FAQ

FAQ is the first place to look at if you want to find out more about what using Softerra LDAP Administrator is really like. Below you'll find answers to most frequently asked technical questions usually associated with our product.

No, it doesn't. If you want to use version 2008, please upgrade.
For basic HTML View customization, you have to be familiar with HTML and XML. Advanced HTML View customization may require XSLT and JavaScript experience. For further details, please take a look at the HtmlView folder located in "C:\Program Files\Common Files\Softerra Shared\LDAP Administrator 3" for LDAP Administrator 3.x and C:\Program Files\Softerra\LDAP Administrator 4 for LDAP Administrator 2008.

Yes, it's possible.

Yes, they do.

PROBLEM

By default, LDAP Administrator uses the local application data folder to store its configuration files, like metabase and schema cache. Such behavior can cause problems for those using roaming profiles in their network.

SOLUTION

  • Open registry editor (Start->Run->regedit.exe)
  • Navigate to or create registry key
    • HKEY_LOCAL_MACHINE\SOFTWARE\Softerra\LDAP Administrator 3\Settings - for version 3.x
    • HKEY_LOCAL_MACHINE\SOFTWARE\Softerra\LDAP Administrator 4 - for version 2008.x/2009.x (aka 4.x)
  • Create a non-zero DWORD value here called EnableApplicationDataRoaming

You can use the HKEY_CURRENT_USER registry hive as well if you want to change the location of application data files only for specific users. In case both registry entries are used, the value from HKEY_LOCAL_MACHINE has a priority over the value from HKEY_CURRENT_USER.

APPLIES TO

The method described above applies only to Softerra LDAP Administrator version 3.4 (build 1700) and higher.

QUESTIONS

Where does the application store my profiles?

How can I copy or back up my profiles?

Do I need to back up my profiles when reinstalling LDAP Administrator?

ANSWERS

Softerra LDAP Administrator 2.X and Softerra LDAP Browser 2.X store profiles in the registry under the [1] and [2] registry keys respectively. Softerra LDAP Administrator 3.X keeps them in a file called metabase.stg, which is located in the application’s configuration folder [3].

You can copy or back up your version 2.X profiles using the Windows Registry Editor tool. To copy version 3.X profiles, just copy the metabase.stg file from [3]. Note: this file is not human readable, so it can't be read or manually edited. To copy your profiles from one workstation to another, just copy the existing metabase.stg file into the appropriate folder on the target workstation.

You don't need to back up/restore your profiles when reinstalling Softerra LDAP Administrator because they do not get removed during the uninstallation.

LINKS

  1. HKEY_CURRENT_USER\Software\Softerra\LDAP Administrator
  2. HKEY_CURRENT_USER\Software\Softerra\LDAP Browser
  3. C:\Documents and Settings\%LOGINGUSERNAME%\Local Settings\Application Data\Softerra\LDAP Administrator 3\

SYMPTOMS

At some moment LDAP Browser experiences a considerable slowdown, so you have to wait 2-3 seconds before it adds a new node into the left-hand side tree view panel.

CAUSE

Incorrect DNS setting or complete absence of DNS.

WORKAROUND

Change your DNS settings so that the client and server hosts have both direct and reverse resolving via DNS enabled. Another possible solution could be adding required records to the hosts (lmhosts) file.

SYMPTOMS

An error occurs while attempting to install LDAP Browser/LDAP Administrator and the installation process is abandoned.

CAUSE

The reason for the above is usually one of the following:

  • The installation package has been corrupted/damaged during download.
  • You are not duly authorized to install the applications to your system.
  • Your hard drive has run out of free space or your disk quota is exceeded.
  • You don't have permissions to write to the application destination folder.

WORKAROUND

  • To make sure the installation package is not damaged, you need to check its MD5 hash sum. To calculate MD5/SHA1 hash, you can use one of the free hash calculators available. After getting the package's MD5/SHA1 hash sum, you then need to compare it to the original one provided at the download page. If MD5/SHA1 hash differs in any way, this means that the package is corrupted and has to be downloaded anew. Please note that the damaged package might have been cached by your proxy servers chain or by your web browser local cache, so it's strongly recommended you disable your proxy and clear the browser cache before a repeat file download.
  • Make sure you are duly authorized to install applications and to write to the filesystem.
  • Check if your hard drive has enough free disk space. Perform a temporary directory cleaup, if necessary. It's recommended you have at least 20 Mb free disk space of the destination drive to ensure successful installation.

SYMPTOMS

This article concerns LDAP Administrator versions 2.x or LDAP Browser versions 2.x. Having an LDAP server profile created with the SSL configuration enabled, you still can't connect to the server. As a result, "[error 81] Can't contact LDAP server" is displayed.

CAUSE

This kind of behaviour occurs due to the absence of necessary SSL certificates in the certificate database, or the absence of the certificate database itself. This certificate database is required for an LDAP client library to establish the SSL connection.

WORKAROUND

You should create and populate a certificate database containing the necessary certificates manually.To do this, please follow the procedure below:

  • Download and install the Netscape web browser version 4.x. Note that it's vital to use version 4.x - later version like 5+ or Firefox use newer certificate store format which is incompatible with the version used by LDAP Browser 2.x.
  • Run the Netscape browser.
  • Open URL: https://yourserver:sslport/, where:
    • yourserver - Your LDAP server address, provided it is an IP or host name. For example: 192.168.234.33 or ldap.mycompany.com.
    • sslport - A TCPIP port number used by your server to accept SSL connections. Usually his port number is 636.
  • You'll see the Netscape Certificate Name Check window. Follow the instructions provided there and accept the server certificate for this and future sessions.
  • Close the Netscape browser
  • Copy the key3.db and cert7.db files from the Netscape user profile directory to the LDAP Administrator or LDAP Browser root directory.
  • Restart LDAP Administrator or LDAP Browser.
  • Open the server profile.
  • Change Port number at the General tab. Press Apply.
  • Check the Try to use SSL box at the LDAP Settings tab. Press Apply.
  • Press OK.

QUESTION

I have found a problem/a bug. Where can I report it to?
I'd like to make a suggestion. Who can I send it to?
I've come across a problem and can't find a solution. What do I do?

ANSWER

If you have found a problem or a bug, please send us a report. Try to include as much hardware (CPU, RAM, Motherboard, Video) and software (OS version, Service pack, Internet Explorer version, MS Office version, LDAP Administrator version) information of yours as possible along with the description/instructions to help us reproduce the problem.

To send a bug report or a suggestion, you can use the built-in functionality of LDAP Administrator or LDAP Browser. Open the Help menu and choose the Bug report or the Suggestion menu item featured therein.If you come across a problem, first please look through the FAQ section hereof for the solution, or consult help supplied with the application. In case you are still unable to cope with the problem, please do not hesitate to email us. We'll do our best to help.

SYMPTOMS

LDAP Administrator 2008.x or 3.x

When you connect to the Active Directory server using LDAP Administrator 2008 or 3.x expanding a first level node cases Operations Error with message The operation being requested was not performed because the user has not been authenticated or Invalid Credentials with The logon attempt failed.

LDAP Browser 2.x

When you connect to the Active Directory server using LDAP Browser 2.x, in the Output window or the messages.log file you'll see the following lines

Successfully connected to adserver.company.tld
Schema cache does not exist or expired. Fetching new one...
AttributeTypes:       Total: 0 Invalid: 0 Duplicated: 0
LDAPObjectClasses:     Total: 0 Invalid: 0 Duplicated: 0
MatchingRules:        Total: 0 Invalid: 0 Duplicated: 0

... with no entries available for browsing or search except the RootDSE entry. The absence of schema can create problems while trying to browse directories or to view binary attributes in particular.

CAUSE

You may experience such a behaviour when you connect to the Active Directory server anonymously or use invalid credentials. Windows logon name notion if often confused with the notion of LDAP DN. The former one could not be used to Active Directory authentication.

WORKAROUND

Unless specially configured, it is imperative you provide valid credentials for connecting to the Active Directory server.

To edit your credentials, open Server Profile Properties. Choose the Credentials tab and enter the proper user name and password into the corresponding input boxes. Generally, the Active Directory credentials have the following format: CN=Windows_User_Name,CN=Users,DC=company_name,DC=domain. For example: CN=John Smith,CN=Users,DC=example,DC=com. It's also possible to use the Kerberos principal name. For example: johns@example.com.

If you use LDAP Administrator 3.3 or later you may opt for using Currently logged on user checkbox and do not type any credentials information at all.

QUESTIONS

What is the difference between LDAP Administrator and LDAP Browser?
Which product should I use?
Which one better meets my needs?


ANSWER

LDAP Administrator is a powerful LDAP directory client which allows browsing, searching, creating, modifying and deleting LDAP directory content. LDAP Administrator is a commercial product, but its limited trial version is available for free for evaluation purposes. It is an ideal tool for web and software developers and mail/system administrators. It helps users manage and navigate a wide variety of LDAP servers easily and quickly.

LDAP Browser is a lightweight version of LDAP Administrator - it only allows browsing and searching an LDAP directory content without the ability of its modification. Unlike LDAP Administrator, LDAP Browser is absolutely free including if used commercially. LDAP Browser is a great tool for students and people wishing to get to know the LDAP technology but unsure they can handle all the complexity of LDAP command line tools.

SYMPTOMS

When a container consists of thousands of entries, its opening takes too much time before all the subentries are displayed.

CAUSE

Generally speaking, getting a thousand entries or more is not a fast operation because of the amount of data to be transferred. Besides, LDAP Administrator and LDAP Browser have certain tricks to ensure a better appearance in process of the smaller and mid-sized directory browsing. But if you surf through heavily stuffed LDAP directories, such tricks can slow the overall application performance down considerably.

WORKAROUND

To improve on the performance of LDAP Administrator/LDAP Browser, open the Tools menu and choose the Options menu item. In the dialog displayed click the Interface tab. Uncheck the Fetch subentries upon item selection and the Force to display the entry fetched last checkboxes featured thereon.

QUESTION

I've got the "Ordinal 6567 could not be located in MFC42U.DLL" error. What went wrong?

SYMPTOMS

While trying to start LDAP Administrator or LDAP Browser, the Ordinal 6567 could not be located in MFC42U.DLL error was displayed.

CAUSE

The problem occurred due to you having an invalid version of MFC42U.DLL installed. What LDAP Administrator requires is the MFC42U.DLL version supplied with Visual C++ v.6.0. So most probably you've got an older version installed on your system, perhaps the one supplied with Visual C++ v.5 or v.4.2.

WORKAROUND

We suggest you obtain a valid version of MFC42U.DLL. For example, you can get your copy from a PC where the application is working fine or from a Visual C++ 6.0 CD-ROM.

SYMPTOMS

After one connects to an OpenLDAP server and attempts to add, modify or delete an attribute, Error 18 (incorrect matching) is displayed.

CAUSE

An EQUALITY matching rule specifier missing in some attribute type definitions of the OpenLDAP schema. EQUALITY matchingrule is used by the server to perform value comparison and thus is expressly required for the mentioned operations. The absence of EQUALITY matchingrule makes it impossible to compare attribute values, which causes operation failure.

WORKAROUND

Open the attribute schema definition and add an EQUALITY matching rule specifier which best fits a particular attribute type.

SYMPTOMS

While browsing or searching through a directory, you are unable to get all of the subentries or search results and the "[error 4] sizelimit exceeded" message is displayed. Every time you are getting just a limited number of entries (e.g. 1000) returned.

CAUSE

Such a behavior may occur due to either of the two possible reasons, or both:

  • Profile settings. An LDAP Administrator profile you have created for the server has settings which are responsible for the request timeout and the search result size limit. Those restrictions are sent to the server with each request and if the size limit is less than the number of subentries in a certain entry, the application won't be able to get all of them.
  • LDAP Server settings. An LDAP server can be configured to return a certain number of entries that is not greater than the one defined. This can be done by modifying the server configuration files or the source code prior to compilation. In most cases such a configuration is made in order to optimize server load and prevent hacker attacks.

WORKAROUND

  • VLV or Simple Paging. Starting from version 3, LDAP Administrator features the Simple Paging and Virtual List View support. Their respective use is only limited to whether your server supports this kind of operations. To learn more on the above, please consult the application Help: Help->LDAP Administrator Help->Browsing Directory->Managing Large Amounts of Entries.
  • Profile settings. To edit a server property, select a server item in the left-hand side tree view panel and press the Properties button on the toolbar or press Alt-Enter. Then select the "LDAP Settings" tab, where the Entry count limit input will be displayed. Enter a new value better meeting your requirements. A Zero for this parameter means that the server is asked to return all the entries found in process of search.
  • LDAP Server settings. There isn't a universal way of solving this problem, for it depends on a number of reasons: what kind of server you are working with, whom the server belongs to, whether or not you enjoy administrator rights and physical access to the server. If your server is absent in the list of solutions recommended for well-known servers, we suggest you ask your system administrator or consult the server documentation.

    Workaround for well-known servers
    • Microsoft Active Directory. By default, Microsoft Active Directory which is a part of Windows 2000 Server, allows fetching only 1000 entries per one search request. In terms of this system such a restriction is called MaxPageSize. This parameter can be changed using the ntdsutil.exe file which is a command line tool supplied with Windows 2000 Server. Another way to change this parameter is to edit it directly inside the CN=Default Query Policy, CN=Query-Policies, CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=YOUR_COMPANY, DC=YOUR_COMPANY_TLD entry by using LDAP Administrator. In both cases you must have administrator rights.
    • OpenLDAP. The time limit for the OpenLDAP server can be changed in the config file (which can usually be found at /etc/openldap/slapd.conf). The parameter is called sizelimit. For more information please consult the slapd.conf Manual page or the OpenLDAP documentation.

Related Links

Still got questions?