LDAPviewer (LV) Project

LDAPviewer is a flexible utility to access LDAP and DSML enabled Servers. It is based on a fork of JXPlorer (substantially refactored) and will be Open Sourced (subject to conditions defined by its License) on a public repository during 2018.

Detailed functionality and access to the on-line help system may be found here.

LDAP is not an easy system to work with. Knowledge thresholds tend to be very high even for casual usage such as simple data viewing or browsing. The DN display format tends to look ugly or complex and even the casual user can quickly be exposed to huge numeric strings (OIDs) that make IPv6 addresses look almost quaintly simple. In many respects this has limited the widespread use of LDAP outside a relatively narrow field of implementation such single sign-on and authentication where its relative complexity, and ugliness, is offset by the reward of increased security management and where few casual users even dare to tread.

This is unfortunate since LDAP has huge potential outside of these narrow fields of implementation.

Aquisition of LDAP knowledge can be a difficult journey with vast amounts of complex technical information being thrown indiscriminately at, and consequently tending to overwhelm, the new user.

The LDAPviewer (LV) Project was started with the following sets of objectives:

End User - Casual User

  1. Provide a high quality LDAP/DSML Viewer or Browser with an easy to use (intuitive) interface that hides as much LDAP detail as practical.

  2. Provide minimal configuration of LDAP access security.

  3. Provide data display and editing options tailored to the end-user using a familiar web-form style interface.

  4. Provide (customizable) display and editing options that can be tailored for site specific use.

  5. Provide Connection Profiles as a means of storing connection information for reuse and that can be distributed dirctly to end users. Access becomes point and click a named profile.

  6. Allow site administrators to create Connection Profiles that can be distributed with LDAPviewer requiring the casual user to simply select a site-specific named Connection Profile(s) and (optionally) enter any required credentials.

  7. Allow site administrators to define the base DN in the Connection Profile such that minimal access permissions are required for selected user group or individual users. LDAPviewer cannot, and therefore will not, attempt to access below the base DN.

  8. Provide a rich set of HTML template features that allow administrators to build and distribute HTML forms tailored to end user access.

LDAP Students/Newbies

  1. Provide drill down features (mostly invoked by right clicking) to allow students to display ASN.1 definitions of selected objects.

  2. Connection Profiles may be configured to display concurrent access to one or more of the schema, RootDSE and any On-Line Configuration (OLC) feature including any necessary credential information.

LDAP Administrators

  1. Connection Profiles may be optionally configured to display concurrent access to the RootDSE including any necessary credential information.

  2. Connection Profiles may be optionally configured to display concurrent access to an OLC (On-Line Configuration) feature such as OpenLDAPs cn=config. The DN to access this feature together with capture of any necessary credential information maximum flexibility for a wide range of LDAP servers.

  3. The OLC feature may also be used to support any secondary service on the same host as the main DIT, for example concurrent access to a second DIT, a second DIT view based on a different base DN or any other LDAP service such as OpenLDAP's cn=monitor.

  4. Schema and Schemax (schema exxtension) files may be used to supply extended site specific information on the use or limitation of any particular attribute or object class.

  5. Standard help files use HTML format and may be edited locally with site specific content. An administators HTML Help kit provides the help files (using Apache SSI includes and an expansion utility) to allow easy replacement of styling and textual context.

  6. Security files of type .pem, .der, .crt, .pfx, .pb7, .p12 and others may be analyzed in text, binary and ASN.1 format.

  7. LDAP, LDAPS (TLS/SSL) and StartTLS options may be configured.

  8. Certificates may be optionally validated using the normal Java Trusted keystore, a user defined keystore, manually or certificate validation may be bypassed entirely.

Starting Point

© LV Project 2016. Creative Commons Attribution 4.0 International License.