Quest One LDAP Browser 1.5.3 User Manual
Contents
1. Quest One LDAP Browser 15 5 7 Search Button Bar QUEST SOFTWARE Field Value Ldif uid REastwood ou marketing dc onecorp dc com uid REastwood objectClass person inetorgperson organizationalP erson top mail reastwood onecorp org sn Eastwood facsimileTelephoneNumber 555712410 cn Ralph Eastwood telephoneNumber 555712409 userPassword SSHA GopJG4Q QoXeu3fjD dteTgN fyjRGSYIv4015ZXw givenName Ralph Manage Objectcla gt Manage Attribute ave Edit Refresh Cance Figure 7 The Entry Display Panel e Refresh Available when in Display mode and can be used to refresh the data displayed within the Entry Display Panel e Cancel Available when in Edit mode and allows you to exit from Edit mode without committing any changes to the backend LDAP Server 5 7 Search Button Bar eja jo he Figure 8 The Search Button Bar At the bottom of the browser is a Search Button Bar The Search Button Bar will only appear when you have a search view open This bar provides access to different search views when searches are performed On the far left of the bar is a button with an icon of a globe This button will always return you to the Global view or the full view available according to your LDAP connection specifications Each search view is represented with a button that contains the name of the search that you have performed If you have performed a new search that has not been named it will have the d2. 8 3 Search Results QUEST SOFTWARE request will go The scope options are as follows e Scope Base Only searches the Base DN specified for the search e Scope One Searches for entries stored one level beneath the specified Base DN e Scope Sub Searches recursively through all levels beneath the specified Base DN In general within the browser you are likely to select a Scope of either One or Sub Finally you will need to specify a filter for the search criteria Search filters follow a standard format as specified by RFC2254 and are discussed in more detail in the previous section on New Searches When you have constructed your search filter you will need to click on the Add Search button to store your search query The search will then be saved under the folder that is selected in the panel on the right You will then be able to select your search from the Search Menu listed under the connection name for which the search was created You will be able to use this search whenever you want as it will be stored within the connection configuration If you wish to edit it for some other purpose or remove it you will need to open the Manage Searches dialog It is very important to understand that Bookmarks and Searches are stored in memory while QO LB is open If you would like to store them permanently within a configuration for use next time you open the Browser you will need to save the entire configuration file by clicking on the Sa
3. Finally you will need to specify a filter for the search criteria Search filters follow a standard format as specified by RFC2254 You may use particular operators and wildcards within your filters When you click on the Search button a new view will be displayed in the Navigation Panel limiting the Direc tory Tree according to the criteria specified in your Search See the Search Results section below for further information on viewing search results Note that the Search view will be labelled as Search1 with the value appended to the name being incremented for each subsequent search that you perform For any new search you are able to save the search for future use by either clicking on the Save Search As option in the Searches menu or by right clicking on the search button in the view bar at the bottom of the browser and selecting the Save Search As button from the popup context menu that will appear See http www ietf org rfc rfc2254 txt Quest One LDAP Browser 30 8 2 Adda Search QUEST SOFTWARE Table 1 Commonly used search filter operators Logical operator Description Equal to Approximately equal to lt Lexicographically less than or equal to gt Lexicographically greater than or equal to amp AND OR NOT Wildcard e g cn J le A Searchl E Close fu Refresh Search Eal Search Properties Figure 21 A New Search button with context menu
4. bin ldapbrowser 4 2 Microsoft Windows You can launch the product using the QO LB shortcut in your Start Menu under Quest Software gt LB gt RX Y Z Quest One LDAP Browser 10 QUEST l SOFTWARE 5 GUI Layout and Controls 5 1 Overview The entire GUI for QO LB is broken into the following component parts e The Menu Toolbar The Control Toolbar The Connection Tab bar The Navigation Panel The Entry Display Panel The Search Button Bar amp w Quest One LDAP Browser 1 5 wo Y File Edit View Schema Search BookMark LDIF SSL Help Quest One LDAP Browser 1 5 Field Value Ldif marketing uid cliSPAIN1 ou clients c spain dc onecorp dc com sales uid cliSPAIN operations objectclass person spain inetorgperson B clients organizationalperson o cliSPAIN2 top g lt ciSPAIN3 Isn Carrerasl o cliSPAINA o cliSPAINS o cisPAINI products cn Josel telephonenumber 529416372 managers allproducts groups uk us Manage Objectclasses Manage Attributes i Cancel Figure 2 Components of the QO LB GUI Quest One LDAP Browser 11 5 2 Menu Toolbar QUEST SOFTWARE File Edit View Schema Search BookMark LDIF SSL Help Figure 3 The Menu Toolbar 5 2 Menu Toolbar The Menu Toolbar contains all of the menu options available within the browser If the application is in a particular view or state where a par
5. e var tmp Packages are provided for Solaris on either i386 or Sparc platforms The installation process is as follows Change the directory where the package was copied if not var tmp mv qolb RX Y Z R sol i386 pkg gz var tmp gunzip qolb RX Y Z R sol 1386 pkg gz pkgadd d var tmp qolb RX Y Z R sol i386 pkg Once the package has been successfully installed you can check the timestamp of the installation and the version of the installed product using the following command pkginfo 1 qolb As soon as youre finished installing both the gqolb RX Y Z R sol i386 pkg gz and qolb RX Y Z R sol i386 pkg files can be deleted from the temporary directory Quest One LDAP Browser 7 QUEST l SOFTWARE 3 Configuration Files 3 1 Microsoft Windows The configuration files for QO LB are all text based and are stored in USERPROFILE symlabs Idapbrowser confs Each connection that you create is stored in its own text file along with any Bookmarks or Searches that you create and save for that connection 3 2 Linux and Unix The configuration files for QO LB are all text based and are stored in your user home directory at home lt username gt symlabs Idapbrowser confs Each connection that you create is stored in its own text file along with any Bookmarks or Searches that you create and save for that connection 3 3 Connection Files Connection files are hidden dot files named after the connection name Connec
6. leave the dialog without actioning any changes that you have made You are also able to add or remove Attributes for an entry by clicking on the Manage Attributes button The Manage Attributes dialog will open This dialog window is composed of two list panels In the panel on the left you will see a list of the Attributes that are available for the ObjectClasses that are defined for the entry In the panel on the right is a list of Attributes that are currently used by the entry Between the two panels are buttons marked with the symbols and You can use these buttons to move Attributes from one list to the other When you have finished editing the list of Attributes that you wish to use for the entry click on the Finish button Note that you can click the Cancel button to leave the dialog without actioning any changes that you have made It is also possible to remove an attribute from an entry by simply delete all of the contents for any value given to that attribute Note that in the rare cases where no schema is reported by the server that you have connected to the Manage ObjectClasses and Manage Attributes buttons will be disabled You will also find that although you are able to edit existing values for an entry you will not have the option to add new values or delete values Although this sort of scenario is not common it may occur when making use of Virtual Tree structures in an LDAP Proxy or Virtual Directory Server type pr
7. objectclassremovedname onecorpObjectClass objectclassremovedname ipHost objectclassremovedend This second behavior may be useful where you have a particular objectclass definition in the schema reported by a backend that causes a conflict with a similarly named objectclass in your Virtual Directory Solution 11 3 6 Removing an Attribute You can remove an attribute from the local schema representation by clicking on the Remove button in the Manage Attribute window This function provides two alternate behaviors If you are removing a virtual attribute that you have created within the local schema representation using the Add Attribute option the Remove Attribute option will remove the configuration entry stored within the configuration file so that the virtual attribute is permanently removed On the other hand removing a real attribute from the reported schema will create a new configuration entry in the configuration file to store a list of removed attributes The configuration entry will look similar to the following attributeremovedbegin attributeremovedname onecorpAttributel attributeremovedname onecorpAttribute2 attributeremovedend This second behavior may be useful where you have a particular attribute definition in the schema reported by a backend that causes a conflict with a similarly named attribute in your Virtual Directory Solution 11 3 7 Restoring an ObjectClass If you select
8. providing the option to Save Search 8 2 Adda Search Searches are treated in a similar way to Bookmarks in that they are stored for future use When performing a search you can click on the branch within the Directory Tree to help limit the base DN for the search You can initiate a search by clicking on the Add Search button in the Control Toolbar or by clicking on the Add Search option in the Search Menu This will cause the Add Search dialog to open Searches Search Info Name me in Marketing Description Search for entries starting with M in Marketing a Search Params Base Select the base to start searching from ou marketing dc onecorp dc d Scope Select the scope Scope SUB Search base DN and all entries w v Filter uid M Jaj v Add Search Cancel Manage Search eee eee Figure 22 The Add Search Dialog The Add Search dialog will require you to enter a Name and Description for the Search request that will be added to the Search Menu You will also need to specify the base DN or suffix that should be used within the search By default this will be populated with the DN for the branch or entry that was last selected in the Navigation Panel although the field can be edited manually to specify an alternate branch if required You can specify one of three alternative Scope settings for the search The scope defines how deep the search Quest One LDAP Browser 31
9. servers and to perform common administration tasks such as adding removing and modifying entries stored within a directory environment It provides support for typical LDAP searches and includes a bookmarking feature to rapidly access particular entries within a large directory tree The browser also offers views of the LDAP server s schema and the RootDSE information which is returned by the server for a RootDSE query Searches and Bookmarks can be saved for future use making it possible to save a configuration that you can use at any time to quickly repeat particular operations without having to continually enter the same information Searches are presented in their own views allowing you to quickly switch between different presentations of data within the directory without needing to repeat operations The Browser also offers functions to export data within a directory in LDIF format so that it can be used to backup or easily replicate the data stored within the directory This product has been released for free We welcome feedback on the browser and encourage you to try our other products to resolve many of the common obstacles that are encountered when working within an LDAP framework Quest One LDAP Browser 4 QUEST SOFTWARE amp o B Quest One LDAP Browser 1 5 p 7 i dow File Edit View Schema Search BookMark LDIF SSL Help QUEST Quest One LDAP Browser 1 5 w SOFTWARE Figure 1 QOLB Quest One LDAP
10. to view the individual entries for each schema component Entries are displayed in a similar way to entries within the normal tree with the exception that Schema entries cannot be edited However although the schema cannot be edited so that it affects the server additional objectclasses and attributes can be added to the local representation of the schema This is useful for when you are making use of a Virtual Directory or LDAP Proxy product that may provide virtualized schema extension options that will not be included in the schema reported by a backend directory Quest One LDAP Browser 38 11 3 Editing the Local Schema Representation QUEST SOFTWARE amp amp Quest One LDAP Browser 1 5 Y SB File Edit View Schema Search BookMark LDIF SSL Help QUEST Quest One LDAP Browser 1 5 SOFTWARE Schema Field Value cn schema E t 9 objectclasses RN A account FY alias E r z S applicationer EX applicationpr FX authpasswor E4 automount E4 automountm E4 bootabledevi EX calentry By certifications A certificationa A changelogent FX corbacontain E4 corbaobject f SA corbaobjectra EX country E amp cridistributio S dcobject f SA device f A dmd el A dnsdomain Name account ID 0 9 2342 19200300 100 4 5 Superiors top Required uid Optional description seeAlso 0 ou host Value 0 9 2342 19200300 100 4 5 NAME account
11. treated as SINGLE valued or MULTI valued e Superior Used to specify superior attributes for which this attribute inherits properties e Aliases In this section you can add and remove aliases that can be used to reference this attribute New Attribute Attribute Description ID Syntax String Single nd Superior Aliases E O Restore initial values 1 Create Attribute Cancel Figure 32 New Attribute When you have finished entering the details for your virtual Attribute you can click on the Create Attribute button This will update the local schema representation and automatically refresh the view if you have it open It will also store this virtual Attribute in the local configuration file for future use An entry for a virtual attribute within a configuration file will look something like this attributebegin attributename NewAttrl attributeoid 77 88 5 03 4 5 77 attributedescription A virtual attribute attributesyntaxstring 1 3 6 1 4 1 1466 115 121 1 15 1024 attributesingle no attributesuperior attributealias attributeend When you have added an Attribute to the local schema representation the font color for the Attribute entry in the schema will be set to red so that it is easy to identify that the Attribute is stored locally and not in the schema reported by the server 11 3 3 Editing an ObjectClass You can edit an objectclas
12. 89 User id Password _ Show password Suffixes v Delete Save Test Connect Cancel Figure 9 The Connection dialog If you have clicked on the Connection option either in the File Menu in the Menu Toolbar or in the Control Toolbar the Connection Dialog will open to allow you to specify the parameters that you wish to use to open a connection to a backend LDAP Directory The Connection Dialog provides you with the option to load the parameters from a previously stored connection or to specify new parameters for a new connection Connection Selector AD1 ADViaProxy OpenDS OpenDS Accounting OpenDS Proxy 3890 SunDSEE my_organization VDS Tutoriall Proxy 3890 VDS Tutorial2 Proxy 3890 Password Show password Suffixes v Delete Save Test Connect Cancel Figure 10 Selecting an existing connection in the Connection Selector The Connection Dialog consists of two panels The first contains a Connection Selector which is drop down menu of previously stored connection parameters By selecting any previously stored connection the parame ters that have been stored will be loaded into the relevant fields inside the Parameters panel of the dialog This gives you the option to make any last minute changes to stored parameters before connecting The Connection Selector is also an editable field This means that after changing the parameters for a stor
13. Browser 5 QUEST l SOFTWARE 2 Installation Installation of the product will depend on the environment that you intend to run it on however it is important to note that the product does require that Java is installed on the target operating system in order to function correctly QO LB is provided in a variety of binary package formats for Unix and Linux environments and as a Windows installation executable QO LB is also bundled with QC VDS In this case the browser will be installed automatically as part of the installation process for this product 2 1 Microsoft Windows QO LB can be installed on Microsoft Windows systems with the Java v6 JRE available The installer provides a simple wizard that will take you through the required installation steps In most cases you should simply accept the default parameters that are defined within the wizard The QO LB installer also supports console and silent mode installation for enterprise environments where a mass rollout is required In order to carry out an installation from the command line you are able to simply execute the installation package using the i console or i silent command line switches as follows golbRX_Y_ZR exe i console or golbRX_Y_ZR exe i silent Note that when performing a console installation you will be presented with same options that you are pre sented with in the Graphical Installation Wizard in the form of a set of prompts This will
14. Certificate Cancel Figure 37 The SSL Truststore Dialog The Truststore dialog expects the following parameters e Truststore You should enter the path to an existing Truststore file that you have created or specify the path to a new Truststore file that you wish to create e Password This is the password used to encrypt the data stored within a Truststore If you are adding a certificate to an existing truststore this should match the password that the truststore was given when it was created If you are creating a new Truststore you can specify any new password here but you should be sure to remember it in order to modify the Truststore in the future e SSL Certificate You should enter the path to an existing certificate currently available in PEM format on your filesystem This certificate will be added to the Truststore and will be available for use when encrypting or validating SSL connections You may continue to add certificates to the Truststore in the future if more than one certificate is required i e you need to create a chain or you wish to use the same Truststore for alternate connections e Alias You can optionally specify an alias for each certificate that you add to the Truststore This is useful if you want to look at certificate details for a specific certificate within the store Once the certificate that you wish to use for an SSL connection has been added to the TrustStore you will be able to open an SS
15. DESC SUP top STRUCTURAL MUST uid MAY description seeAl f A document el SA documentser S domain sil E ak 2 ak ak A ok A A a ak ak 2 ak a a A 2 A A A A A A Figure 30 Viewing the Server Schema Virtual schema entries added to the local schema representation are highlighted in red in the navigation panel of the browser when viewing the schema tree 11 3 Editing the Local Schema Representation In some cases you may be making use of some kind of Virtual Directory Server or LDAP Proxy software that will be situated between the browser and a backend server In these situations it is possible that the schema that is reported the backend LDAP directory may not entirely match the capabilities of the solution that you have implemented For instance if you have made use of any form of attribute victimization or alternate method of extending the schema without actually performing a modification on the backend system then the schema reported will not match the actual capabilities of your solution In these cases you may need to update the local schema representation that the browser is storing It is absolutely important that you understand that changing the local schema representation will not change the schema on the server it will merely facilitate the option of using additional objectclasses and attributes that your solution actually already supports Note that after any changes to the schema that
16. F representation of the entry You can switch between views using the tabs at the top of the panel which are labelled appropriately The tab for the currently selected view will always be highlighted to indicate which view you are using The Entry Display Panel can switch between a Display mode and an Edit mode In Display mode you are able to refresh the data presented within the panel In Edit mode you are able to make changes to the entry that you are viewing including adding attributes and editing their values as well as adding further ObjectClasses to an entry It is only possible to switch into Edit mode in the Field Value view The LDIF view does not support Edit mode When in the Field Value view you are able to add or remove ObjectClasses as well as Attributes and can add or remove values for any attribute At the bottom of the Entry Display Panel there are six buttons marked as follows e Manage ObjectClasses Available when in Edit mode and will open a dialog to allow you to add or remove ObjectClasses listed in the schema to an entry e Manage Attributes Available when in Edit mode and will open a dialog to allow you to add or remove Attributes listed in the schema to an entry e Save Available when in Edit mode and will submit a modification request to the LDAP Server to commit changes made to an entry e Edit Swiches the current view from Display mode to Edit mode to allow you to modify attributes and their values
17. Ge QUEST SOFTWARE Quest One LDAP Browser 1 5 3 User Manual 2012 Quest Software Inc ALL RIGHTS RESERVED This guide contains proprietary information protected by copyright The software described in this guide is furnished under a software license or nondisclosure agreement This software may be used or copied only in accordance with the terms of the applicable agreement No part of this guide may be reproduced or transmitted in any form or by any means electronic or mechanical including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Quest Software Inc The information in this document is provided in connection with Quest products No license express or implied by estoppel or otherwise to any intellectual property right is granted by this document or in connection with the sale of Quest products EXCEPT AS SET FORTH IN QUEST S TERMS AND CONDITIONS AS SPEC IFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT QUEST ASSUMES NO LIABILITY WHATSO EVER AND DISCLAIMS ANY EXPRESS IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PROD UCTS INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT INDIRECT CONSEQUENTIAL PUNITIVE SPECIAL OR INCIDENTAL DAMAGES INCLUD ING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS BUSINESS INTERRUPTION OR LOSS OF
18. INFORMATION ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Quest makes no representations or war ranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice Quest does not make any commitment to update the information contained in this document If you have any questions regarding your potential use of this material contact Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo CA 92656 email legal quest com Refer to our Web site www quest com for regional and international office information Trademarks Quest Quest Software the Quest Software logo Simplicity at Work are trademarks and regis tered trademarks of Quest Software Inc For a complete list of Quest Software s trademarks see http www quest com legal trademarks aspx Other trademarks are property of their respective owners QUEST l SOFTWARE Contacting Quest Software Email info quest com Mail Quest Software Inc World Headquarters 5 Polaris Way Aliso Viejo CA 92656 USA Web site www quest com Refer to our Web site for regional and international office information Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have
19. L connection to an LDAPS server in the Connection dialog by specifying the path to the TrustStore that you have added the certificate to Quest One LDAP Browser 46
20. One LDAP Browser 35 9 3 Automatic Bookmark Updates QUEST SOFTWARE Finally double clicking on any Bookmark in the Tree Browser will execute it and the focus will accordingly switch to the entry 9 3 Automatic Bookmark Updates Do you want to update the bookmarks with dn uid MSmith ou marketing dc onecorp dc com if there are any bookmark with this dn you will not be able to use it Figure 27 A prompt to update bookmarks after renaming an entry When the value for a naming attribute in the RDN of any entry is updated you will automatically be prompted to update your bookmarks If you select to update bookmarks any bookmark pointing to the modified DN of an entry will be automatically updated so that it will continue to work as expected If you opt out of the update the bookmark is likely to break because the entry will no longer be accessible using the pointer DN Automatic Bookmark Updates apply as well to Schema Bookmarks Quest One LDAP Browser 36 QUEST SOFTWARE 10 LDIF Export Options The LDIF Export Options are exceptionally useful for backing up data or for creating replica directories At any point in the directory tree you are able to export an LDIF file that represents the data stored in the tree There are two options available for this purpose 10 1 Export Full Tree The Export Full Tree will export an LDIF file of the entire Directory Tree in the current view That is to say if you are in the Globa
21. a button labelled Suffixes If the hostname password and BIND credentials have been populated for the connection clicking on this button will query the server for a list of root suffixes that are available for the configured connection and will populate a drop down list of optional suffixes that you can browse You can then click on the drop down list to choose a suffix to browse The suffix list is editable so that you can opt to browse a suffix that is deeper into the directory tree than the root suffixes supported by the server Quest One LDAP Browser 19 6 1 The Connection Dialog QUEST SOFTWARE Connection Selector Parameters LDAP SSL Referrals Advanced Host localhost Port 3892 User id en dirmanager Password eee seecces _ Show password Suffixes jo accounting de mycompany org v Delete Save l Test Connect Cancel Figure 11 Editing the LDAP Connection Parameters 6 1 2 SSL The SSL tab is used to specify SSL TLS related parameters when opening a connection using LDAPS The following options are available e Use SSL Enables SSL to encrypt the connection when connecting to an LDAPS server e Blindly trust SSL Server Certificate Simply accepts the certificate offered by the LDAPS server and adds it to the default Truststore Note that if you select this option you will not need to provide a path to a truststore f
22. a valid maintenance contract Quest Support provides unlimited 24x7 access to SupportLink our self service portal Visit SupportLink at http support quest com From SupportLink you can do the following e Retrieve thousands of solutions from our online Knowledgebase e Download the latest releases and service packs e Create update and review Support cases View the Global Support Guide for a detailed explanation of support programs online services contact informa tion policies and procedures The guide is available at http support quest com About Quest Software Quest Software simplifies and reduces the cost of managing IT for more than 100 000 customers worldwide Our innovative solutions make solving the toughest IT management problems easier enabling customers to save time and money across physical virtual and cloud environments For more information about Quest go to www quest com Quest One LDAP Browser 3 QUEST l SOFTWARE 1 Introduction Quest One LDAP Browser QO LB is a Java application that is capable of running on any Java friendly operating system including Microsoft Windows MacOS X Linux and other Unix variants The browser was designed to work with any LDAP v2 or v3 compatible LDAP server including Active Directory and also to be able to integrate with any LDAP Virtualization tool such as Quest One Quick Connect Virtual Directory Server QC VDS QO LB offers a friendly GUI interface to access LDAP
23. allow you to change the installation path explicity agree to the license agreement and to determine whether or not to overwrite files that may already exist in the installation path Note that if you opt to use a silent install it will be assumed that you have read and agreed to the license agree ment for the software By using this switch you have implicitly agreed to the terms laid out in this agreement 2 2 Linux and Unix QO LB can be installed on Linux and Unix operating systems with the Java v6 JRE available Binary packages are available in RedHat Package Manager rpm Debian package deb and Solaris pkg formats 2 2 1 Installation on Linux For installation on Linux systems QO LB is provided both in rpm and deb package formats and can be added to the system as any other package would be using your standard package management utility The installation of QO LB would take place as follows on RPM based distributions rpm ihv golb RX Y Z R 1i386 rpm or on DEB based distributions dpkg i qolb X Y 2Z R i386 deb After a successful installation the rpm or deb file can be deleted to free disk space Quest One LDAP Browser 6 2 2 Linux and Unix QUEST SOFTWARE 2 2 2 Installation on Solaris Installation on Sun Solaris systems is done by running the pkgadd system utility on the installation file provided In order to install the product the package file should be copied to a temporary directory on the machine i
24. b The Base DN that you wish to connect to on the LDAP Server ssl Whether or not to use SSL Values available are yes no The default for this argument is no Note that if you do not use the t option with this option the connection will be opened and the browser will blindly accept whichever certificate the server offers and the default Truststore will be used t The location of the SSL Truststore where your certificates are kept v The LDAP Version that the client should use for the connection Values available are 0 and 1 0 LDAP v2 1 LDAPv3 n The name of an existing configuration that should be used to instantiate the other connection parameters r Enables support for referrals Options are yes or no The default setting for this option is no Quest One LDAP Browser 22 6 3 Command Line Arguments QUEST SOFTWARE This means that you can open a connection to an existing configuration in the following way bin ldapbrowser n myconfigurationname Alternatively it is possible to open a new connection like this bin ldapbrowser h localhost p 389 D cn dirmanager w password If using SSL you may either choose to blindly accept whichever certificate is offered by the server and add this certificate to the default Truststore bin ldapbrowser h localhost p 389 ssl yes Or you may wish to explicitly use certificates that you trust and that have been personally added to a specific Truststore bin
25. bjectClass in the local configuration file for future use An entry for a virtual attribute within a configuration file will look something like this obj obj obj obj obj obj obj obj obj obj ec ec ec ec ec ec ec ec ec tclassbegin tclassname OnecorpOC tclassoid 1 23 44 7 89 03 49 5 tclasssuperior top tclassdescription This is a virtual objectclass tclassrequired NewNameS tclassoptional NewAttr1SNewAttr2 tclasstype 0 tclassalias Newtest tclassend Quest One LDAP Browser 40 11 3 Editing the Local Schema Representation QUEST SOFTWARE New ObjectClass Objectclass Description ID J Type STRUCTURAL v Superiors ObjectClasses ds cfg user defined virtual attribute ds cfg alert handler nisNetgroup rinter Abstract Il LD lt lt Required Attributes gt gt im preferredServerList ds backup encrypted ds cfg time interval SolarisAttrLongDesc _ lt lt ds cfg referral hop limit gt gt ii gt T Optional Attributes gt preferredServerList ds backup encrypted ds cfg time interval SolarisAttrLongDesc lt lt ds cfg referral hop limit gt gt Il KI Aliases O Restore Values Create ObjectClass Cancel Figure 31 New ObjectClass When you have added an ObjectClass to the local schema represen
26. btree Exports an LDIF file for all of the entries below the currently selected node in the visible directory tree e SSL Store Certificate Allows you to add certificates to a truststore that can be used when initiating SSL encrypted connections to LDAPS servers e Help Contents Provides a contents list for the Help pages More from Quest Software Opens the default web browser to take you to the Quest Software homepage About Presents a dialog with information about the product version and authors 5 3 Control Toolbar wm S ERY S oe S S ee Figure 4 The Control Toolbar The Control Toolbar contains a set of icons that work as buttons to provide shortcuts to commonly used actions All of the options available in the Control Toolbar are also available in the Menu Toolbar If the application is in a particular view or state where a particular Control Button is not relevant the Control Button will be greyed out and will not be accessible The Control Toolbar contains buttons that provide shortcuts to the following actions Quest One LDAP Browser 13 5 4 Connection Tab Bar QUEST SOFTWARE e Connection Opens the Connection dialog where you can either create a new connection or select from a list of preconfigured connections e Close Closes the currently opened connection e Save Saves the current connection configuration and all Searches and Bookmarks to the stored Con nections list e New En
27. butes checkbox to list all of the available attributes defined in the schema If you select an attribute for an ObjectClass that you have not already added you will be prompted to add the ObjectClass that contains it As with the ObjectClasses if you have added an Attribute that you do not want to use you can move it back into the Available Attributes list by clicking the attribute in the list and then clicking on the button at the bottom When you have selected the ObjectClasses and Attributes that you wish to use for the new entry you can click the Next button at the bottom of the dialog window You will now be presented with a second screen that contains a list of the attributes that you have selected to add for the new entry You will need to enter values for each of the attributes listed When you have finished adding values to the attributes for the new entry you can click on the Finish button to Quest One LDAP Browser 25 7 1 Tree Editing Options QUEST SOFTWARE submit the modification request If you have sufficient privileges to write to the parent node in the LDAP tree the modification request will be processed and the changes will be written to the directory Note that you will not be able to add an entry if the server that you have connected to has not reported a schema as the browser will be unable to present you with the options to add or edit ObjectClasses and Attributes Although this sort of scenario is not comm
28. button at the bottom of the dialog window You will be prompted for a name for the folder and a description The description is only for information purposes and is not mandatory Once you have entered a name for the folder you can click Save to save the changes To delete any Bookmark entry simply right click on the entry in the Tree Browser and then select the Remove option This will delete the entry and any reference to it stored in the configuration file You can also Remove folders but they cannot be deleted if they contain any entries as a safety precaution Any Bookmark or Folder can be edited by clicking on it to select it in the Tree Browser and then clicking on the Edit button All of the fields available for the configuration of a Bookmark entry will become editable You will be able to edit the DN for the location of the Bookmark the Name that is used to stored the Bookmark or the Description provided for the Bookmark Once you have made your changes you will be able to click on the Save button to store your changes You are able to click the Cancel button to exit out of Edit mode without writing changes The Bookmark Management dialog also provides a New Bookmark button which gives you the option of adding a new Bookmark from within the dialog Clicking on this button will allow you to specify the DN for the location of the Bookmark the Name that is used to stored the Bookmark and the Description provided for the Bookmark Quest
29. con o that appears on the left of any of the entries within the tree If you attempt to expand a node that has no children or sub entries the expander icon will disappear Where possible different entry types within the tree are presented with different icons to help distinguish them from each other This is dependent on the RDN of the entry which is tested to determine which icon to display Currently different icons will be presented for the following RDN naming attributes dc c cn ou and uid Many of the commonly used actions specific to editing entries within a directory tree can be accessed by right clicking on any node within the directory tree Clicking on different nodes within the directory tree will update the information displayed in the Entry Display Panel where you are able to see different views of the attributes stored for any entry Quest One LDAP Browser 14 5 6 Entry Display Panel QUEST SOFTWARE co a Local Ht onecorp marketing sales operations amp spain clients F amp cisPain2 amp cisPains a cliSPAIN4 o Faba cliSPAINS OD products managers allproducts Figure 6 The Navigation Panel 5 6 Entry Display Panel The Entry Display Panel provides 2 different views of the attributes stored for any entry that is selected in the Navigation Panel e Field Value Displays the attributes as a field value combination e LDIF Presents an LDI
30. d Close Figure 34 Modify an Attribute While editing a virtual Attribute will simply update the information stored for that Attribute within the configuration file editing a genuine Attribute will effectively add a new virtual Attribute with the values specified This means that in order to undo these changes you will need to remove the Attribute from the schema and then save your Quest One LDAP Browser 43 11 3 Editing the Local Schema Representation QUEST SOFTWARE configuration This will remove the virtual Attribute from the configuration file and will revert the browser back to using the original attribute defined in the Schema 11 3 5 Removing an ObjectClass You can remove an objectclass from the local schema representation by clicking on the Remove button in the Manage Objectclass window This function provides two alternate behaviors If you are removing a virtual objectclass that you have created within the local schema representation using the Add ObjectClass option the Remove ObjectClass option will remove the configuration entry stored within the configuration file so that the virtual objectclass is permanently removed On the other hand removing a real objectclass from the reported schema will create a new configuration entry in the configuration file to store a list of removed objectclasses The configuration entry will look similar to the following objectclassremovedbegin
31. e browser display At the bottom of the view panels there is an Edit button that will allow you to edit the attributes and objectclasses for any entry The editing options available depend on the view that you are using 7 2 1 Field Value Field Value Ldif uid Smith ou marketing dc onecorp dc com uid JSmith objectClass person inetorgperson organizationalP erson top sn Smith si facsimileTelephoneNumber 555181404 _ si cn John Smith sia telephoneNumber 555181403 k 444272305 je Q userPassword SSHA D7P WVLZFJNEXBD SyqUALWWEjAUCZBzw9GtO4g f Manage Objectclasses Manage Attributes Save Edi Cancel Figure 18 The Field Value view in Edit mode When Editing in the Field Value view you are only able to edit the values for the attributes that already exist for any entry When in Edit mode the values that you are able to edit will highlight in white and you will be able to click into them to edit the value stored for each attribute Some directories such as Active Directory may present values for attributes that are set as read only or flagged with NO_USER_MODIFICATION In these cases attributes will be presented but will not be editable even when in Edit mode This will help you to avoid errors when trying to save an entry modification If an attribute can contain multiple values you are also able to Add a Value or Remove a Value The
32. e options in this drop down list STRUCTURAL A structural object class is used to define the primary type for an entry Each entry must have exactly one structural class and it defines the core type of object that the entry represents ABSTRACT An abstract object class is not intended to be used directly in entries but should be subclassed by a structural or auxiliary class AUXILIARY An auxiliary object class is used to define a characteristic of an entry An entry may have zero or more auxiliary classes e Superior ObjectClasses In the panel on the left you can select superior ObjectClasses for this Object Class and add them using the button You will be likely to specify superior ObjectClasses if you have specified that this ObjectClass is of an Abstract or Auxiliary type e Required Attributes In the panel on the left you can select Attributes that this ObjectClass requires and add them using the button e Optional Attributes In the panel on the left you can select optional attributes that belong to this Object Class and add them using the button e Aliases In this section you can add and remove aliases that can be used to reference this ObjectClass When you have finished entering the details for your virtual ObjectClass you can click on the Create ObjectClass button This will update the local schema representation and automatically refresh the view if you have it open It will also store this virtual O
33. ed an existing connection and have not renamed it it will save over connection that was previously stored If saving new connection parameters you will need to specify a name for the connection in the Connection Selector e Test Attempts to connect to the LDAP server using the connection parameters that you have entered and notifies you if the connection was successful e Connect Connects to the LDAP server using the parameters provided without saving the connection in the stored list of connections e Cancel Cancels out of the New Connection dialog The following sub sections will describe each of the tabs in the Parameters panel and the options that are available to you when specifying connection parameters 6 1 1 LDAP The LDAP tab contains the following options e Host The hostname or IP address where the LDAP Server that you are connecting to is hosted e Port The TCP port number that the LDAP Server is listening on e User ID The full DN of the user that should be used to BIND the connection e Password The password for the user that the connection will BIND for e Suffix The Base DN or suffix that you wish to browse on the LDAP Server Note that a Show Password button is available on the right of the Password box This button will reveal the password in plain text for as long as the button is pressed If you wish to bind anonymously you may leave the User ID and Password fields blank There is also
34. ed connection you can edit the name under which it is stored and resave with an alternate connection name Furthermore when entering new parameters from scratch you can enter a connection name under which you wish to store the parameters before clicking on the Save button The second panel in the Connection Dialog is the Parameters panel This tabbed panel allows you to specify various parameters relevant to the connection that you are opening There are four tabs in this panel Quest One LDAP Browser 18 6 1 The Connection Dialog QUEST SOFTWARE e LDAP Parameters on this tab are fundamental to any LDAP connection including hostname port num ber etc e SSL Parameters on this tab are for LDAPS connections allowing you to load specific certificate trust stores etc e Referrals Options on this tab allow you to control how the browser should handle referrals e Advanced This tab is for advanced parameters It allows you to specify the LDAP version that should be used for the connection and the default number of entries to limit search requests to A row of buttons at the bottom of the Connection Dialog provides further options These buttons are labelled as follows and offer the following functionality e Delete Delete the currently selected connection from the stored connections list e Save Allows you to save the current connection parameters to the list of stored connections for future use Note that if you have edit
35. efault name Search1 You are able to right click on any of the search buttons to obtain a context menu that will allow you to perform various actions on any search view Usually the context menu will contain the following options e Close Search Closes the search view e Refresh Search Refreshes the search view by resubmitting the search request e Search Properties Opens a dialog containing the properties for the search view and allows you to modify the search request as required Available for Saved Searches Quest One LDAP Browser 16 5 7 Search Button Bar QUEST SOFTWARE e Save Search Opens a dialog containing the properties for the search view and allows you to save the search view with a specified name Available for new Searches Please refer to the Searches chapter for more information on searches and their views Note that the RootDSE Info and the Show Schema options are treated as Search views and are opened within the Search Button Bar Each of these views will be represented with a button displaying their respective icons Quest One LDAP Browser 17 QUEST l SOFTWARE 6 Connections QO LB functions by opening connections to backend LDAP servers The Browser supports connectivity using the LDAP3 and LDAP2 versions of the protocol 6 1 The Connection Dialog Connection Selector Iv Parameters j LDAP SSL Referrals ji Advanced Host j Port 3
36. er you will need to save the entire configuration file by clicking on the Save option in the File Menu Note that you will be prompted to save a configuration when you close it just in case you forget to save your existing Bookmarks and Searches 9 2 Managing Bookmarks Bookmarks for each connection are stored individually within a single configuration file For any connection you are able to manage the Bookmarks that you have stored by clicking on the Manage Bookmarks option in the Bookmarks Menu This will open the Bookmark Management dialog Bookmark Browser Bookmark Info cA Bookmark DN RoutingNumber v clisPAIN2 J JSmith in Marketing Name RoutingNumber Schema Entries Description x RoutingNumber The RoutingNumber attribute for reference on schema syntax etc L New ka E it Close Figure 26 The Bookmark Management dialog In the Bookmark Management dialog the panel on the left provides a Tree Browser that allows you to navigate through the different Bookmarks that you have stored You can Add Folders in order to store your Bookmarks in a more organized fashion and you can expand these folders in the Tree Browser You can click on any Bookmark entry in the Tree Browser to view the details for the Bookmark within the information panel on the right side of the screen To add a new folder simply click on the node in the Tree Browser that you want to create a folder under and then click on the New Folder
37. er 21 6 2 Disconnecting QUEST SOFTWARE Connection Selector v Parameters LDAP f SSL Referrals Advanced LDAP Protocol LDAP3 v J 7 Limit number of results on searches to Size Limit Value 1000 Delete Save Test Connect Cancel Figure 14 Editing Advanced Connection Parameters 6 2 Disconnecting For any open connection you can disconnect and close the connection tab by clicking on the Close option in the File Menu in the Menu Toolbar or on the Close button in the Control Toolbar You are also able to right click on the Connection tab to select the Close Connection option for any connection QO LB also allows you to close all open connections You can do this by clicking on the Close All option in the File Menu in the Menu Toolbar or by right clicking on any of the Connection Tabs and clicking on the Close All Connections option 6 3 Command Line Arguments QO LB can be initiated from the command line and accepts command line arguments This allows the browser to integrate better with external applications that may need to call the browser to open a new or a stored connection Command line arguments are as follows h Hostname or IP address of the server that you are connecting to p The Port number that the LDAP server is listening on D The BIND DN that you will use to authenticate with w The password for your BIND DN
38. ganized according to connection name and you are able to create your own folders to store them according to your own particular organizational preference When you click on a Bookmark the focus will switch to the entry contained in the bookmark and any parent container for the entry will be expanded It is important to note that if you are in a particular Search view the view will switch back to display the entire Directory Tree as bookmarks cannot function within Search views It is also possible to create a Bookmark for a schema entry when browsing the schema view If you click on a Bookmark for a schema entry the view will switch to the Schema view automatically Schema Bookmarks are useful when editing entries as they allow you to quickly check things like an attribute s syntax before committing a change 9 1 Adding a Bookmark It is very simple to add a bookmark At any point in the Directory Tree in the navigation panel select the entry that you wish to bookmark and then click on the Add Bookmark option either in the Bookmarks Menu or in the Control Toolbar The Bookmark Manager will open giving you the option to enter a Name and a Description for the Bookmark The Name will be used to reference the bookmark in future and will appear in the Bookmarks menu under a menu named after your connection Folders Bookmark Info cA EEE DN uid MSmith ou marketing de onecorp dc com v JSmith j Name MSmith in Marketing Descri
39. hemaSubentry cn schema vendorVersion OpenDS Directory Server 2 2 0 namingcontexts dc onecorp dc com dc twocorp dc com o accounting dc mycompany org o payroll dc mycompany org dc xplode dc org objectClass top ds root dse Figure 29 Viewing RootDSE Information The RootDSE is displayed as a tree in the navigation panel To view the attributes returned by the query you will need to click on the rootDSE node in the tree Attributes and values are displayed in a similar way to entries within the normal tree with the exception that the RootDSE entries cannot be edited Note that if no RootDSE is returned by the server that you have connected to this option will be unavailable 11 2 Show Server Schema You can access the server Schema view by clicking on the Show Schema option in the Schema menu in the menu toolbar You can also open the view by clicking on the Show Schema icon in the Control toolbar Note that if no Schema is returned by the server that you have connected to this option will be unavailable The Show Schema panel will open as a view accessible on the Search View button bar at the bottom of the screen and is represented by a button displaying the same Show Schema icon as is used in the Control toolbar The schema is displayed as a tree in the navigation panel The schema node in the tree can be expanded to view ObjectClasses AttributeTypes LDAPSyntaxes and MatchingRules Expanding any of these options will allow you
40. ile as a default truststore will be used e Truststore The path to a truststore file that includes the certificates required for an SSL connection Connection Selector z Parameters ADAP SSL Referrals Advanced v Use SSL Truststore parameters Blindy trust SSL Server Certificate Truststore homefrowan symlabs Idapbrowser defaukTruststore select trustore Delete Save Test Connect Cancel Figure 12 Editing SSL Connection Parameters Note that if you are connecting to an LDAPS server instance you will need to check the Use SSL checkbox You may opt to blindly trust the SSL certificate offered by the LDAPS server in which case it will be stored in a default certificate truststore for future use Alternatively you will need to specify the path to an SSL Truststore that you have already created You can create a new Truststore by clicking on the Store Certificate option in the SSL Menu See SSL Truststoreg1 2 for more details If you specify the path to a Truststore the certificate offered by the LDAPS server will be validated against the certificate stored in the Truststore Quest One LDAP Browser 20 6 1 The Connection Dialog QUEST SOFTWARE 6 1 3 Referrals The Referrals tab is used to define how the browser should handle LDAP referrals Many LDAP servers par ticularly Active Directory may make use of referrals within the directory structure If you choo
41. in order to undo these changes you will need to remove the ObjectClass from the schema and then save your configuration This will remove the virtual ObjectClass from the configuration file and will revert the browser back to using the original ObjectClass defined in the Schema 11 3 4 Editing an Attribute You can edit an attribute within the local schema representation by clicking on the Manage Attribute option in the Schema menu in the menu toolbar In the dialog that pops up you can choose to Add a new Attribute Remove and existing Attribute or Restore an Attribute that you have previously removed There is also an option to Modify an Attribute If you click on this button the Add Attribute window will appear with all of the fields completed with the data relevant to the Attribute as it already exists within the schema This gives you the opportunity to modify the definition for any Attribute within the local schema representation Available Attributes SolarisAttrKey Value SolarisAttrLongDesc SolarisAttrReserved1 SolarisAttrReserved2 SolarisAttrShortDesc SolarisAuditAlways SolarisAuditNever SolarisAuthMethod SolarisBindDN SolarisBindPassword SolarisBindTimeLimit SolarisCacheTTL SolarisCertificatePassword SolarisCertificatePath SolarisDataSearchDN SolarisKernelSecurityPolicy SolarisLDAPServers Ti gt 4 Please select an Attribute to Restore Attribute Add Attribute Remove Modify Restore Ad
42. l if editing the local schema representation Manage ObjectClass Allows you to edit the local schema representation for an objectclass This does not modify the schema on the server but is useful when working with Virtual Directory prod ucts that may include objectclasses not defined in the same way as in the schema reported by a backend server Quest One LDAP Browser 12 5 3 Control Toolbar QUEST SOFTWARE Manage Attribute Allows you to edit the local schema representation for an attribute This does not modify the schema on the server but is useful when working with Virtual Directory products that may include attributes not defined in the same way as in the schema reported by a backend server e Search New Search Opens the search dialog to allow you to perform a search directly without saving Add Search Opens the Add Search dialog to allow you to create a new search shortcut Manage Searches Opens the Search Shortcut management panel where you can add edit and delete search shortcuts Save Search As Opens the search properties window for a new search and allows you to save the search with a search name e Bookmark Add Bookmark Stores a bookmark for the currently selected entry Manage Bookmarks Opens the Bookmarks management panel where you can add edit delete and organize stored bookmarks e LDIF Export Full Tree Exports an LDIF file for the visible directory tree Export Full Su
43. l view of the Directory you will export an LDIF file that represents all of the data in the tree from the Base DN or suffix that you connected to On the other hand if you have performed a particular search request and you are in the view for that Search the LDIF file that you export will contain only the entries visible within the results of the search Ma f Lookin IdapBrowser x a I ca A Name _ l JE SizeModified c3 confs 04 08 09 16 18 confs dif 179 KB 30 07 09 13 40 Ly wibble Idif 179 KB 30 07 09 16 24 File Name wibble Idif Files of Type All Files i v Open Cancel Figure 28 The File dialog for an LDIF Export When you click on Export Full Tree a File dialog will open providing you with the opportunity to determine where the LDIF file will be saved Simply navigate to the folder where you wish to store the LDIF file and then specify a name that can be used to store the file Note that the file browser will not allow you to overwrite an existing file 10 2 Export Full Subtree The Export Full Subtree will export an LDIF file of all of the data below the currently selected node in the current view That is to say if you are in the Global view of the Directory you will export an LDIF file that represents all of the data in the Directory that is stored below the branch that you have selected On the other hand if you have performed a particular search req
44. ldapbrowser h localhost p 389 ssl yes t home john ldapbrowser mytruststore Quest One LDAP Browser 23 QUEST l SOFTWARE 7 Browsing and Editing a Directory Tree 7 1 Tree Editing Options Once you have a connection open you will be able to navigate to different points in the Directory Tree by expanding nodes in the Navigation Panel At any point in the Tree you are able to edit the Tree structure To do so you can either make use of the tools in the Edit Menu of the Menu Bar or use the Control Buttons in the Control Toolbar You are also able to right click on any entry in the Navigation Panel to select any of the Tree editing tools G clients p aes Oo aa cISPAINI up aa Down am Refresh gt E ore Re es gt amp uk oO S us TTT opopfope p L Clone Entry oF Rename Entry manager X Delete Entry o allproduq Pn es New ry Copy dn Add Bookmark Add Search g New Search Figure 15 The Context menu when you right click an entry in the Navigation panel 7 1 1 Add an Entry The Add Entry option in the Edit Menu and Control Toolbar will allow you to add an Entry at any point in the Tree In order to create an Entry you should always click on the parent node that will contain the entry and then click on the Add Entry option When adding an entry a popup dialog box will appear that will require you to select the ObjectClasses that you wish to use to define the entry a
45. nd its attributes For each ObjectClass that you intend to use you will need to click on the class listed in list of Available classes in the panel on the left of the dialog You can then click on the top button to move the class across to the list of Selected classes in the panel on the right of the dialog If you have added a class to the Selected classes list that you do not wish to use you can move it back into the Available classes list by clicking on it to select it and then clicking on the bottom button When you select an ObjectClass the RDN dropdown box at the top left of the screen in the DN section will be populated with the list of all available attributes You will then be able to select the attribute that you wish to use as the naming attribute for the entry Quest One LDAP Browser 24 7 1 Tree Editing Options QUEST SOFTWARE amp o New Entry Dialog y O amp 1 Choose attributes Choose attributes 2 Fill the attributes values DN RDN uid v Parent jou marketing dc onecorp dc com v ObjectClasses Attributes Available Selected account inetorgperson alias organizationalperson applicationentity person applicationprocess top authpass wordobject auto mount L gt gt auto mount map bootabledevice calentry certificationauthority certificationauthority v2 changelogentry corbacontainer corbaobject corbaobjectreference country cridistributionpoint lt l
46. o quickly perform a search without having to store it permanently however once a search has been performed you will still have the option to save it for later use When performing a search you can click on the branch within the Directory Tree to help limit the base DN for the search You can initiate a search by clicking on the New Search option in the Search Menu This will cause the New Search dialog to open Base Select the base to start searching from ou marketing dc onecorp dc com Scope Select the scope Scope SUB Search base DN and all entries within its subtree iy Filter uid M Search Cancel Figure 20 The New Search Dialog The New Search dialog will require you to enter the base DN or suffix that should be used within the search By default this will be populated with the DN for the branch or entry that was last selected in the Navigation Panel although the field can be edited manually to specify an alternate branch if required You can specify one of three alternative Scope settings for the search The scope defines how deep the search request will go The scope options are as follows e Scope Base Only searches the Base DN specified for the search e Scope One Searches for entries stored one level beneath the specified Base DN e Scope Sub Searches recursively through all levels beneath the specified Base DN In general within the browser you are likely to select a Scope of either One or Sub
47. oduct 7 2 2 LDIF It is not possible to edit entries while in the LDIF view This view is useful to allow you to copy the LDIF text to use with other applications Note that at any point you are able to also export the full LDIF Tree or a sub tree using the LDIF export options See LDIF Export Options10 2 for more on this topic Quest One LDAP Browser 28 7 2 Editing Entries QUEST SOFTWARE uid REastwood ou marketing dc onecorp dc com dn uid RE astwood ou marketing dc onecorp dc com objectClass person objectClass inetorgperson objectClass organizationalP erson objectClass top mail reastwood onecorp org sn Eastwood facsimileTelephoneNumber 555712410 cn Ralph Eastwood ItelephoneNumber 555712409 userP assword SSHA Gop G4QQoXeu3fjD dteTgN fyjRGSYIv4015ZXw givenName Ralph Manage ObjectClasses l Manage Attributes i Cancel Figure 19 The LDIF View Quest One LDAP Browser 29 QUEST l SOFTWARE 8 Searches Searches allow you to construct LDAP filtered queries within a friendly interface and to store these for future use Each Search query can be named and stored so that they will be listed in the Search Menu in the menu toolbar Searches are organized according to connection name and you are able to create your own folders to store them according to your own particular organizational preference 8 1 New Search The New Search option allows you t
48. on it may occur when making use of Virtual Tree structures in an LDAP Proxy or Virtual Directory Server type product 7 1 2 Clone an Entry The Clone Entry option in the Edit Menu and Control Toolbar will allow you to replicate any Entry within the Directory Tree In order to clone an Entry you should always click on the entry that you wish to clone and then click on the Clone Entry option Any entry in the Directory Tree can potentially be cloned In this operation the cloned entry will be copied with an identical set of attributes and values except that the naming attribute will have an integer appended to the end of its value which will be incremented for each clone created Any child entries stored beneath the entry that is being cloned will not be copied to the new entry The cloned entry will be stored under the same parent node in the directory tree 7 1 3 Rename an Entry The Rename Entry option in the Edit Menu of the Menu Bar will allow you to quickly change the value for the naming attribute of any Entry within the Directory Tree In order to rename an Entry you should always click on the entry that you wish to rename and then click on the Rename Entry option D Enter a valid uid John Smith ne Figure 17 To rename an entry you can specify a new value for the naming attribute When you choose to rename an entry a dialog box will appear that requires you to type a replacement value for the naming attrib
49. ption Takes you to MSmith s enty in the Marketing branch 1 z 7 Manage Folders Add Bookmark Cancel dienes Folders Figure 25 The Bookmark Manager dialog Once you have entered the Name and Details for the bookmark you can click on the Add Bookmark button to add it to your bookmarks list and store it for future use The bookmark will then be saved under the folder that is selected in the panel on the right Note that you can add a Bookmark while in a search view but the bookmark will apply to the particular DN of the entry that you bookmark and will not store the view for which it was added This means that if you add a bookmark for an entry that you have found in a search view clicking on that bookmark later will take you to the entry in the Global view and not to the particular search view that you were in when you created the bookmark You can equally add a Bookmark for a schema entry while in the Schema View Bookmarks created for schema entries will result in the browser loading the schema view and opening the entry that is bookmarked This will switch out of any view that you may already be in at the time that you select the bookmark Quest One LDAP Browser 34 9 2 Managing Bookmarks QUEST SOFTWARE It is very important to understand that Bookmarks and Searches are stored in memory while QO LB is open If you would like to store them permanently within a configuration for use next time you open the Brows
50. s within the local schema representation by clicking on the Manage ObjectClass option in the Schema menu in the menu toolbar In the dialog that pops up you can choose to Add a new ObjectClass Remove and existing ObjectClass or Restore an ObjectClass that you have previously removed There is also an option to Modify an ObjectClass If you click on this button the Add ObjectClass window will appear with all of the fields completed with the data relevant to the ObjectClass as it already exists within the schema This gives you the opportunity to modify the definition for any ObjectClass within the local schema representation Quest One LDAP Browser 42 11 3 Editing the Local Schema Representation QUEST SOFTWARE Available ObjectClasses SolarisAuditUser SolarisAuthAttr SolarisExecAttr SolarisNamingProfile SolarisProfAttr SolarisProject SolarisUserAttr account alias applicationEntity applicationProcess authPasswordObject automount automountMap bootableDevice cRLDistributionPoint u calEntry Please select an ObjectClass to Restore ObjectClass Add ObjectClass i Remove Modify Restore Add Close Figure 33 Modify an ObjectClass While editing a virtual ObjectClass will simply update the information stored for that ObjectClass within the configuration file editing a genuine ObjectClass will effectively add a new virtual ObjectClass with the values specified This means that
51. se options are indicated with a icon to add a value and an x icon to remove a value which are positioned on the right of any of these values To add a value click on the icon and then enter the value in the new field that will be provided If the attribute already has multiple values then an x icon will appear next to each value to allow you to select a value to remove Quest One LDAP Browser 27 7 2 Editing Entries QUEST SOFTWARE When you have completed making changes you can submit the modification request by clicking on the Save button You are able to click on the Cancel button to exit from Edit mode without storing any changes that you may have made to the attribute values When in the Field Value view you are able to add or remove ObjectClasses attached to an entry by clicking on the Manage ObjectClasses button This will open the Manage ObjectClasses dialog This dialog window is composed of two list panels In the panel on the left you will see a list of available ObjectClasses as defined within the server schema In the panel on the right a list of ObjectClasses currently used by the entry is presented Between the two panels are buttons marked with the symbols and You can use these buttons to move ObjectClasses from one list to the other When you have finished editing the list of ObjectClasses that you wish to use for the entry click on the Finish button Note that you can click the Cancel button to
52. se to check the Follow referrals checkbox this functionality will be enabled within the browser The following options are available e Follow Referrals Enables referral support in the browser e Ignore failure messages for referrals Disables notifications where the browser is unable to connect to one or more referrals referenced by the LDAP directory Other referral parameters that are available if referral support is enabled include e Timeout value for failed referrals The length of time in milliseconds that a referral should be tried for before it fails e Hop Limit Limits the number of referral hops that the browser should perform Default value is 10 Connection Selector Parameters LDAP SSL Referrals Advanced Follow referrals y Ignore failure messages for referrals Referral parameters li DO Delete Save Test Connect Cancel Figure 13 Editing Referral Parameters 6 1 4 Advanced The Advanced tab is used to specify advanced connection parameters e LDAP Protocol The version of the LDAP protocol that the server supports and that you wish to use for communications e Limit number of results on searches to A checkbox which allows you to enable disable search result limits by default this is enabled e Size Limit Value The number of search entries that a search will be limited to if search limits are enabled by default this is set to 1000 Quest One LDAP Brows
53. shion and you can expand these folders in the Tree Browser You can click on any Search entry in the Tree Browser to view the details for the Search Query within the information panel on the right side of the screen Quest One LDAP Browser 32 8 4 Managing Searches QUEST SOFTWARE Tree Browser Search Info fi Searches Name _ in Sales Q M in Marketing Description Entries beginning with J in Sales Search Params Base Select the base to start searching from ou sales dc onecorp dc com Scope Select the scope Filter uid Mmg New Edit Close Figure 24 The Search Management dialog To add a new folder simply click on the node in the Tree Browser that you want to create a folder under and then click on the New Folder button at the bottom of the dialog window You will be prompted for a name for the folder and a description The description is only for information purposes and is not mandatory Once you have entered a name for the folder you can click Save to save the changes You can move search entries and folders around within the tree by cutting and pasting them To do so right click on any search entry or folder in the Tree Browser and select the Cut option from the context menu Then navigate to the folder that you wish to contain the entry right click and select the paste option You can use the copy option in the context menu to duplicate searches in a similar
54. t dcobject device dmd dnsdo main 4 il gt Remove All ei mc 4 Figure 16 Adding an Entry will present a wizard which will allow you to define ObjectClasses and Attributes as well as their values The Parent DN or Suffix that is presented at the top of the screen will usually contain the DN of the node in the tree that was selected when you opted to add an entry This field contains a drop down box that usually contains a number of other likely intended parent DN s for the entry that you wish to add The field is also editable so that if the DN that is presented does not match the intended parent suffix you can type it in manually Once you have selected at least one ObjectClass you can click on the Attributes tab to list the available attributes for the classes that you have selected Mandatory attributes will automatically be added to the list of Selected attributes in the panel on the right To add other optional attributes that you wish to use for the entry that you are creating select the attribute from the Available Attributes list in the panel on the left and then click on the button at the top to move the attribute into the Selected Attributes list in the panel on the right Note that the list of attributes that are available will only contain the attributes available for the ObjectClasses that you have already selected You can click on the All Attri
55. tation the font color for the ObjectClass entry in the schema will be set to red so that it is easy to identify that the ObjectClass is stored locally and not in the schema reported by the server 11 3 2 Adding an Attribute You can add an attribute to the local schema representation by clicking on the Add Attribute button in the Manage Attributes window This will open the Add Attribute dialog where you are able to specify the various parameters required to create a new attribute As this is a fairly advanced topic and is rarely required unless you are using a Virtual Directory Server or LDAP Proxy product you will need to have a clear understanding of the information that you will be providing within your Attribute definition The following options are available e Attribute The name of the Attribute as it will be used within the browser e Description A description of the Attribute for the purpose of identifying the attribute and what it is used for e ID The unique Object ID OID that should be used to identify the Attribute e Syntax String The syntax string that should be used to describe the attribute type and how it should be used For example this should describe whether the attribute is a string or integer and whether comparison operations are case sensitive or case insensitive Quest One LDAP Browser 41 11 3 Editing the Local Schema Representation EF gYEST SOFTWARE e Single Whether or not the attribute should be
56. ticular menu option is not relevant the menu option will be greyed out and will not be accessible The menu options are categorized to belong to particular functional groups and are listed under each of the menu titles in the following way e File Connection Opens the Connection dialog where you can either create a new connection or select from a list of preconfigured connections Close Closes the currently opened connection Close All Closes all currently opened connections Save Saves the current connection configuration and all Searches and Bookmarks to the stored Connections list Save As Saves the current connection configuration and all Searches and Bookmarks to the stored Connections list with the option to specify a new name for the connection Exit Closes QO LB e Edit New Entry Creates a new entry in the directory tree Clone Entry Clones the current entry in the directory tree Rename Entry Allows you to specify a new RDN for an entry in the directory tree Delete Entry Deletes an entry within the directory tree Copy DN Copies the full DN of the selected entry to the clipboard e View Refresh Refreshes the view of a selected entry or search query RootDSE Info View the results for a RootDSE query on the current connection e Schema Show Schema View the schema for the current connection Refresh Schema Refreshes the view of the schema This is very usefu
57. tionName browser configfile These files are formatted in a way that can be parsed by the browser to allow it to open a connection with the appropriate parameters and to remember settings specific to a connection However the configuration files are fairly simple and are intuitive enough that you should be able to edit a file by hand if you find that something is not behaving in the expected manner The following text is an example of the content of a connection file confname Onecorp Local host localhost port 3892 authid cn dirmanager authpw dirmanager suffix dc onecorp dc com suffixes dc onecorp dc com dc twocorp dc com o accounting dc mycompany org o payroll dc mycompany org version 1 sslino referral no ignorefailuremsgs yes bookmarkfolderbegin bookmarkname Bookmark bookmarkdescriptionbegin It contains all the bookmarks stored in this ldap connection bookmarkdescriptionend bookmarkfolderend searchfolderbegin searchname Searches searchdescriptionbegin Quest One LDAP Browser 8 3 3 Connection Files QUEST SOFTWARE It contains all the Searches stored in this ldap connection searachdescriptionend searchfolderend Quest One LDAP Browser 9 QUEST l SOFTWARE 4 Starting QO LB The product requires Java v6 JRE installed on the platform where it will be run 4 1 Linux and Solaris In order to start QO LB go to opt quest 1b std directory and use the following command
58. to remove an ObjectClass it is automatically added to a list of removed ObjectClasses that will be used to filter the ObjectClasses presented in the local schema representation You may find that you wish to restore these ObjectClasses to their original state If this is the case you can use the Restore ObjectClass option in the Schema menu in the menu toolbar This action will open a dialog listing the ObjectClasses that have been removed from the local schema representation Simply selecting the ObjectClass that you wish to restore and clicking on the Restore button should ensure that the ObjectClass is added back into the schema Quest One LDAP Browser 44 11 3 Editing the Local Schema Representation QUEST SOFTWARE Available ObjectClasses to Restore DUAConfigProfile Restore Close Figure 35 Restore an ObjectClass 11 3 8 Restoring an Attribute If you select to remove an Attribute it is automatically added to a list of removed Attributes that will be used to filter the Attributes presented in the local schema representation You may find that you wish to restore these Attributes to their original state If this is the case you can use the Restore Attribute option in the Schema menu in the menu toolbar This action will open a dialog listing the Attributes that have been removed from the local schema representation Simply selecting the Attribute that you wish to restore and clicking on the Res
59. tore button should ensure that the Attribute is added back into the schema Available Attributes to Restore AccountNumber BankName GrossAnnualSalary RoutingNumber Restore Close Figure 36 Restore an Attribute Quest One LDAP Browser 45 QUEST l SOFTWARE 12 SSL Truststores In order to connect to an LDAPS server you will need to enable SSL for your connection and you may need to specify a path to an SSL Truststore SSL Truststores are binary files that are used to store collections of SSL certificates that can be used to encrypt communications between the QO LB client and the server that it is connecting to A Truststore can contain as many certificates as you like and you can set up as many different Truststore files as you require To create a new Truststore or to add a certificate to an existing Truststore you can click on the SSL Menu in the menu toolbar and then click on the Store Certificate menu option This will open the Truststore Dialog Truststore Please select the truststore if the filename is not found it will be created home john IdapBrowser truststore ti Browse Password Please write the password for the selected truststore Show Password SSL Certificate Please select the certificate to import homeljohn certs opends pem ti Browse Alias Please write an alias for the certificate opends ss m mai Add
60. try Creates a new entry in the directory tree e Clone Entry Clones the current entry in the directory tree e Copy DN Copies the full DN of the selected entry to the clipboard e Delete Entry Deletes an entry within the directory tree e Refresh Refreshes the view of a selected entry or search query e Add Bookmark Stores a bookmark for the currently selected entry e Add Search Opens the search dialog to allow you to create a new search shortcut e Show Schema View the schema for the current connection e RootDSE Info View the results for a RootDSE query on the current connection 5 4 Connection Tab Bar a Onecorp Local a SunOneDS Employees Figure 5 The Connection Tab Bar QO LB is capable of opening multiple LDAP connections at once As each connection is opened a new tab will appear in the Connection Tab bar You can open as many connections as you like either to the same server or to different servers The tabs will be labelled using the name that is stored for the connection when you create it The currently active connection will be highlighted in the Connection Tab Bar The majority of the control available within the browser will only act on the highlighted tab or the current connection 5 5 Navigation Panel The Navigation Panel will show the structure of the Directory Tree and allows you to navigate within the tree You are able to expand nodes within the tree by double clicking on them or by clicking on the expander i
61. uest and you are in the view for that Search the LDIF file that you export will contain only the entries visible within the results of the search that are below the branch that you have currently selected When you click on Export Full Subtree a File dialog will open providing you with the opportunity to determine where the LDIF file will be saved Simply navigate to the folder where you wish to store the LDIF file and then specify a name that can be used to store the file Note that the file browser will not allow you to overwrite an existing file Quest One LDAP Browser 37 QUEST l SOFTWARE 11 Server Specific Information QO LB provides options to view information specific to the server that you have connected to This includes the option to view information returned by a RootDSE query as well as the ability to browse the server schema 11 1 RootDSE Information You can access the RootDSE view by clicking on the RootDSE Info option in the View menu in the menu toolbar You can also open the view by clicking on the RootDSE Info icon in the Control toolbar The RootDSE Information panel will open as a view accessible on the Search View button bar at the bottom of the screen and is represented by a button displaying the same RootDSE Info icon as is used in the Control toolbar oO Root DSE of OpenDS Field Value cn rootDSE firstChangeNumber o lastChangeNumber 0 vendorName Sun Microsystems Inc subsc
62. ute defined for the entry It is possible to Cancel out of an entry renaming operation by clicking on the Cancel button 7 1 4 Delete an Entry The Delete Entry option in the Edit Menu and Control Toolbar allows you to delete any entry within the Directory Tree In order to delete an Entry you should always click on the entry that you wish to delete and then click on the Delete Entry option Note that when you click on the Delete Entry option you will receive a warning that the entry will be deleted If you have the appropriate privileges and confirm the Delete operation the entry will be removed immediately If an entry has children most LDAP servers will not allow you to delete the entry directly Currently QO LB does not support recursive deletion but this functionality is available through QC VDS Quest One LDAP Browser 26 7 2 Editing Entries FA gYEST SOFTWARE 7 1 5 Copy DN The Copy DN option in the Edit Menu and Control Toolbar simply allows you to quickly copy the DN for the entry that is currently selected to your clipboard This is useful for a number of editing operations and for troubleshooting purposes 7 2 Editing Entries Depending on the privileges that you have as an authenticated user you are able to edit any entry in the Directory Tree by clicking on it to select it Once selected you will be able to view the attributes for the entry in one of the three possible view panels on the right hand side of th
63. ve option in the File Menu Note that you will be prompted to save a configuration when you close it just in case you forget to save your existing Bookmarks and Searches 8 3 Search Results Each Search will display its results within its own view These views are presented as labelled buttons running along the bottom of the GUI The global view or the view of the Directory Tree with no LDAP filters applied is accessible using the button marked with an icon of the globe on the far left at the bottom of the GUI Note that the RootDSE Info and the Show Schema options are also treated as Search views and are opened within the Search Button Bar Each of these views will be represented with a button displaying their respective icons w EX ay J Entries in Marketing Q Mt in Marketing Figure 23 The Search results button bar with the Global view RootDSE view Show Schema view and a search button illustrated 8 4 Managing Searches Searches for each connection are stored individually within a single configuration file For any connection you are able to manage the Searches that you have stored by clicking on the Manage Searches option in the Search Menu This will open the Search Management dialog In the Search Management dialog the panel on the left provides a Tree Browser that allows you to navigate through the different Searches that you have stored You can Add Folders in order to store your Searches in a more organized fa
64. way Once a search has been duplicated you can edit it to provide any modifications that you require To delete any Search entry simply right click on the entry in the Tree Browser and then select the Remove option This will delete the entry and any reference to it stored in the configuration file You can also Remove folders but they cannot be deleted if they contain any entries as a safety precaution Any Search Entry or Folder can be edited by clicking on it to select it in the Tree Browser and then clicking on the Edit button All of the fields available for the configuration of a search entry will become editable Once you have made your changes you will be able to click on the Save button to store your changes You are able to click the Cancel button to exit out of Edit mode without writing changes The Search Management dialog also provides a New Search button which gives you the option of adding a new search from within the dialog Clicking on this button will present all of the fields required to add a search as discussed in the previous section Finally double clicking on any Search entry in the Tree Browser will execute the search request Quest One LDAP Browser 33 QUEST l SOFTWARE 9 Bookmarks Bookmarks offer shortcut functionality to allow you to navigate quickly to a particular point in a Directory Tree or schema As you add Bookmarks they will be listed in the Bookmarks menu in the Menu Toolbar Bookmarks are or
65. you make you should Save your configuration so that QO LB will remember the changes when it is restarted This is particularly important if you are restoring schema entries or they will simply not be visible when the browser is restarted If at any point you make a change to the schema and it is not reflected in the browser you may find that you need to save your changes and re open the connection as the schema will need to be regenerated based on the new configuration Quest One LDAP Browser 39 11 3 Editing the Local Schema Representation SOFTWARE 11 3 1 Adding an ObjectClass You can add an objectclass to the local schema representation by clicking on the Add ObjectClass button in the Manage ObjectClasses window This will open a New ObjectClass dialog This window offers a number of facilities to construct a new ObjectClass within the schema As this is a fairly advanced topic and is rarely required unless you are using a Virtual Directory Server or LDAP Proxy product you will need to have a clear understanding of the information that you will be providing within your ObjectClass definition The following options are available e Objectclass The name of the ObjectClass as it will be used within the browser e Description A description of the ObjectClass for the purpose of identifying the class and what it is used for e ID The unique Object ID OID that should be used to identify the ObjectClass e Type There are thre
Download Pdf Manuals
Related Search