Generic LDAP Client Tool _ ____ ___ ____ ____ _ _ ____ _ ___ ____ ____ ____ | | | _ \ / _ \ _ \ | __\ \/ / _ \ | / _ \ _ \ | __ _ \ | | | | \ | |_| | |_) ) | |_ \/ / | |_) ) | | | | | |_) )| |_ | |_) ) | |__| |_/ | _ | __/ | |__ / /\ | __/ |__| |_| | _ / | |__| _ / |_________/ _| |_ _| |____/_/\_\ _| |____ \___/ _| \_\ ____ _| \_\ Latest Updated: Sep 30, 2000 1. How to use LDAP Explorer? .......................................... 2. Why LDAP Explorer can not display entry with binary attribute correctly? ......................................................... 3. Why not just use a small Perl cgi script to talk to an ldap client which can integrate OpenLDAP project easily? ....................... 4. Meaning of LDAP Tree and Data Structure of temporary file on hard disk? ......................................................... 5. Does LDAP Explorer have search/find feature? ....................... 6. How to deal with temporary files - "LE00*" on hard disk? They become more and more. And they are eating up a lot of space. .............. 7. Apache returns "Maximum execution time exceeded in tree.php3 on line xxx". .............................................................. 8. How to config Novell eDirectory Server to let LDAP Explorer can explore it? ........................................................ 9. Why the double-quotes symbol " in the inputting field became \" in the Directory Server? .................................................. 10. Why LDAP Explorer returns "no such file or directory" after upgraded PHP to 4.0.3x? ..................................................... 1. How to use LDAP Explorer? Here are some tips if you are using LDAP Explorer: (1) After you have logined on, you can see two windows LDAP Explorer interface: one is directory server tree window; another is entry content window. (2) in tree window: "plus/minus" and "opened/closed" folder icons let you expand or collapse a branch of the tree click Relative Distinguish Name will display its content in entry content window (3) in entry content window: "Add/New" button means you can add or new an entry. Only you need is to change the first item in this window - Distinguish Name. Then a duplicated entry (except Distinguish Name) will be added to Directory Server "Modify" button lets you change and add and delete attributes with its value in this entry. You can do them all in an transaction. In INPUT field, you can type new value for an attribute or blank it (means you want to delete this attribute); In New Attr INPUT field you can type new attribute name with its value; "browse" button let you upload binary file (e.g graphic file, jpeg, gif and png support so far and the suffix of attribute name must be ";jpeg", ";jpg", ";jpe", ";gif" or ".png") to Directory Server "Delete" button means DELETE this ENTRY! NOT means delete an attribute "Rename" button lets you rename the Distinguish Name of an entry No matter what action you want to submit, Add/New, Modify or Rename, you can add/modify/delete attributes at the same time in the transaction 2. Why LDAP Explorer can not display entry with binary attribute correctly? There is a bug in LDAP module of PHP3. Patch I wrote for PHP3 can be found at: ftp://igloo.its.unimelb.edu.au/pub/Linux/PHP3 It modified four functions in ldap.c: php3_ldap_get_values () php3_ldap_get_entries () php3_ldap_get_attributes () php3_ldap_modify () Re-compile PHP3 source code with the patch. No change needed in your PHP3 code to access binary attribute 3. Why not just use a small Perl cgi script to talk to an ldap client which can integrate OpenLDAP project easily? ..... the Perl/CGI love affair doesn't last forever. As your scripts get larger and your server more heavily loaded, you inevitably run into the performance wall. A 1,000-line Perl CGI script that runs fine on a lightly loaded web site becomes unacceptably slow when it increases to 10,000 lines and the hit rate triples. You may have tried switching to a different programming language and been disappointed. Because the main bottleneck in the CGI protocol is the need to relaunch the script every time it's requested, even compiled C won't give you the performance boost you expect ...... - Lincoln Stein & Doug MacEachern, <> 4. Meaning of LDAP Tree and Data Structure of temporary file on hard disk? Meaning of the LDAP tree with its variables ------------------------------------------- $row $level - igloo.its.unimelb.edu.au 0 0 | - l=Melbourne, st=Victoria, c=AU 1 1 | | + o=igloo CA 2 2 | | + o=The University of Melbourne 3 2 | | | | | Structure of temporary file --------------------------- level 2 -- 2 expanded -- 0 dn -- o=igloo CA, l=Melbourne, st=Victoria, c=AU rdn -- o=igloo CA level 3 -- 3 collapsed -- 1 dn -- ou=ISD, o=igloo CA, l=Melbourne, st=Victoria, c=AU rdn -- ou=ISD level 3 -- 3 collapsed -- 1 dn -- ou=People, o=igloo CA, l=Melbourne, st=Victoria, c=AU rdn -- ou=People level 3 -- 3 collapsed -- 1 dn -- ou=Roaming, o=igloo CA, l=Melbourne, st=Victoria, c=AU rdn -- ou=Roaming level 2 -- 2 collapsed -- 1 dn -- o=The University of Melbourne, l=Melbourne, st=Victoria, c=AU rdn -- o=The University of Melbourne 5. Does LDAP Explorer have search/find feature? The feature that searching entries in Directory Server has been added in LDAP Explorer version 1.14. In login windows, "Search Scope" item select "subtree" then press "explore" button. LDAP Explorer will open and filter all the entries that satisfied searching condition. The display will be a little bit slow than normal "one level" scope if you select "subtree" search. 6. How to deal with temporary files - "LE00*" on hard disk? They become more and more. And they are eating up a lot of space. Here's a way how to delete temporary files that are 1 day old: [root@igloo /root]# find /home/httpd/html/tmp -name "LEOO*" -atime 1 -exec rm {} \; Add this command line to your crontab. Cron job will check the file stamptime and delete it automatically if it's one day old. 7. Apache returns "Maximum execution time exceeded in tree.php3 on line xxx". This problem happens while you are browsing a very large Directory Server tree or an entry with a lot of attributes. PHP is time out before apache finishes the session. Here's a simple way to solve this problem. Change the variable "max_execution_time" in PHP configuration file (e.g, /etc/php3/apache/php3.ini) from default 30 (seconds) to 300. Then restart apache server. Another solution hinted by Sergio Ballestrero is using set_time_limit function. If the value is set to 0, no time limit is imposed while script is executed. 8. How to config Novell eDirectory Server to let LDAP Explorer can explore it? Here is some experiences to config your Novell eDirectory Server: 1) Novell eDirectory trial copy on Linux can be downloaded from: http://www.novell.com/download/ including NDS/LDAP server for Linux and Windows component. 2) Stop OpenLDAP server on your Linux box. Because you can not change default LDAP port (389) in eDirectory. 3) Install Novell eDirectory on your Linux box. Select "YES" when installation program asks you whether Install LDAP, Create LDAP Group Object 4) Start NDS/LDAP server, run: /etc/rc.d/init.d/ndsd start 5) Install eDirectory Windows component on Windows box. Login as client of Netware. Then start java based ConsoleOne. 6) Select Properties of LDAP Group, in General option, turn on "All Clear Text Passwords" 7) Click OK buttion in ConsoleOne. 8) in LDAP Explorer, inputting your configuration, e.g: LDAP Server: igloo.its.unimelb.edu.au Port: 389 Base DN: o=mycompany Bind DN As: CN=admin,OU=is,O=mycompany Bind Password: 12345678 Filter: objectclass=* Search Scope: one level Click Explore button then you can access full directory service provoided by Novell eDirectory. Novell has a public LDAP server at: www.nldap.com. To have a test, you can set configuration as: host: www.nldap.com port: 389 base DN: o=Novell 9. Why the double-quotes symbol " in the inputting field became \" in the Directory Server? It's a trick of PHP language to be set for GPC (Get/Post/Cookie) operations. The default option is set On by nable-magic-quotes in configuration file - php.ini. Switch it to Off will solve the problem. 10. Why LDAP Explorer returns "no such file or directory" after upgraded PHP to 4.0.3x? Brian Dragoo reported LDAP Explorer returned: Warning: fopen("/home/httpd/html/tmptmp/LEOOOEYsTr","w+") - No such file or directory in /home/httpd/html/LDAPExplorer/tree.php3 on line 187 after upgraded his PHP to version 4.0.3. The reason is that PHP developers has changed the behaviour of function tempnam (). A test script can identify the difference between the old and latest version: "; require ("template/footer.inc"); ?> In old version of PHP, it returns: tmpfname = ./FOOL1aqdZ In version 4.0.3x, result is: tmpfname = /tmp/FOOL1aqdZ But PHP 4.0.3x on Solaris box returns: tmpfname = ./FOOL1aqdZ A quick fix of the problem is change the configuration in default.php3 file from: $default->tmpdir = "/tmp"; to: $default->tmpdir = "/";