GUI-based Tools

Graphical User Interface (GUI) tools are an alternative to command-line tools and are useful for administrators who are new to LDAP. In general, you would use GUI tools to perform tasks requiring few changes, or as learning tools. For repetitive tasks or tasks requiring many updates to directory data, you would want to create scripts.

GUI tools provide a visual way of looking at the directory hierarchy. However, if the number of entries is large, displaying them in a readable format becomes problematical.

While there are many third-party graphical tools for displaying and manipulating LDAP data, this section only focuses on three:

  • Sun ONE Directory Console

  • Sun Management Console

  • The LDAP Browser/Editor

The first tool is part of the directory server software distribution. The second tool is part of the Solaris OE, and the third is a public domain tool.

Sun ONE Directory Console

The Sun ONE Directory Console is a Java-based application that can be installed along with, or separate from, the directory server. The Directory Console can also be displayed through the X protocol on a remote system. Most common administration functions can be performed through the Directory Console, although some may be cumbersome.

The Sun ONE Directory Server documentation does a good job at detailing how to perform most procedures. The intent of this section is not to repeat those procedures, although some similar examples are provided for educational purposes.

In general, command-line tools and scripts built around them are recommended over use of the Sun ONE Directory Console because of their flexibility and repeatability . However, the Console can be a valuable learning tool, and at times can be more convenient for some tasks. All operations that are performed by the Console can be captured in a form suitable for used with ldapmodify by enabling the directory server audit log.

Sample Tasks Using the Directory Console

The following are examples of how the Directory Console can be used to perform useful tasks.

To View the DIT With the Directory Console
  1. Run directoryserver startconsole and log in .

    The default login account is the admin account that was set up when the Administration Server software was configured.

  2. Under Server Group, double-click Directory Server .

    The directory view in the Directory Console provides you with a graphical display of data in the DIT. While the same information can be gathered from the output of the ldapsearch command, users who are not familiar with LDAP command syntax will find viewing the DIT in this manner convenient. FIGURE 6-1 shows what a DIT might look like after the idsconfig command is run and naming service data is imported. Information about individual entries can be displayed by double clicking on them. The DN of the highlighted entry is displayed on the bottom bar and there is a search facility for locating entries.

    Figure 6-1. Viewing the DIT With the Directory Console


One drawback of viewing entries through the Directory Console is that performance can become sluggish when there are a large number of entries. Another problem is that there is no way to dump the LDIF representation of a single entry.


Newly created entries do not immediately appear in the view. You may have to perform a Refresh of the view to see new entries.

To Add New Entries With the Directory Console

Entries can be created, modified, or deleted from the Directory Console. However, creating entries is not always a one-step process. This is because the Directory Console is a general-purpose tool that makes assumptions about how entries should be constructed . In the case of entries defining a Solaris OE user profile, the entry you create will require additional object classes and attributes that are not created by the Directory Console.

FIGURE 6-2 is an example of creating a user account through the Directory Console that can be used to log in to a Solaris OE system.

Figure 6-2. Directory Console New User Form


In this example, the POSIX User account option is chosen from the New graphics/rarr.gif User pulldown menu. The screen allows you to enter attributes that are required by the posixAccount object class. However, the entry created is incomplete for use with the Secured LDAP Client because it does not contain the shadowAccount object class.

To complete the entry, you need to manually add the shadowAccount object class by following these steps:

  1. Click on the Advanced button .

  2. Click on the Object class field .

  3. Click on Add Value

  4. Choose shadowAccount from the list .

FIGURE 6-3 shows what the Directory Console display should look like following these steps.

Figure 6-3. Adding Shadow Account Attributes With the Property Editor



The Sun ONE Directory Server 5.2 software uses the E dit with Generic Editor pull-down menu option rather than the Advanced button.

To Add Non-User Entries With the Directory Console

The Directory Console can be used to create other RFC 2307 defined entries besides the posixAccount entries described previously.

  1. Right click on the container where you want to create the new entry ( ou= hosts for example) .

  2. Choose New graphics/rarr.gif Other from the pull-down menu .

    You should see the New Object window, which appears similar to the Add Object Class window that was shown in the previous example.

  3. From the window, choose one of the object classes that are defined in RFC 2307 .

    In FIGURE 6-4, the ipHost object class is chosen.

    Figure 6-4. Adding a Host name With the Property Editor


The only two required attributes are the host name, represented by cn and the IP address, represented by ipHostNumber . While an ou=host entry can be created this way, it is not in the same format that ldapaddent and the NIS/NIS+ Gateways use by default. For example, the device object class is not included and the RDN uses the ipHostNumber attribute in place of cn .

Sun Management Console

The Sun Management Console (smc) is essentially a container for GUI-based system administration tools. The tools are stored in collections called toolboxes. By default, a toolbox for managing local databases, that is, /etc files, is created. Toolboxes for managing naming service data can be created as described later in this section.

Once a toolbox is created for your LDAP naming service, management tools, such as user management tools, can be installed in the toolbox. The definition for the toolbox and the tools it contains can be stored in a file and loaded once smc is started.

FIGURE 6-5 shows how users stored in an LDAP naming service would appear in smc .

Figure 6-5. Solaris Management Console (smc) With an LDAP Toolbox


To add new users, the Add User Wizard can be used as shown in FIGURE 6-6.

Figure 6-6. Adding a User Through smc


To Set Up an LDAP Name Service Domain Toolbox

Before setting up an LDAP toolbox, you should have a configured and populated directory server. You can set up the toolbox either on the same system as the directory server, or on a different system.

  1. On the system running the directory server, verify that smc recognizes the server .

     #  /usr/sadm/bin/dtsetup scopes  Getting list of manageable scopes... Scope 1 file:/hosta/hosta Scope 2 ldap:/hosta/dc=example,dc=com # 

    In the above example, notice that two scopes are present. The first one refers to the local system and appears on all systems running smc . The second one is discovered when the web-based enterprise management (wbem) server is initialized .

  2. On the system where you plan to create the toolbox, add the credentials necessary to bind to the directory server with read and write access .

     #  /usr/sadm/bin/dtsetup storeCred  Administrator DN:cn=Directory Manager Password:  *******  Password (confirm):  *******  # 
  3. Launch the smc toolbox editor .

     #  /usr/sadm/bin/smc edit &  

    The editor is displayed.

  4. Click on the Toolbox URL line in the left pane .

    This is the line directory under Management Tools.

  5. From the Action pull-down menu, choose Properties .

    This brings up the Toolbox URL Wizard (FIGURE 6-7).

    Figure 6-7. Toolbox Wizard


  6. Accept the defaults by clicking Next until the Save As option appears .

  7. Click on Override, and fill in Server and Domain as shown below .

  8. Click on Finish .

  9. Choose the Save As option from the Toolbox pull-down menu and specify a path name where the configuration file will be stored .

  10. Exit the editor and bring up smc .

     #  /usr/sadm/bin/smc &  
  11. From the Console pull-down menu, choose Open Toolbox .

  12. Choose the Local Toolbox tab and select the configuration file you saved .

    If all goes well, you can view user data as in FIGURE 6-8.

    Figure 6-8. User Property Sheet


LDAP Browser/Editor (LBE)

The LDAP Browser/Editor (LBE) is public domain software developed at the University of Michigan that can be downloaded from various web sites. The following instructions use LBE version 2.8.2.

To Install and Configure the LBE
  1. Extract the LBE tar file .

     #  tar xf Browser282b2.tar  #  cd ldapbrowser  #  ls  CHANGES.TXT LICENSE.ICONS LdapBrowser.lnk applet attributes.config.sample faq.html help hosta.cfg:    ascii text lbe.jar:       ZIP archive        executable shell script lib:           directory readme.html:   ascii text relnotes.html: ascii text templates:     directory # 
  2. Invoke the LBE .

     #  export JAVA_HOME=/usr/j2se  #  sh ./ &  
  3. After the LBE starts, create a new connection by choosing Connect, then New . FIGURE 6-9 is displayed.

    Figure 6-9. Creating a New LDAP Session


  4. Fill in all the information .

    You can assign a name to the connection, which creates a configuration file. The next time you want to connect, you pick the connection name and the configuration file is read.

    The FIGURE 6-10 shows what an entry in a directory tree might look like.

    Figure 6-10. LBE Representation of a User Entry


  5. Add entries by creating a template .

    Templates can be created from existing entries by highlighting an entry, then choosing Create Template. You can create entries from a template by choosing Add-Entry, then picking the template you want.

    FIGURE 6-11 shows what a template for a posixUser entry might look like:

    Figure 6-11. LBE Template for a New User


LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services
LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services
ISBN: 131456938
Year: 2005
Pages: 87 © 2008-2017.
If you may any questions please contact us: