LDP

LDP, packaged as ldp.exe and also known as the Active Directory Browsing Utility, is a graphical tool from Microsoft for performing LDAP operations against any LDAP directory. This utility is bundled with the Windows Admin Pack that comes with each version of Windows, and is distributed with ADAM. Microsoft does not charge separately for this tool or place any special licensing requirements on it (to our knowledge), but it is not available as a separate download.

LDP is often overlooked by administrators because it lacks graphical flash and polish and it does not provide any task-oriented features, such as unlocking or disabling accounts, or resetting passwords. It instead provides a fairly raw interface that is only a few steps removed from actually writing code, and it demands that its users have a reasonable knowledge of LDAP programming in order to use it.

While this low-level utility may not be appropriate for a certain class of administrators, it is nearly perfect for developers writing LDAP code. LDP strips away nearly all of the layers of indirection and lets us execute LDAP commands directly in the tool. This type of interaction translates neatly into .NET directory services code in System.DirectoryServices (SDS) and System.DirectoryServices.Protocols (SDS.P). LDP provides us with a great place to prototype search operations and filters and try out nearly every type of operation LDAP offers, including some that are not available via ADSI. In fact, LDP does not use ADSI at all, but uses the LDAP API directly. This allows us to bypass any issues we might be having with ADSI.

LDP has these additional benefits.

  • It is a single executable requiring no COM registration or other installation steps, so we can copy it from machine to machine easily.
  • It takes advantage of all of the built-in Windows security features, such as login with current credentials, but it also works well on machines that are not joined to a domain.
  • It provides a powerful set of built-in semantic attribute mappings, including conversion of binary GUIDs and security identifiers (SIDs) into their standard Windows string representations, conversion of numeric values back into their Windows enumerated constant names, and conversion of LargeInteger values back into Windows date values. In newer versions, we can also request the raw string version of the data, which is useful for determining how to build appropriate query filters.
  • Newer builds have a useful, low-level security descriptor editor.
  • New versions have special, built-in character sequences for supplying values in binary, Unicode, GUID, or SID format, and having those values converted into the proper format automatically. Attribute data can also be uploaded from a file. These options simplify some otherwise difficult tasks that might require the user to write some code.

This description only scratches the surface of what LDP can do. Both Ryan and Joe practically live in this tool for serious directory programming work. We suggest you just go get it and start using it right away.

Part I: Fundamentals

Introduction to LDAP and Active Directory

Introduction to .NET Directory Services Programming

Binding and CRUD Operations with DirectoryEntry

Searching with the DirectorySearcher

Advanced LDAP Searches

Reading and Writing LDAP Attributes

Active Directory and ADAM Schema

Security in Directory Services Programming

Introduction to the ActiveDirectory Namespace

Part II: Practical Applications

User Management

Group Management

Authentication

Part III: Appendixes

Appendix A. Three Approaches to COM Interop with ADSI

Appendix B. LDAP Tools for Programmers

Appendix C. Troubleshooting and Help

Index



The. NET Developer's Guide to Directory Services Programming
The .NET Developers Guide to Directory Services Programming
ISBN: 0321350170
EAN: 2147483647
Year: 2004
Pages: 165

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net