Chat now with support
Chat with Support

Virtual Directory Server 6.1 - LDAP Browser User Guide

The Connection Dialog


Fig-9: The Connection dialog

If you have clicked on the Connection option either in the File Menu in the Menu Toolbar, or in the Control Toolbar, the Connection Dialog will open to allow you to specify the parameters that you wish to use to open a connection to a backend LDAP Directory. The Connection Dialog provides you with the option to load the parameters from a previously stored connection, or to specify new parameters for a new connection.


Fig-10: Selecting an existing connection in the Connection Selector

The Connection Dialog consists of two panels. The first, contains a Connection Selector, which is drop-down menu of previously stored connection parameters. By selecting any previously stored connection, the parameters that have been stored will be loaded into the relevant fields inside the Parameters panel of the dialog. This gives you the option to make any last-minute changes to stored parameters before connecting. The Connection Selector is also an editable field. This means that after changing the parameters for a stored connection, you can edit the name under which it is stored and resave with an alternate connection name. Furthermore, when entering new parameters, from scratch, you can enter a connection name under which you wish to store the parameters, before clicking on the Save button.

The second panel in the Connection Dialog, is the Parameters panel. This tabbed panel, allows you to specify various parameters relevant to the connection that you are opening. There are four tabs in this panel:

  • LDAP: Parameters on this tab are fundamental to any LDAP connection, including hostname, port number etc.

  • SSL: Parameters on this tab are for LDAPS connections, allowing you to load specific certificate truststores etc.

  • Referrals: Options on this tab allow you to control how the browser should handle referrals.

  • Advanced: This tab is for advanced parameters. It allows you to specify the LDAP version that should be used for the connection, and the default number of entries to limit search requests to.

A row of buttons at the bottom of the Connection Dialog provides further options. These buttons are labelled as follows, and offer the following functionality:

  • Delete: Delete the currently selected connection from the stored connections list.

  • Save: Allows you to save the current connection parameters to the list of stored connections, for future use. Note that if you have edited an existing connection and have not renamed it, it will save over connection that was previously stored. If saving new connection parameters, you will need to specify a name for the connection in the Connection Selector.

  • Test: Attempts to connect to the LDAP server using the connection parameters that you have entered, and notifies you if the connection was successful.

  • Connect: Connects to the LDAP server using the parameters provided, without saving the connection in the stored list of connections.

  • Cancel: Cancels out of the New Connection dialog.

The following sub-sections will describe each of the tabs in the Parameters panel, and the options that are available to you when specifying connection parameters.

LDAP

The LDAP tab, contains the following options:

  • Host: The hostname or IP address where the LDAP Server that you are connecting to is hosted.

  • Port: The TCP port number that the LDAP Server is listening on.

  • User ID: The full DN of the user that should be used to BIND the connection.

  • Password: The password for the user that the connection will BIND for.

  • Suffix: The Base DN or suffix that you wish to browse on the LDAP Server.

Note that a 'Show Password' button is available on the right of the Password box. This button will reveal the password in plain text for as long as the button is pressed. If you wish to bind anonymously, you may leave the 'User ID' and 'Password' fields blank.


Fig-11: Editing the LDAP Connection Parameters

There is also a button labelled "Suffixes". If the hostname, password and BIND credentials have been populated for the connection, clicking on this button will query the server for a list of root suffixes that are available for the configured connection, and will populate a drop-down list of optional suffixes that you can browse. You can then click on the drop down list to choose a suffix to browse. The suffix list is editable, so that you can opt to browse a suffix that is deeper into the directory tree than the root suffixes supported by the server.

SSL

The SSL tab is used to specify SSL/TLS related parameters when opening a connection using LDAPS. The following options are available:

  • Use SSL: Enables SSL to encrypt the connection when connecting to an LDAPS server.

  • Blindly trust SSL Server Certificate: Simply accepts the certificate offered by the LDAPS server and adds it to the default Truststore. Note that if you select this option, you will not need to provide a path to a truststore file, as a default truststore will be used.

  • Truststore: The path to a truststore file that includes the certificates required for an SSL connection.


Fig-12: Editing SSL Connection Parameters

Note that if you are connecting to an LDAPS server instance, you will need to check the Use SSL checkbox. You may opt to blindly trust the SSL certificate offered by the LDAPS server, in which case it will be stored in a default certificate truststore for future use. Alternatively you will need to specify the path to an SSL Truststore that you have already created. You can create a new Truststore by clicking on the Store Certificate option in the SSL Menu. See SSL Truststores for more details. If you specify the path to a Truststore, the certificate offered by the LDAPS server will be validated against the certificate stored in the Truststore.

Referrals

The Referrals tab is used to define how the browser should handle LDAP referrals. Many LDAP servers, particularly Active Directory, may make use of referrals within the directory structure. If you choose to check the Follow referrals checkbox, this functionality will be enabled within the browser. The following options are available:

  • Follow Referrals: Enables referral support in the browser.

  • Ignore failure messages for referrals: Disables notifications where the browser is unable to connect to one or more referrals referenced by the LDAP directory.

Other referral parameters, that are available if referral support is enabled, include:

  • Timeout value for failed referrals: The length of time, in milliseconds, that a referral should be tried for before it fails.

  • Hop Limit: Limits the number of referral 'hops' that the browser should perform. Default value is 10.


Fig-13: Editing Referral Parameters

Advanced

The Advanced tab is used to specify advanced connection parameters:

  • LDAP Protocol: The version of the LDAP protocol that the server supports and that you wish to use for communications.

  • Limit number of results on searches to: A checkbox which allows you to enable/disable search result limits (by default, this is enabled).

  • Size Limit Value: The number of search entries that a search will be limited to if search limits are enabled (by default, this is set to 1000).


Fig-14: Editing Advanced Connection Parameters

Disconnecting

For any open connection, you can disconnect and close the connection tab by clicking on the Close option in the File Menu in the Menu Toolbar, or on the Close button in the Control Toolbar. You are also able to right-click on the Connection tab to select the Close Connection option for any connection.

LB also allows you to close all open connections. You can do this by clicking on the Close All option in the File Menu in the Menu Toolbar or by right clicking on any of the Connection Tabs and clicking on the Close All Connections option.

Command Line Arguments

LB can be initiated from the command line and accepts command line arguments. This allows the browser to integrate better with external applications that may need to call the browser to open a new or a stored connection.

Command line arguments are as follows:

-h

Hostname or IP address of the server that you are connecting to.

-p

The Port number that the LDAP server is listening on.

-D

The BIND DN that you will use to authenticate with.

-w

The password for your BIND DN.

-b

The Base DN that you wish to connect to on the LDAP Server.

-ssl

Whether or not to use SSL. Values available are yes/no. The default for this argument is 'no'. Note that if you do not use the -t option with this option, the connection will be opened and the browser will blindly accept whichever certificate the server offers and the default Truststore will be used.

-t

The location of the SSL Truststore where your certificates are kept.

-v

The LDAP Version that the client should use for the connection. Values available are 0 and 1 (0 = LDAPv2 / 1 = LDAPv3).

-n

The name of an existing configuration that should be used to instantiate the other connection parameters.

-r

Enables support for referrals. Options are "yes" or "no". The default setting for this option is "no".

This means that you can open a connection to an existing configuration in the following way: 

    bin/ldapbrowser -n myconfigurationname

Alternatively, it is possible to open a new connection like this: 

    bin/ldapbrowser -h localhost -p 389 -D cn=dirmanager -w password

If using SSL, you may either choose to blindly accept whichever certificate is offered by the server, and add this certificate to the default Truststore: 

    bin/ldapbrowser -h localhost -p 389 -ssl yes

Or, you may wish to explicitly use certificates that you trust and that have been personally added to a specific Truststore: 

    bin/ldapbrowser -h localhost -p 389 -ssl yes -t
      /home/john/ldapbrowser/mytruststore

Browsing and Editing a Directory Tree

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating