What types of tools can I use to test/use LDAP?

(Last modified: 04Sep2002)

This document (10062377) is provided subject to the disclaimer at the end of this document.

goal

LDAP Tools

fact

Novell Directory Services

Novell LDAP

fix

LDAP is an open standard. Therefore, many different tools exist to help in the development and testing of LDAP. However, there are a few tools in particular that are very popular and useful. An important point to consider when choosing an LDAP tool for testing is whether or not the tool is "buggy". The tools below have generally been shown to be bug free, and therefore are usually good options for testing LDAP services.

ldapsearch

This is perhaps the best all-around tool for use with LDAP. Together with its companion tools, ldapdelete and ldapmodify, ldapsearch is a simple, yet very powerful command-line utility that can be used to query and make updates to an LDAP directory. It was originally developed by Netscape with the first commercial release of LDAP, v1.0. Since then, it has been slightly modified, and is now offered in various implementations. These are all very similar except, perhaps, for a few of the not-so-common switches. ldapsearch can be downloaded from Netscape's iPlanet website as part of the SDK. It is also available from http://www.openldap.org/.

For specific information on how to use ldapsearch, see TID #10059954 - How to test whether LDAP is working properly. , How to test whether LDAP is working properly.

LDAP Browser

The LDAP Browser/Editor provides a user-friendly Windows Explorer-like interface to LDAP directories with tightly integrated browsing and editing capabilities. It is entirely written in Java with the help of the JFC (SwingSet) and JNDI class libraries. It connects to LDAP v2 and v3 servers. It requires the Java Runtime Engine (JRE) to run, and will run on just about any platform. The Sun Java JRE 2 can be downloaded from http://java.sun.com/j2se/1.3/jre/. The ldapbrowser can be downloaded from http://www.iit.edu/~gawojar/ldap/index.html. Another version of ldapbrowser can be downloaded from http://www.ldapbrowser.com. In usage, this tool looks very similar to ConsoleOne, but uses nothing but LDAP calls behind-the-scenes. Remember when using this tool--or any LDAP tool--that the LDAP server will only do what you tell it to, nothing more and nothing less. This can be dangerous when doing operations that have long been taken for granted in NWAdmin or ConsoleOne. For example, when a user is added to a group, four separate operations are invoked by the traditional NDS management tools. 1) Group is added to "group membership" attribute for the user, 2) user is added to the "membership" attribute for the group, 3) user is added to the "security equal to me" attribute for the group", and 4) group is added to "security equal to" attribute for the user. With LDAP, if you add a user to a group, the other three operations DO NOT happen automatically. They must also be specified. This is only one example; other cases will exist where multiple changes are need by NDS in order for an operation to complete properly. Keep this in mind whenever making changes to NDS via an LDAP client.

Web Browser

Netscape Communicator is a great tool for testing LDAP. The browser URL will accept LDAP queries and return results in HTML format. For information on the format of an LDAP URL, see TID #10058069 - Browser Search Strings For LDAP. For complete information on LDAP URLs, see RFC 2255. Note that Microsoft Internet Explorer does not work with LDAP URLs, neither does Netscape 6.

Third-Party Applications

Many other LDAP-based applications exist in both the public and private domain. A search on the Internet will find dozens of tools. Provided that they are RFC compliant, any of these tools should be sufficient for testing an LDAP server. Just be sure that your tool works correctly, so as to provide a proper baseline when testing an LDAP server.

document

Document Title:	What types of tools can I use to test/use LDAP?
Document ID:	10062377
Solution ID:	NOVL47785
Creation Date:	10May2001
Modified Date:	04Sep2002
Novell Product Class:	Connectivity Products NetWare Novell eDirectory

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.