General Questions
How do I enable debugging for the LDAP Browser/Editor?
LDAP Browser/Editor provides dynamic debug tracing support. It is enabled by setting the lbe.debug system property. The value can be one or more of the following:
java -Dlbe.debug=ldap:editor -classpath ... lbe.ui.BrowserAppThis will enable ldap tracing and debugging of the attribute viewers/editors.
For details on how to modify the 'lbe' scripts to enable this property see the question about this.
How do I run the Browser as an applet?
The LDAP Browser/Editor can be run as an applet within a web browser
(Netscape Navigator or Microsoft Internet Explorer) using the Java
Plugin. The Browser can be run either as a signed or unsigned applet.
If the Browser is running as an unsigned applet it can only access the
ldap servers on the server that the applet was downloaded from. If the
Browser is running as a trusted signed applet it can access any ldap server
on the network or the internet.
The HTML page that will contain the applet needs to be modified to
use the Java Plugin. A sample HTML page is included with binary distribution
of the Browser in the applet directory. Please see the Java
Plugin documentation for the modification details.
To run the Browser as an unsigned applet just extract the binary distribution into some web directory (e.g. ~/public_html/ldapbrowser/) and copy the applet/applet.html file into the browser root directory (e.g. ~/public_html/ldapbrowser/). Make sure to set the right permissions to all the files and directories, and then point your browser to the applet.html file.
To run the Browser as a signed applet you can follow the same directions as above and then you must sign all the jar files (in the lib directory and the browser.jar file) with an object signing certificate. Please see the Java Plugin documentation for details for this step.
How do I run the Browser behind a proxy?
The LDAP Browser/Editor does not provide any special support for proxies.
However, Java itself provides SOCKS 4 support.
To configure the Browser to use the proxy server add the following
properties to the command line to the Java interpreter:
-DsocksProxyPort=1080 -DsocksProxyHost=socks.mydomain.comFor example:
java -DsocksProxyPort=1080 -DsocksProxyHost=socks.mydomain.com -classpath ..... lbe.ui.BrowserAppFor details on how to modify the 'lbe' scripts to enable this property see the following question.
How do I modify the 'lbe' scripts to add the different system properties?
On Windows:
set CMD="%JAVA_HOME%\bin\java" -cp %COMMON%;%EXEC%with the system properties, for example:
set CMD="%JAVA_HOME%\bin\java" -Dlbe.debug=ldap -DsocksProxyHost=myserver.com -cp %COMMON%;%EXEC%
CMD="${JAVA_HOME}/bin/java -cp ${COMMON}:${EXEC}"
with the system properties, for example:
CMD="${JAVA_HOME}/bin/java -Dlbe.debug=ldap -DsocksProxyHost=myserver.com -cp ${COMMON}:${EXEC}"
On Windows:
set JAVA_HOME=c:\jdk1.2.2
JAVA_HOME=/sandbox/jdk1.2
What are attribute viewers/editors?
The attribute viewer/editor is a means of displaying and/or editing the contents of an attribute. Each attribute can contain a different value that needs to be represented differently. For example, a 'jpegphoto' attribute contains an image and an 'audio' attribute contains a sound and a 'name' attribute contains some string. These three need to have different visual representations. In the case of the image, the actual image might be displayed. In the case of the sound, the sound might be played automatically or when a play button is pressed. In the case of the name attribute a textbox with the string might be displayed. The LDAP Browser/Editor allows users to customize the viewers/editors for any attribute.
What attribute viewers/editors are distributed with the Browser?
The following editors are currently distributed with the browser:
By default the PasswordEditor will generate a new password using the same algorithm as the algorithm used in the existing password. To force the editor to always generate a specific type of password edit the attributes.config file and add following arguments to the PasswordEditor line:
-algorithm [algorithmType] -forcewhere algorithmType is one of following: Crypt, MD5 or SHA. For example, an entry for userpassword in my config file looks like following:
userpassword=binary,lbe.editor.PasswordEditor -algorithm crypt -forceAlso, make sure that your server is configured to accept the algorithm specified.
What is the ExtBinaryEditor and how can I use it?
The ExtBinaryEditor is a generic editor for binary attributes that allows for launching external applications to view the contents of the attribute. You can configure the ExtBinaryEditor to launch an external application to view the certificate by adding the following arguments to the ExtBinaryEditor line in the attributes.config file:
-ext -extcmd "command {0}"
where command is an application to execute and {0} is an
argument to the application. The argument is a filename that contains the
data of the selected attribute.
certificateRevocationList=binary,lbe.editor.ExtBinaryEditor -ext -extcmd "rundll32.exe cryptext.dll,CryptExtOpenCRL {0}"
The above example will allow to pass the data of the certificateRevocationList
attribute to Windows default CRL viewer. (This assumes all the necessary
software is installed)
What is the ExtStringViewer and how can I use it?
The ExtStringViewer is a generic viewer for the regular attributes
that allows for passing the attribute value to an external application.
For example, it could be used to pass an email address to mail application.
It is used and configured the same as the ExtBinaryEditor where
the only difference is that the {0} argument is the actual value
of the selected attribute. Please see the question
about the ExtBinaryEditor for details.
The following example will pass the email address stored in the mail
attribute to Outlook Express on Windows. (This assumes all the necessary
software is installed)
mail=string,lbe.editor.ExtStringViewer -ext -extcmd "C:\\Program Files\\Outlook Express\\msimn.exe /mailurl:mailto:{0}"
How can
I configure the CertificateEditor2 to launch an external application to
view the certificate?
You can configure the CertificateEditor2 to launch an external
application to view the certificate in the same way as you configure the
ExtBinaryEditor. Please see the question
about the ExtBinaryEditor for details.
The following example will pass the certificate to Windows certificate
wizard: (This assumes all the necessary software is installed)
usercertificate=binary,lbe.editor.CertificateEditor2 -ext -extcmd "rundll32.exe cryptext.dll,CryptExtOpenCER {0}"
How do I write a custom
attribute viewer/editor?
Two things:
1. Extend some JComponent (from SwingSet) e.g. JPanel, JTextField, JTable.
2. Implement the AttributeEditor interface.or
1. Extend BinaryEditor (for binary values) or DefaultEditor (for string values) or any other built-in editor.
2. Override needed methods.
How do I enable the SSL support in the Browser?
The Browser is closely integrated with the JSSE library from Sun. It
is a free pure Java SSL library.
To enable the SSL support in the Browser do the following:
Why does initial SSL connection take a while to establish?
The very first time a secure connection is established Java must create a secure seed required for the SSL connection. This is a very computationally expensive process and may take up to a few seconds on certain platforms. However, the seed only needs to be computed once per session.
How do I turn on debugging for the SSL connection?
To enable debug mode for secure connections use
-Djavax.net.debug=alloption on the command line to the Java interpreter. For example:
java -Djavax.net.debug=all -classpath ..... lbe.ui.BrowserAppFor details on how to modify the 'lbe' scripts to enable this property see the question about this.
How do I specify client certificates for the SSL connection?
To specify the client certificates you must create a Java keystore (using
keytool) with your certificates and then add the path to the keystore and
the password of the keystore to the configuration file.
For example:
keystore = .keystore passphrase = abcdefPlease note, however, that these settings should be only set in one configuration file. Also, these settings will only work with the default secure socket factory that is built-in with the browser. If different socket factory is used, it might have another way of specifying these options.
Why does an SSL connection sometimes hang the browser?
Most likely this occurs when the ldap port number specified in the connection
windows was not a SSL port. If non-secure socket is used to connect to
a server's SSL socket, then the application using the non-secure socket
will hang. This is a characteristic of the SSL protocol.