes into account check 'Include operational attributes'. The
'Refresh' button reloads the attributes and counts children.

You could select and copy all displayed information.

5.3. Attribute properties


The Attribute properties page shows some information about the attribute.

The first four lines shows the attribute description, the type (String or Binary), the values count and the
size in bytes.

The next four groups shows the attribute's schema definition, similar to the Attribute Type schema page.

You could select and copy all displayed information.

5.4. Value properties


The Values properties page shows some information about the value.

99
Tools

Field Description
Attribute Description The attribute description of the attribute
Value Type String or Binary
Value Size If Binary the size in bytes. If String the number of characters and the
size in bytes. These two number could differ if the value contains
multibyte characters.
Data Nothing if Binary. If String the raw value as returned form server.

You could select and copy all displayed information.

5.5. Search properties


The layout of the Search properties page is similar to the Search dialog. All fields except the connection
could be modified.

100
Tools

5.6. Bookmark properties


In the Bookmark properties page you can modify the bookmark name and target entry.

101
Tools

6. Preferences

6.1. Connections
In the Connections preferences page you can configure general settings for LDAP Connections.

Option Description Default


JNDI LDAP Context Apache Directory Studio uses JNDI for LDAP auto-detected
Factory access. This parameter configures the the factory
class. Normally this value is automatically detected
and there is no need to change it.
unchecked

102
Tools

Option Description Default


User Kerberos System If checked you need to configure Kerberos
Properties (GSSAPI) authentication using system properties,
see http://java.sun.com/products/jndi/tutorial/ldap/
security/gssapi.html for details.
Kerberos Login Module Apache Directory Studio uses JAAS for Kerberos auto-detected
authentication. This parameter configures the JAAS
login modul. Normally this value is automatically
detected and there is no need to change it.

6.2. Certificate Validation


In the Certificate Validation preferences page you can configure certificate validation settings.

If Validate certificates for secure LDAP connections is checked, Apache Directory Studio checks
certificates when a secure LDAP connection (ldaps or StartTLS) is established. The following checks are
performed: a valid certification path with a trusted root CA must exist, the certificate must not be expired,
the hostname must match the certificate subject common name, the certificate must not be self-signed.

If validation fails the Certificate Trust dialog pops up and the you could manually trust a certificate. Those
certificates are listed in the "Permanent Trusted" and "Temporary Trusted" lists. You could examine those
certificates using the View button. You can remove certificates if you don't trust them any more using
the Remove button.

6.3. Attributes preferences


In the Attributes preferences page you can configure general settings for attributes.

103
Tools

By default non-text attributes are displayed in a user-friendly way within the Entry editor and the Search
Result editor. For example if an attribute contains a timestamp it is displayed in your local date format.
When unchecking the option Show decorated values the values are displayed as returned from directory.

In the Attribute Colors and Fonts group you can define the style how attributes and values are displayed
within the Entry editor and the Search Result editor.

6.4. Binary Attributes preferences


In the Binary Attributes preferences page you can configure which attributes are binary.

104
Tools

You can specify binary attributes by attribute type or by syntax.

6.5. Entry Editors preferences


In the Entry editor preferences page you can configure the behavior of the Entry editors.

With the open mode you could define how the entry editor should be opened while browsing through the
DIT.

In the entry editors section you could define your preferred order of available entry editors using the Up/
Down buttons. The topmost entry editor in the list is the default entry editor.

6.6. Table Entry Editor preferences


In the Table Entry Editor preferences page you can configure the behavior of the Table Entry Editor.

105
Tools

Option Description Default


Show objectClass If checked the objectClass attribute is displayed. on
attribute
Show must attribute If checked the required attributes are displayed. on
Show may attribute If checked the optional attributes are displayed. on
Show operational If checked the operational attributes are displayed. on
attribute
Enable folding If checked attributes with many values are folded. on
Folding threshold The threshold when folding should be activated. 10
Auto-expand folded If checked folded attribute are automatically off
attributes expanded.
Save modifications If checked the single-tab editor automatically saves on
automatically in single- any modification immediately and sends a modify
tab editor request to the LDAP server. If unchecked you
need to save the editor manually in order to save
modifications.
Save modifications If checked the multi-tab editor automatically saves off
automatically in multi- any modification immediately and sends a modify
tab editor request to the LDAP server. If unchecked you
need to save the editor manually in order to save
modifications.

106
Tools

6.7. Search Result editor preferences


In the Search Result editor preferences page you configure the behavior of the Search Result editor.

Option Description Default


Show DN as first column If checked the distinguished name of each search on
result entry is displayed as first line.
Show DN as link If checked the distinguished name of each search on
result entry is displayed as a link.

6.8. Text Formats preferences


In the Text Formats preferences page you configure the text formats of LDIF, CSV and Excel files.

LDIF
In the LDIF tab you can configure the LDIF format.

107
Tools

Option Description Default


Line Separator Select the line spearator to use for LDIF files. The platform specific
Possible values are Windows, Mac OS or Unix line separator
Line length The line length in LDIF files. 76
Space after colon If checked a space in inserted between the colon and on
the value.

CSV Copy
In the CSV Copy tab you can configure the format used when copying CSV to clipboard (Copy Entry as
CSV, Copy Table).

108
Tools

Option Description Default


Attribute Delimiter The character used to separate attributes. Select Tabulator (ASCII 9)
default or one from the drop-down box or enter a
custom character.
Value Delimiter The character used to separate values of multi- Pipe (|)
valued attributes. Select default or one from the
drop-down box or enter a custom character.
Quote Character Each attribute is enclosed by this quote character. Double Quote (")
Select default or one from the drop-down box or
enter a custom character.
Line Separator Select the line spearator to use. Possible values are The platform specific
Windows, Mac OS or Unix line separator
Binary Encoding When copying binary values they must be encoded. Ignore
Choose

• Ignore: if binary values should not be copied.

• BASE-64: to copy the binary values BASE-64


encoded.

• HEX: to copy the HEX representation of each


byte.

CSV Export
In the CSV Export tab you can configure the format used when exporting to CSV.

Option Description Default


Attribute Delimiter The character used to separate attributes. Select Comma (,)
default or one from the drop-down box or enter a
custom character.

109
Tools

Option Description Default


Value Delimiter The character used to separate values of multi- Pipe (|)
valued attributes. Select default or one from the
drop-down box or enter a custom character.
Quote Character Each attribute is enclosed by this quote character. Double Quote (")
Select default or one from the drop-down box or
enter a custom character.
Line Separator Select the line spearator to use. Possible values are The platform specific
Windows, Mac OS or Unix line separator
Binary Encoding When exporting binary values they must be Ignore
encoded. Choose

• Ignore: if binary values should not be exported.

• BASE-64: to export the binary values BASE-64


encoded.

• HEX: to export the HEX representation of each


byte.
File Encoding The file encoding used to when exporting to CSV. The platform specific file
Select default or one from the drop-down box. encoding

Excel Export
In the Excel Export tab you can configure the format used when exporting to Excel.

Option Description Default


Value Delimiter The character used to separate values of multi- Pipe (|)
valued attributes. Select default or one from the
drop-down box or enter a custom character.

110
Tools

Option Description Default


Binary Encoding When exporting binary values they must be Ignore
encoded. Choose

• Ignore: if binary values should not be exported.

• BASE-64: to export the binary values BASE-64


encoded.

• HEX: to export the HEX representation of each


byte.

ODF Export
In the ODF Export tab you can configure the format used when exporting to Open Document Spreadsheet
format.

Option Description Default


Value Delimiter The character used to separate values of multi- Pipe (|)
valued attributes. Select default or one from the
drop-down box or enter a custom character.
Binary Encoding When exporting binary values they must be Ignore
encoded. Choose

• Ignore: if binary values should not be exported.

• BASE-64: to export the binary values BASE-64


encoded.

• HEX: to export the HEX representation of each


byte.

111
Tools

6.9. Value Editors preferences


In the Value Editors preferences page you can configure which value editor to use for an attribute.

You can specify value editors by attribute type or by syntax. If a value editor is specified by syntax the
value editor is used for all attributes with this syntax. A value editor specified for an attribute overwrites
the syntax-setting.

6.10. Browser View preferences


In the Browser View preferences page you can configure the layout and behavior of the LDAP Browser
view and the Select DN dialog.

112
Tools

Option Description Default


Entry label Choose one of DN, RDN or RDN value to be RDN with limit of 50
used as label for entries in the DIT category. If the characters
checkbox is checked long labels with more than the
specified number of characters are abbreviated.
Search Result label Choose one of DN, RDN or RDN value to be used DN with limit of 50
as label for search results in the DIT category. If the characters
checkbox is checked long labels with more than the
specified number of characters are abbreviated.
Folding If checked large subtrees and search results are enabled with folding size
folded into virtual folders each with the given 100
number of entries.
Expand base entries If checked the base entries are expanded when off
when opening opening the connection.
connection
Check for children If checked the LDAP Browser tries to find out on
if the fetched entries have children. Therefore
the operational attributes hasSubordinates,
numSubordinates and subordinateCount are
requested from server.

6.11. Modification Logs View preferences


In the Modification Logs preferences page you can configure the behavior of the Modification Logs view

113
Tools

Option Description Default


Enable modificaton logs Enables/Disables the modificaton logs. on
Masked Attributes Enter a comma-separated list of attributes that
should be masked by an asterisk '*'. A typical
attribute to mask is userPassword.
Log File Rotation Log file rotation is used. You could specifiy the 10 log files each with 100
number of log files an the maximum size for each kB
log file.

6.12. Search Logs View preferences


In the Search Logs preferences page you can configure the behavior of the Search Logs view

114
Tools

Option Description Default


Enable search request Enables/Disables the search request and search on
logs result done logs.
Enable search result Enables/Disables the search result entry logs. Note: off
entry logs You should only activate this options for debug
reasons, otherwise your logfile will overfill very
fast.
Log File Rotation Log file rotation is used. You could specifiy the 10 log files each with 100
number of log files an the maximum size for each kB
log file.

115
Chapter III. Tasks
1. Managing connections
1.1. Creating a connection
Using the New Connection wizard
To create a new connection please use the New Connection wizard.

Duplicating an existing connection


It is also possible to duplicate an existing connection. This is helpful if the new connection has similar
connection parameters:

1. Select the connection you want to duplicate and select Copy Connection from context menu or use
the Strg-C shortcut.

2. Afterward select Paste Connection from context menu or use the Strg-V shortcut. Observe the new
connection, prefixed with "Copy of ".

3. Rename the connection to your needs.

4. Modify the connection parameters to your needs.

1.2. Modifying connection parameters


The connection parameters could be modified in the Connection properties. Select a connection and choose
Properties... from context menu or press Alt-Enter to open the properties dialog.

Note: A connection must be closed in order to modify its connection parameters.

1.3. Renaming a connection


To rename a connection select a connection and choose Rename Connection... from context menu or
press F2.

In the opened dialog enter the new name and press OK.

1.4. Deleting a connection


To delete a connection select a connection and choose Delete Connection from context menu or press
Delete.

Note: A connection must be closed in order to delete it.

1.5. Opening a connection


A connection is automatically opened when expanding the DIT or when performing a search.

116
Tasks

To open a connection explicitely choose one of the following options:

• In the Connections view select a connection and choose Open Connection from context menu or
from toolbar.

• Double-click a connection.

1.6. Closing a connection


To close a connection select a connection and choose Close Connection from context menu or from
toolbar.

1.7. Enabling secure connections


Apache Directory Studio supports secure connections using SSL (ldaps) or StartTLS extended operation.
Select a proper encryption method in the Connection properties.

1.8. Sharing connections


There are two ways to export and import connections. This may be useful if you want to copy your
connections from one computer to another or if you want to share connection parameters with other users.
You could also use this features to backup your defined connections.

Import/Export connections
You could use the Export Connection wizard and Import Connection wizard to export and import
connections.

Copy/Paste connections as LDAP URL


A more simple way is to copy/paste connections as LDAP URL.

RFC 2255 specifies the LDAP URL format. Apache Directory Studio uses the host and port field and uses
X- extensions for all other connection paramter.

Parameter Description Possible values Default


X-CONNECTION- The connection name. Any name, must be URL Current date
NAME encoded
X-ENCRYPTION The encryption to use. none, ldaps, StartTLS none
X-AUTH-METHOD The authentication to Anonymous, Simple, Simple imf X-BIND-
use. DIGEST-MD5, CRAM- USER is present, else
MD5 Anonymous
X-BIND-USER The bind DN or user. Any DN, must be URL none
encoded
X-BIND-PASSWORD The bind password. none
X-SASL-REALM The SASL realm. none
X-BASE-DN The base DN. A valid base DN, none none
to get base DNs from the
Root DSE

117
Tasks

Parameter Description Possible values Default


X-COUNT-LIMIT The count limit. A positive integer, 0 for 0
no count limit
X-TIME-LIMIT The time limit in A positive integer, 0 for 0
seconds. no time limit
X-ALIAS-HANDLING The alias handling NEVER, SEARCHING, ALWAYS
method. FINDING, ALWAYS
X-REFERRAL- The referral handling FOLLOW, IGNORE, FOLLOW
HANDLING method. MANAGE
X-FETCH- If present the subentries no value -
SUBENTRIES control is activated.
X-PAGED-SEARCH If present the paged no value -
control is activated.
X-PAGED-SEARCH- The paged search size. Any positive integer 100
SIZE
X-PAGED-SEARCH- If present the scroll mode No value -
SCROLL-MODE is activated.

Here's an example how such an URL looks like: ldap://localhost:10389/????X-CONNECTION-


NAME=ApacheDS,X-BIND-USER=uid=admin%2cou=system,X-BIND-PASSWORD=secret,X-
COUNT-LIMIT=1000

When you copy a connection within the Connections view it is copied in the described format to your
clipboard. You could then paste this LDAP URL into a text editor or to an email.

The same way you could copy an LDAP URL from somewhere and paste it into the Connections view.

2. Browsing directory
2.1. Handling large number of entries
A directory may have entries with thousands of child entries. It is not recommended to fetch all these
children when browsing because this increases directory and network load and is very time consuming.

Limiting number of fetched entries


It is recommended to limit the number of returned entries. The limit is defined in Connection properties.

Filtering children
Another option is to use a filter to limit the fetched children. Choose Filter Children... from context
menu. In the opened dialog you could define a LDAP filter. Hit Strg-Space to get content assistance. The
drop-down list provides a history of recently used filters. A click to the Filter Editor button opens the
Filter Editor dialog.

2.2. Showing RootDSE and Schema entry


To make RootDSE and Schema entry visible in the Browser view enable Show Directory Metadata in
the Browser's drop down menu.

118
Tasks

2.3. Showing subentries


Subentries are a special kind of entries used for managing the administration of different aspects of
the directory. By default they are not visible. To make them visible in the Browser view enable Fetch
subentries in the Connection properties.

2.4. Displaying entry's attribute


Select an entry in the Browser view. The Entry editor will be opened and shows the entry's attributes. You
could define the visible attriubtes in the Entry editor preferences.

2.5. Filtering entry's attribute


Please see Quick Filter in Entry editor features.

2.6. Displaying entry's operational attribute


In order to make operational attributes visible please enable Show operational attributes in the Entry
editor preferences.

3. Managing entries
3.1. Creating an entry
To create a new entry please use the New Entry wizard.

3.2. Renaming an entry


To rename an entry please use the Rename Entry dialog.

3.3. Moving entries


To move entries to another parent please use the Move Entry dialog.

3.4. Deleting entries


To delete entries select the entries you would like to delete and choose Delete from context menu or
press Delete key.

3.5. Adding an attribute


1. Use the Attribute wizard to specify the attribute.

2. After finishing the wizard a proper Value editor is invoked. Enter the value and press Enter.

3.6. Adding a value


1. Select the attribute where you would like to add a value.

2. Choose New Value from tool bar or context menu or hit Strg-+. This invokes a proper Value editor

119
Tasks

3. Enter the value and press Enter.

3.7. Modifying a value


1. Select the value you would like to edit.

2. Invoke the default Value editor by pressing Enter or F7 or double-click the value.

or

Invoke a custom Value editor by choosing one from Edit Value With in the context menu.

3. Modify the value and press Enter.

3.8. Deleting attributes and values


To delete attributes and values select the attributes and values you would like to delete and choose
Delete from tool bar or context menu or press Delete key.

3.9. Modifying the object class


To modify the object class please use the Edit Entry wizard.

120
Chapter IV. Reference
RFCs
RFC 4510: LDAP: Technical Specification Road Map [rfc/rfc4510.txt]
RFC 4511: LDAP: The Protocol [rfc/rfc4511.txt]
RFC 4512: LDAP: Directory Information Models [rfc/rfc4512.txt]
RFC 4513: LDAP: Authentication Methods and Security Mechanisms [rfc/rfc4513.txt]
RFC 4514: LDAP: String Representation of Distinguished Names [rfc/rfc4514.txt]
RFC 4515: LDAP: String Representation of Search Filters [rfc/rfc4515.txt]
RFC 4516: LDAP: Uniform Resource Locator [rfc/rfc4516.txt]
RFC 4517: LDAP: Syntaxes and Matching Rules [rfc/rfc4517.txt]
RFC 4518: LDAP: Internationalized String Preparation [rfc/rfc4518.txt]
RFC 4519: LDAP: Schema for User Applications [rfc/rfc4519.txt]
RFC 2849: The LDAP Data Interchange Format (LDIF) - Technical Specification [rfc/rfc2849.txt]
RFC 3866: Language Tags and Ranges in the LDAP [rfc/rfc3866.txt]

Obsolete RFCs
RFC 2251: Lightweight Directory Access Protocol (v3) [rfc/rfc2251.txt]
RFC 2252: Attribute Syntax Definitions [rfc/rfc2252.txt]
RFC 2253: UTF-8 String Representation of Distinguished Names [rfc/rfc2253.txt]
RFC 2254: The String Representation of LDAP Search Filters [rfc/rfc2254.txt]
RFC 2255: The LDAP URL Format [rfc/rfc2255.txt]
RFC 2256: A Summary of the X.500(96) User Schema for use with LDAPv3 [rfc/rfc2256.txt]
RFC 2829: Authentication Methods for LDAP [rfc/rfc2829.txt]
RFC 2830: Extension for Transport Layer Security [rfc/rfc2830.txt]

Tutorials
JNDI Tutorial [http://java.sun.com/products/jndi/tutorial/]

121
Chapter V. Tips and tricks
TODO...

122
Chapter VI. What's new
What's new in 1.5.0
Entry editors enhancements

The traditional table entry editor can now work in offline mode where modifications aren't saved
immediately.

A new LDIF etry editor is now available, it renders LDAP entries in LDIF format and allows editing of
those entries.

Both editors can operate in single-tab (opens each entry in the same editor tab) or in multi-tab (opens each
entry in its own editor tab) mode.

Modify operations (add, delete, replace) are configurable which allows specific adjustments for various
directory servers.

Enhanced Connection Security

Server certificates of secure connections (ldaps and StartTLS) are now validated.

Kerberos authentication is now supported.

New value editors

Various new value editors are available:

• Certificate value editor to view and edit X.509 certificates.

• Value editors for Microsoft Active Directory objectGUID and objectSid attributes

123
What's new

• Value editor for UUID syntax

A number of bug fixes and improvements

Besides these key new features, the LDAP Browser plugin has received a number of bug fixes and
improvements. A detailed report is provided in the Release Notes section.

What's new in 1.4.0


Internationalization

Apache Directory Studio is now fully internationalized. Out of the box English, French and German
translations are provided.

Quick Search

The Quick Search could be used to search the DIT without opening a search dialog an filling all the input
fields. See Quick Search for details.

124
What's new

Date & Time Editor

The new Date & Time Editor help you to view and edit attributes with generalized time syntax.

A number of bug fixes and improvements

Besides these key new features, the LDAP Browser plugin has received a number of bug fixes and
improvements. A detailed report is provided in the Release Notes section.

What's new in 1.3.0


Edit Entry wizard

Using this wizard it is possible to edit an entry offline and make multiple modifications and submit all
modification in one request to the server. For instance this is necessary when adding a new object class
which contains some mandatory attributes. Please see Edit Entry wizard for details.

125
What's new

Paged Results control

The paged results control is supported. It could be used to fetch only a limited number of entries from the
server while browsing in the DIT.

LDIF Import: Overwrite existing Entries

Now it is possible to select whether existing entries should be overwritten during an LDIF import. This is
useful if you already imported LDIF data into your directory and you want to import some modified LDIF.

Go to DN Dialog

There's a new DN which could be used to find an entry in DIT by its distinguished name.

A number of bug fixes and improvements

Besides these key new features, the LDAP Browser plugin has received a number of bug fixes and
improvements. A detailed report is provided in the Release Notes section.

What's new in 1.2.0


New Search Logs View

A new Search Logs view has been added to the LDAP Browser plugin. This view lets the user review all
the searches he has been running on a server and makes it very handy and easy to copy/paste LDAP URLs
or command line from the searches run in the UI.

126
What's new

Connections Import/Export

It is now possible to import/export the connections from/to a single file. This is very interesting to share
connections between computers or people.

A number of bug fixes

Besides these key new features, the LDAP Browser plugin has received a number of bug fixes. A detailed
report is provided in the Release Notes section.

What's new in 1.1.0


Folders in the Connections View

The LDAP Browser plugin now supports reoganizing connections inside folders in the Connections View
. This is a great improvement for grouping related connections together and keep the view clean.

Object Classes selection improved when creating a new entry

The Object Classes page of the New Entry Wizard has been quite improved with:

• an icon aside each object class indicating whether it is an 'Abstract', 'Auxiliary' or 'Structural' object class

• a new warning panel, showing up when the current selection does not contain any structural

• new key bindings for a better selection of object classes using the keyboard

127
What's new

Support for lowercased Hash Methods in the Password Editor

The Password Editor has been updated to support lowercased Hash Methods (e.g. "{crypt}"). The
Password Editor now supports the following Hash Methods in both uppercase and lowercase:

• CRYPT

• SHA

• SSHA

• SSHA

• MD5

• SMD5

A number of bug fixes

Besides these key new features, the LDAP Browser plugin has received a number of bug fixes. A detailed
report is provided in the Release Notes section.

128
Chapter VII. Release notes
Apache Directory Studio 1.5.2 - (2009,
December 11th)
Bug

• [DIRSTUDIO-603] - Error browsing/entering rfc2307 compliant host entry

• [DIRSTUDIO-601] - The 'Perform Search/Search Again' button in the Search Result Editor does not
work correctly

Apache Directory Studio 1.5.1 - (2009,


November 30th)
Bug

• [DIRSTUDIO-597] - Modification sent to the server while browsing through the DIT and refreshing
entries

• [DIRSTUDIO-596] - Various typos in the french translation

• [DIRSTUDIO-595] - The icon of the entry in the 'Outline' view should be the same as the one in the
'LDAP Browser' view

• [DIRSTUDIO-594] - The 'Show new password details' checkbox does not display the 'Enter new
password' text field as clear text when checked in the Password Editor

• [DIRSTUDIO-593] - Missing string and typo in the french translation of the Password Editor

• [DIRSTUDIO-592] - LDAP Browser view is refreshed twice after the initialization of the children of
an entry

• [DIRSTUDIO-591] - Error reading objects with # in DN

• [DIRSTUDIO-590] - The 'Quick Search' string has not been externalized in the LDAP Browser view

• [DIRSTUDIO-589] - InvalidNameException: unexpected token for user ids starting with hash sign

• [DIRSTUDIO-587] - UI flickers on quick search

• [DIRSTUDIO-580] - Setting "Validate certificates for secure LDAP connections" is not saved

• [DIRSTUDIO-576] - Context menu not shown after a right-click on a non-cached entry

Apache Directory Studio 1.5.0 - (2009,


November 2nd)
Bug

129
Release notes

• [DIRSTUDIO-575] - Bookmarks not working

• [DIRSTUDIO-570] - Integer Value Editor does not accept negative numbers

• [DIRSTUDIO-553] - Add descriptions for server specific OIDs of IBM Tivoli Directory Server 6.1
and 6.2

• [DIRSTUDIO-552] - NullPointerException if Root DSE of IBM Tivoli Directory Server displayed in


Entry Editor

• [DIRSTUDIO-550] - Root DSE properties: Directory types IBM Tivoli Directory Server 6.1 and 6.2
not detected correctly

• [DIRSTUDIO-532] - Refreshing parent of referral may give ConcurrentModificationException

• [DIRSTUDIO-531] - Unpretty 2-3 pixels height margin at the top of the Search Results editor

• [DIRSTUDIO-530] - Unpretty 2-3 pixels height margin at the top of the Entry editor

• [DIRSTUDIO-529] - Unpretty 2-3 pixels height margin at the top of the Browser view

• [DIRSTUDIO-527] - Unable to display Active Directory GUIDs

• [DIRSTUDIO-524] - Operational attributes are not show, although enabled under preferences

• [DIRSTUDIO-512] - Deletion of entries very slow

• [DIRSTUDIO-507] - Attempt to rename the rdn results in message contain {0} and {1}

• [DIRSTUDIO-504] - Timestamp attribute with an invalid time in it is read only - editor ignores entry

• [DIRSTUDIO-503] - New Entry -> Available object classes list remains stale after new objectclasses
added

• [DIRSTUDIO-502] - Copy/Paste the context entry from one connection to another doesn't work

• [DIRSTUDIO-495] - Cannot edit password field

• [DIRSTUDIO-493] - Aliased attributes show only one attribute name in the RDN selection list instead
of the full aliases list

• [DIRSTUDIO-490] - Copy/Paste a search from one connection to another doesn't work

• [DIRSTUDIO-489] - LDIF Import very slow

• [DIRSTUDIO-488] - New context entry creation is not shown just after connection

• [DIRSTUDIO-486] - Include Version Specifier in LDIF export

• [DIRSTUDIO-484] - Rename dialog does not work with escaped RDNs

• [DIRSTUDIO-483] - DN Editor escapes all non-ascii characters

• [DIRSTUDIO-481] - Improve refreshing of attributes and children

• [DIRSTUDIO-437] - Alias are not exposed as such in the browser

• [DIRSTUDIO-418] - Slow LDIF/CSV export

130
Release notes

• [DIRSTUDIO-409] - No error message in some special case

• [DIRSTUDIO-403] - Cannot add refs when the ExtensibleObject OC has been added to a referral

• [DIRSTUDIO-402] - The ManageDsaIT control should be activable for a single request, not at the
connection level

• [DIRSTUDIO-334] - Built-in help doesn't show icons for "Icons" and "Toolbars" tables in "LDAP
Browser View"

Improvement

• [DIRSTUDIO-574] - Add 'Cancel' button to "Select copy strategy" (was Abort of copy/paste not
possible)

• [DIRSTUDIO-558] - Load special entries (aliases, referrals, subentries) per request, add menu items
to browser's context menu

• [DIRSTUDIO-555] - Human readable descriptions of OIDs in binary attributes preference page

• [DIRSTUDIO-554] - Add option to save tabular entry editor automatically or manually

• [DIRSTUDIO-535] - Use SWT.SEARCH and SWT.CANCEL style bits on search text field for a native
search field on Mac OS X

• [DIRSTUDIO-534] - Re-order the preference pages for better understanding

• [DIRSTUDIO-533] - Only show referral handling dialog when opening or expanding referral entry

• [DIRSTUDIO-513] - Do delete before add when modifying attribute values

• [DIRSTUDIO-496] - Password editor improvements

• [DIRSTUDIO-487] - Empty namingcontexts causes javax.naming.InvalidNameException: Bad DN

• [DIRSTUDIO-371] - Entries with a ref attribute should be shown N times in the browser (N = number
of ref values)

• [DIRSTUDIO-145] - Multiple tabs for entry editor

New Feature

• [DIRSTUDIO-562] - Add 'Copy Display Value' action, default copy action should copy displayed value

• [DIRSTUDIO-556] - Add value editor for UUID

• [DIRSTUDIO-515] - Add extensibility to Entry Editor

• [DIRSTUDIO-494] - Add value editor for certificates (syntax 1.3.6.1.4.1.1466.115.121.1.8)

• [DIRSTUDIO-462] - Add Export to Open Document Format

• [DIRSTUDIO-434] - Add value editor for Active Directory objectGUID and objectSid attributes

Sub-task

• [DIRSTUDIO-519] - Create a new LDIF Entry Editor

• [DIRSTUDIO-518] - Create a new multi-window Entry Editor

131
Release notes

• [DIRSTUDIO-517] - Create a new single-window Entry Editor

• [DIRSTUDIO-516] - Create a new Entry Editor extension point

Task

• [DIRSTUDIO-479] - Object classes of an entry should always be present

Wish

• [DIRSTUDIO-167] - Show custom icons for various kinds of schema elements while browsing schema
data

Apache Directory Studio 1.4.0 - (2009, April 7th)


Bug

• [DIRSTUDIO-472] - SWTException (Widget is disposed) when disabling DIT Quick Search

• [DIRSTUDIO-470] - Schema Browser view is not bring to front when using the 'Open Schema Browser'
menu item while the view is already opened but not the frontmost view

• [DIRSTUDIO-469] - Added wrong AttributeTypes can't be deleted

• [DIRSTUDIO-465] - Context entry created from an LDIF import is not shown in the Browser view

• [DIRSTUDIO-463] - Browsing the directory produce too many search requests

• [DIRSTUDIO-460] - Pressing 'Enter' in New Entry wizard should edit the attribute

• [DIRSTUDIO-457] - Unknown schema causes attributes to be treated as operational

• [DIRSTUDIO-456] - Cannot create an entry with mandatory binary attribute

• [DIRSTUDIO-430] - NullPointer exception when fetching children of a node

• [DIRSTUDIO-427] - Operational attributes turned on by itself

• [DIRSTUDIO-423] - Outline view does not respect the settings of the Entry Editor on displaying or
not the operational attributes

• [DIRSTUDIO-420] - Unable to locate in DIT (f3)

• [DIRSTUDIO-419] - Problems switching between connections

• [DIRSTUDIO-396] - Custom LDAP attributes not shown in entry editor

• [DIRSTUDIO-395] - Problems with special chars (german Umlauts)

• [DIRSTUDIO-373] - Can't delete a tagged attribute if the non tagged attribute belong to the DN

Improvement

• [DIRSTUDIO-455] - Cannot copy/past an existing search

• [DIRSTUDIO-426] - Overwritten hashCode() method should not use super.hashCode()

• [DIRSTUDIO-412] - Add expand all and collapse all actions to the connections view

132
Release notes

• [DIRSTUDIO-411] - Select a new created folder in the connection view

• [DIRSTUDIO-241] - The "New Value" action (in the Entry Editor) should be disabled if the AT is
defined as single valued

• [DIRSTUDIO-234] - Greyed out menu items should have a tool tip explaining *why* they're greyed out

• [DIRSTUDIO-207] - Operationnal attributes cannot be shown entirely

• [DIRSTUDIO-150] - mprove error handling

• [DIRSTUDIO-115] - Unable to edit operational attribute values

New Feature

• [DIRSTUDIO-449] - Add a new GeneralizedTime Value Editor

• [DIRSTUDIO-397] - Request for multi-language GUI

• [DIRSTUDIO-335] - DIT Quick Search

Apache Directory Studio 1.3.0 - (2008,


November 24th)
Bug

• [DIRSTUDIO-389] - Back/Forward Navigation isn't working

• [DIRSTUDIO-380] - Attribute and Entry property pages makes the dialog very tall

• [DIRSTUDIO-379] - Class NewEntryWizard not found, application doesn't starts

• [DIRSTUDIO-367] - Tree delete control should not be used automatically

• [DIRSTUDIO-355] - DSML Import and Export fail with "Internal Error: null"

• [DIRSTUDIO-354] - Search window, paste problem

• [DIRSTUDIO-293] - Values of attributes of the syntax 'Generalized Time' must have the g-time-zone
'Z' and minutes and seconds set to be interpreted and shown as a date instead of the raw value

• [DIRSTUDIO-291] - Adding of an objectclass requiring attributes not present to an entry in the ldap
browser, modify operation fails

• [DIRSTUDIO-260] - Unable to do a DSML Export from eDirectory

Improvement

• [DIRSTUDIO-407] - In the NewEntryWizard, the first selected object class on the left side should be
added if the Enter key is hit in the text field

• [DIRSTUDIO-383] - Make "Fetch subentries" setting configurable per connection, move from browser
preferences to connection properties

• [DIRSTUDIO-378] - An attribute name containing an underscore ("_") is split in two when used in
"Returning Attributes" field of the "Search" dialog

133
Release notes

• [DIRSTUDIO-377] - Add value editor for OIDs

• [DIRSTUDIO-363] - Browser View doesn't accept menu additions thru viewerContribution extension
point

• [DIRSTUDIO-327] - Add support for Paged Results Control

• [DIRSTUDIO-311] - Provide Goto DN dialog

• [DIRSTUDIO-291] - Using the 'new entry'/'use existing entry as template' feature from the context menu
of an entry, the parent dn is also copied from the template entry

• [DIRSTUDIO-244] - Add selection for copy strategy if an entry to copy already exists

• [DIRSTUDIO-228] - Mask userPassword in the log view

• [DIRSTUDIO-147] - Allow LDIF imports to overwrite existing entries

• [DIRSTUDIO-116] - Expand all folds by default

• [DIRSTUDIO-114] - Group container entries first in browser view

New Feature

• [DIRSTUDIO-385] - Add dialog to create a new context entry

• [DIRSTUDIO-356] - Add a way to get the connection config as an URL

• [DIRSTUDIO-297] - Add a 'save as' for logs

• [DIRSTUDIO-153] - Allow offline modifications of entries

• [DIRSTUDIO-107] - Enable Select/Copy in Property page of RootDSE in order to copy and paste
detected OIDs

• [DIRSTUDIO-85] - Add support for search dialog to include * and + for returnable attributes

Task

• [DIRSTUDIO-375] - Move each plugin IDs in a plugin.properties file

• [DIRSTUDIO-374] - Clean duplicated dependencies in plugins

• [DIRSTUDIO-19] - Add Javadoc to LDAP Browser classes

Apache Directory Studio 1.2.0 - (2008, august


18th)
Bug

• [DIRSTUDIO-365] - Can't delete entry with studio 1.1.0. works with 1.0.1

• [DIRSTUDIO-360] - cannot read attribute from items with a / in the dn

• [DIRSTUDIO-349] - Unable to enter large values for uid

• [DIRSTUDIO-341] - Paste error

134
Release notes

• [DIRSTUDIO-336] - Errors when parsing schema of some LDAP servers

• [DIRSTUDIO-326] - Non-Operational attributes are marked as operational when bind to Siemens DirX
7.0

• [DIRSTUDIO-319] - LDAP Browser creating new entry becomes empty and unusable in Windows
Vista after certain actions

• [DIRSTUDIO-318] - Rename of multi-values RDN does not work when changing the second RDN

• [DIRSTUDIO-315] - Choosing new value, in entry editor shows new entry when server error occures

• [DIRSTUDIO-298] - NullPointerException raised when drag'n'dropping a connection to a folder (on


Mac OS X only)

• [DIRSTUDIO-273] - Unable to get Base DNs on OID (Oracle Internet Directory)

• [DIRSTUDIO-209] - Cannot expand attribute list

• [DIRSTUDIO-157] - Studio looses STRG-V over some time of use

• [DIRSTUDIO-121] - Some property pages make the dialog very tall

• [DIRSTUDIO-89] - Entry painted even though not created in server

Improvement

• [DIRSTUDIO-361] - Auto-activate 'show operational attributes' when adding an operational attribute

• [DIRSTUDIO-329] - Replace internal URL class by shared-ldap LdapURL class

• [DIRSTUDIO-126] - Triple click to edit attribute

• [DIRSTUDIO-46] - Add connections import/export

New Feature

• [DIRSTUDIO-328] - Search Logs View

Task

• [DIRSTUDIO-128] - Replace internal schema parser with the schema parser in shared-ldap.

Apache Directory Studio 1.1.0 - (2008, march


31st)
Bug

• [DIRSTUDIO-286] - Update Site is not working, missing dependencies in ldifeditor, ldapbrower and
schemaeditor feature

• [DIRSTUDIO-285] - Export into LDIF format could be corrupted

• [DIRSTUDIO-281] - LDIF and Apache DS configuration files can't be saved in RCP mode

• [DIRSTUDIO-279] - Filter Editor doesn't remove spaces and line breaks after OK

135
Release notes

• [DIRSTUDIO-270] - Copy and paste does not work when value being edited

• [DIRSTUDIO-269] - Attributes not displayed when browsing BEA Weblogic embedded LDAP

• [DIRSTUDIO-267] - Clicking on a bookmark loops and does not display attributes

• [DIRSTUDIO-261] - LDAP Browser shows same root objects two times under Root DSE

• [DIRSTUDIO-252] - Advanced value editors don't work in NewEntryWizard

• [DIRSTUDIO-250] - Unable to load entries if RDN is quoted and contains unescaped comma

• [DIRSTUDIO-249] - Modification Logs view does not display request controls, if sent to the server

• [DIRSTUDIO-247] - Don't use implicit ManageDsaIT control magic of JNDI

• [DIRSTUDIO-242] - Inconsistent state of the Entry Editor after using "New Value" (or "New
Attribute...") and pressing "Escape".

• [DIRSTUDIO-235] - Non ASCII characters are not rendered properly in the LDAP Browser View when
label is limited to a certain number of characters

• [DIRSTUDIO-233] - Browsing base DN returns [LDAP: error code 10 - Referral]

• [DIRSTUDIO-230] - Locate Dn in DIT Action does not work well

• [DIRSTUDIO-223] - NullPointerException raised when adding values in the New Entry Wizard

• [DIRSTUDIO-222] - Pb when creating an entry with an invalid atribute as a RDN

• [DIRSTUDIO-220] - lowercase {crypt} in userPassword is an "Unsupported Hash Method"

• [DIRSTUDIO-210] - Filter parser accepts bad filters

• [DIRSTUDIO-197] - Following referrals throws NPE

• [DIRSTUDIO-184] - Error while reading entry in Active Directory

• [DIRSTUDIO-154] - Studio getting slower and slower on bulk operations

• [DIRSTUDIO-152] - New entry creator does not know that 'dc' and 'domainComponent' is the same
thing

• [DIRSTUDIO-139] - Operational attributes not shown in the Entry Editor

• [DIRSTUDIO-120] - 100% CPU when deleting thousands of entries

• [DIRSTUDIO-95] - Not returning large queries

Improvement

• [DIRSTUDIO-221] - Improve Object Class selection in the New Entry Wizard

• [DIRSTUDIO-156] - useability improvement: when exporting an OU use the applied filter by default

• [DIRSTUDIO-138] - Add visual feedback to the user, if SSL (ldaps) is enabled

• [DIRSTUDIO-123] - Refactor IConnection interface and Connection class

136
Release notes

• [DIRSTUDIO-119] - Allow user to disabled the Modification logs windows

• [DIRSTUDIO-37] - Improve authentication methods and security mechanisms

New Feature

• [DIRSTUDIO-248] - Add support for simulated moving of non-leaf entries

• [DIRSTUDIO-246] - Add support for simulated renaming of non-leaf entries

Task

• [DIRSTUDIO-229] - Replace internal DN/RDN/RDNPart with LdapDN/Rdn/ATAV of shared-ldap

• [DIRSTUDIO-142] - Add SASL authentication

Apache Directory Studio 1.0.1 - (2007,


september 10)
Bug

• [DIRSTUDIO-162] - Delete old RDN on rename has no effect

• [DIRSTUDIO-183] - It's not possible to select a Connection in a New Search

• [DIRSTUDIO-186] - When copying an entry it isn't displayed correctly in the browser tree

Improvement

• [DIRSTUDIO-185] - Provide completion for all attribute types in the attribute wizard

Apache Directory Studio 1.0.0 - (2007,


september 3rd)
Initial release.

137

You might also like