General Questions
-
How do I enable debugging
for the LDAP Browser/Editor?
-
How do I run the Browser as an
applet?
-
How do I run the Browser behind
a proxy?
-
How do I modify
the 'lbe' scripts to add the different system properties?
-
How do I modify
the 'lbe' scripts to specify a different Java environment?
Attribute Viewers/Editors Questions
-
What are attribute viewers/editors?
-
What attribute
viewers/editors are distributed with the Browser?
-
How do I set default
algorithm for the PasswordEditor?
-
What is the ExtBinaryEditor
and how can I use it?
-
What is the ExtStringViewer
and how can I use it?
-
How can I configure
the CertificateEditor2 to launch an external application to view the certificate?
-
How do I write a custom attribute
viewer/editor?
SSL Questions
-
How do I enable the SSL
support in the Browser?
-
Why does initial
SSL connection take a while to establish?
-
How do I turn on debugging
for the SSL connection?
-
How do I specify
client certificates for the SSL connection?
-
Why does SSL connection
sometimes hang the browser?
General Questions
How do I enable
debugging for the LDAP Browser/Editor?
LDAP Browser/Editor provides dynamic debug tracing support. It is enabled
by setting the lbe.debug system property. The value can be one or
more of the following:
-
editor
-
print attribute viewers/editors debug messages
-
ldap
-
enable LDAP protocol message tracing
-
level1
-
print generic browser debug messages
-
level2
-
print more and more detailed debug messages
-
ssl
-
enable debugging for the built-in secure socket factory
-
all
Example: (using the command-line option on the java command)
java -Dlbe.debug=ldap:editor -classpath ... lbe.ui.BrowserApp
This will enable ldap tracing and debugging of the attribute viewers/editors.
For details on how to modify the 'lbe' scripts to enable this property
see the question
about this.
How do I run the Browser
as an applet?
The LDAP Browser/Editor can be run as an applet within a web browser
(Netscape Navigator or Microsoft Internet Explorer) using the Java
Plugin. The Browser can be run either as a signed or unsigned applet.
If the Browser is running as an unsigned applet it can only access the
ldap servers on the server that the applet was downloaded from. If the
Browser is running as a trusted signed applet it can access any ldap server
on the network or the internet.
The HTML page that will contain the applet needs to be modified to
use the Java Plugin. A sample HTML page is included with binary distribution
of the Browser in the applet directory. Please see the Java
Plugin documentation for the modification details.
To run the Browser as an unsigned applet just extract the binary distribution
into some web directory (e.g. ~/public_html/ldapbrowser/) and copy
the applet/applet.html file into the browser root directory (e.g.
~/public_html/ldapbrowser/). Make sure to set the right permissions
to all the files and directories, and then point your browser to the applet.html
file.
To run the Browser as a signed applet you can follow the same directions
as above and then you must sign all the jar files (in the lib
directory and the browser.jar file) with an object signing certificate.
Please see the Java
Plugin documentation for details for this step.
How do I run the
Browser behind a proxy?
The LDAP Browser/Editor does not provide any special support for proxies.
However, Java itself provides SOCKS 4 support.
To configure the Browser to use the proxy server add the following
properties to the command line to the Java interpreter:
-DsocksProxyPort=1080 -DsocksProxyHost=socks.mydomain.com
For example:
java -DsocksProxyPort=1080 -DsocksProxyHost=socks.mydomain.com -classpath ..... lbe.ui.BrowserApp
For details on how to modify the 'lbe' scripts to enable this property
see the following question.
How do
I modify the 'lbe' scripts to add the different system properties?
On Windows:
-
Edit the lbe.bat file
-
And modify the following line:
set CMD="%JAVA_HOME%\bin\java" -cp %COMMON%;%EXEC%
with the system properties, for example:
set CMD="%JAVA_HOME%\bin\java" -Dlbe.debug=ldap -DsocksProxyHost=myserver.com -cp %COMMON%;%EXEC%
On Unix:
-
Edit the lbe.sh file
-
And modify the following line:
CMD="${JAVA_HOME}/bin/java -cp ${COMMON}:${EXEC}"
with the system properties, for example:
CMD="${JAVA_HOME}/bin/java -Dlbe.debug=ldap -DsocksProxyHost=myserver.com -cp ${COMMON}:${EXEC}"
How do
I modify the 'lbe' scripts to specify a different Java environment?
On Windows:
-
Edit the lbe.bat file
-
And modify the following line:
set JAVA_HOME=c:\jdk1.2.2
On Unix/Linux:
-
Edit the lbe.sh file
-
And modify the following line:
JAVA_HOME=/sandbox/jdk1.2
Attribute Viewers/Editor Questions
What are attribute viewers/editors?
The attribute viewer/editor is a means of displaying and/or editing
the contents of an attribute. Each attribute can contain a different value
that needs to be represented differently. For example, a 'jpegphoto' attribute
contains an image and an 'audio' attribute contains a sound and a 'name'
attribute contains some string. These three need to have different visual
representations. In the case of the image, the actual image might be displayed.
In the case of the sound, the sound might be played automatically or when
a play button is pressed. In the case of the name attribute a textbox with
the string might be displayed. The LDAP Browser/Editor allows users to
customize the viewers/editors for any attribute.
What
attribute viewers/editors are distributed with the Browser?
The following editors are currently distributed with the browser:
-
ImageEditor
-
allows the display of image files such as JPEG and GIF.
-
CertificateEditor2
-
allows the display of X.509 certificates.
-
PasswordEditor
-
allows for generating and verifying MD5, SHA, and Unix
Crypt passwords.
-
ControlViewer
-
allows for displaying friendly names of the LDAP controls contained in
the Root DSE.
-
ExtBinaryEditor (experimental in 2.8.1)
-
allows for executing external applications to view the contents of an attribute.
-
ExtStringEditor (experimental in 2.8.1)
-
allows for executing external applications to view the contents of an attribute.
-
SoundEditor
-
allows the playing of sound files such as AIFF, AU, WAV,
TYPE
0 MIDI, TYPE 1 MIDI and RMF.
How do I set default
algorithm for the PasswordEditor?
By default the PasswordEditor will generate a new password using the
same algorithm as the algorithm used in the existing password. To force
the editor to always generate a specific type of password edit the attributes.config
file and add following arguments to the PasswordEditor line:
-algorithm [algorithmType] -force
where algorithmType is one of following: Crypt, MD5 or SHA. For
example, an entry for userpassword in my config file looks like following:
userpassword=binary,lbe.editor.PasswordEditor -algorithm crypt -force
Also, make sure that your server is configured to accept the algorithm
specified.
What
is the ExtBinaryEditor and how can I use it?
The ExtBinaryEditor is a generic editor for binary attributes
that allows for launching external applications to view the contents of
the attribute. You can configure the ExtBinaryEditor to launch an
external application to view the certificate by adding the following arguments
to the ExtBinaryEditor line in the attributes.config file:
-ext -extcmd "command {0}"
where command is an application to execute and {0} is an
argument to the application. The argument is a filename that contains the
data of the selected attribute.
Example:
certificateRevocationList=binary,lbe.editor.ExtBinaryEditor -ext -extcmd "rundll32.exe cryptext.dll,CryptExtOpenCRL {0}"
The above example will allow to pass the data of the certificateRevocationList
attribute to Windows default CRL viewer. (This assumes all the necessary
software is installed)
What
is the ExtStringViewer and how can I use it?
The ExtStringViewer is a generic viewer for the regular attributes
that allows for passing the attribute value to an external application.
For example, it could be used to pass an email address to mail application.
It is used and configured the same as the ExtBinaryEditor where
the only difference is that the {0} argument is the actual value
of the selected attribute. Please see the question
about the ExtBinaryEditor for details.
The following example will pass the email address stored in the mail
attribute to Outlook Express on Windows. (This assumes all the necessary
software is installed)
mail=string,lbe.editor.ExtStringViewer -ext -extcmd "C:\\Program Files\\Outlook Express\\msimn.exe /mailurl:mailto:{0}"
How can
I configure the CertificateEditor2 to launch an external application to
view the certificate?
You can configure the CertificateEditor2 to launch an external
application to view the certificate in the same way as you configure the
ExtBinaryEditor. Please see the question
about the ExtBinaryEditor for details.
The following example will pass the certificate to Windows certificate
wizard: (This assumes all the necessary software is installed)
usercertificate=binary,lbe.editor.CertificateEditor2 -ext -extcmd "rundll32.exe cryptext.dll,CryptExtOpenCER {0}"
How do I write a custom
attribute viewer/editor?
Two things:
1. Extend some JComponent (from SwingSet) e.g. JPanel, JTextField,
JTable.
2. Implement the AttributeEditor interface.
or
1. Extend BinaryEditor (for binary values) or DefaultEditor (for string
values) or any other built-in editor.
2. Override needed methods.
SSL Questions
How do I enable
the SSL support in the Browser?
The Browser is closely integrated with the JSSE library from Sun. It
is a free pure Java SSL library.
To enable the SSL support in the Browser do the following:
-
Download JSSE from: http://java.sun.com/products/jsse.
-
Install the JSSE package:
-
either by following the general
installation instructions, or by
-
copying the jnet.jar, jsse.jar, jcert.jar files from the lib/
directory of the JSSE package to the lib/ directory of the Browser.
And that's all. To connect using SSL just make sure to select the SSL box
in the connect window and specify the right port number.
Why
does initial SSL connection take a while to establish?
The very first time a secure connection is established Java must create
a secure seed required for the SSL connection. This is a very computationally
expensive process and may take up to a few seconds on certain platforms.
However, the seed only needs to be computed once per session.
How do I turn
on debugging for the SSL connection?
To enable debug mode for secure connections use
-Djavax.net.debug=all
option on the command line to the Java interpreter. For example:
java -Djavax.net.debug=all -classpath ..... lbe.ui.BrowserApp
For details on how to modify the 'lbe' scripts to enable this property
see the question
about this.
How
do I specify client certificates for the SSL connection?
To specify the client certificates you must create a Java keystore (using
keytool) with your certificates and then add the path to the keystore and
the password of the keystore to the configuration file.
For example:
keystore = .keystore
passphrase = abcdef
Please note, however, that these settings should be only set in one configuration
file. Also, these settings will only work with the default secure socket
factory that is built-in with the browser. If different socket factory
is used, it might have another way of specifying these options.
Why does
an SSL connection sometimes hang the browser?
Most likely this occurs when the ldap port number specified in the connection
windows was not a SSL port. If non-secure socket is used to connect to
a server's SSL socket, then the application using the non-secure socket
will hang. This is a characteristic of the SSL protocol.
