

                    Generic  LDAP  Client  Tool
  _    ____   ___  ____    ____ _   _ ____  _     ___  ____   ____ ____
 | |  |  _ \ / _ \   _ \  |  __\ \/ /   _ \  |   / _ \   _ \ |  __   _ \
 | |  | | \ | |_| | |_) ) | |_  \/ / | |_) ) |  | | | | |_) )| |_ | |_) )
 | |__| |_/ |  _  |  __/  | |__ / /\ |  __/  |__| |_| |  _ / | |__|  _ /
 |_________/ _| |_ _|     |____/_/\_\ _|   |____ \___/ _| \_\ ____ _| \_\

					Latest Updated: Sep 30, 2000


 1. How to use LDAP Explorer?   ..........................................

 2. Why LDAP Explorer can not display entry with binary attribute 
    correctly?   ......................................................... 

 3. Why not just use a small Perl cgi script to talk to an ldap client 
    which can integrate OpenLDAP project easily?   .......................

 4. Meaning of LDAP Tree and Data Structure of temporary file on 
    hard disk?   .........................................................

 5. Does LDAP Explorer have search/find feature?   .......................

 6. How to deal with temporary files - "LE00*" on hard disk? They become
    more and more. And they are eating up a lot of space.   ..............

 7. Apache returns "Maximum execution time exceeded in tree.php3 on line 
    xxx".   .............................................................. 

 8. How to config Novell eDirectory Server to let LDAP Explorer can 
    explore it?   ........................................................

 9. Why the double-quotes symbol " in the inputting field became \" in the
    Directory Server?   ..................................................

10. Why LDAP Explorer returns "no such file or directory" after upgraded 
    PHP to 4.0.3x?   .....................................................


 1. How to use LDAP Explorer?

    Here are some tips if you are using LDAP Explorer:

    (1) After you have logined on, you can see two windows LDAP Explorer
	interface: one is directory server tree window; another is entry
	content window. 

    (2) in tree window:

	"plus/minus" and "opened/closed" folder icons let you expand or
	collapse a branch of the tree

	click Relative Distinguish Name will display its content in 
	entry content window
  
    (3) in entry content window: 

	"Add/New" button means you can add or new an entry. Only you need is 
	to change the first item in this window - Distinguish Name. Then a 
	duplicated entry (except Distinguish Name) will be added to 
	Directory Server

	"Modify" button lets you change and add and delete attributes with
	its value in this entry. You can do them all in an transaction. 
	In INPUT field, you can type new value for an attribute or blank 
	it (means you want to delete this attribute); In New Attr INPUT 
	field you can type new attribute name with its value; "browse" 
	button let you upload binary file (e.g graphic file, jpeg, gif 
	and png support so far and the suffix of attribute name must be
	";jpeg", ";jpg", ";jpe", ";gif" or ".png") to Directory Server

	"Delete" button means DELETE this ENTRY! NOT means delete an
	attribute	

	"Rename" button lets you rename the Distinguish Name of an entry

	No matter what action you want to submit, Add/New, Modify or Rename,
	you can add/modify/delete attributes at the same time in the 
	transaction


 2. Why LDAP Explorer can not display entry with binary attribute correctly?

    There is a bug in LDAP module of PHP3. Patch I wrote for PHP3 can be
    found  at:

	ftp://igloo.its.unimelb.edu.au/pub/Linux/PHP3

    It modified four functions in ldap.c: 

	php3_ldap_get_values ()
        php3_ldap_get_entries ()
        php3_ldap_get_attributes ()
        php3_ldap_modify ()

    Re-compile PHP3 source code with the patch. No change needed in your 
    PHP3 code to access binary attribute
    

 3. Why not just use a small Perl cgi script to talk to an ldap client 
    which can integrate OpenLDAP project easily? 

    ..... the Perl/CGI love affair doesn't last forever. As your scripts
    get larger and your server more heavily loaded, you inevitably run into
    the performance wall. A 1,000-line Perl CGI script that runs fine on
    a lightly loaded web site becomes unacceptably slow when it increases
    to 10,000 lines and the hit rate triples. You may have tried switching
    to a different programming language and been disappointed. Because the
    main bottleneck in the CGI protocol is the need to relaunch the script
    every time it's requested, even compiled C won't give you the performance
    boost you expect ......

    - Lincoln Stein & Doug MacEachern, <<Writing Apache Modules with Perl 
      and C>>


 4. Meaning of LDAP Tree and Data Structure of temporary file on 
    hard disk? 

    Meaning of the LDAP tree with its variables
    -------------------------------------------
                                                 $row   $level

    - igloo.its.unimelb.edu.au                     0      0
    |     - l=Melbourne, st=Victoria, c=AU         1      1
    |     |   + o=igloo CA                         2      2
    |     |   + o=The University of Melbourne      3      2
    |     |   |
    |     |  <expand this branch of the tree>
    <collapse this branch of the tree>

    Structure of temporary file
    ---------------------------
     level 2  -- 2
    expanded  -- 0
          dn  -- o=igloo CA, l=Melbourne, st=Victoria, c=AU
         rdn  -- o=igloo CA
     level 3  -- 3
   collapsed  -- 1
          dn  -- ou=ISD, o=igloo CA, l=Melbourne, st=Victoria, c=AU
         rdn  -- ou=ISD
     level 3  -- 3
   collapsed  -- 1
          dn  -- ou=People, o=igloo CA, l=Melbourne, st=Victoria, c=AU
         rdn  -- ou=People
     level 3  -- 3
   collapsed  -- 1
          dn  -- ou=Roaming, o=igloo CA, l=Melbourne, st=Victoria, c=AU
         rdn  -- ou=Roaming
     level 2  -- 2
   collapsed  -- 1
          dn  -- o=The University of Melbourne, l=Melbourne, st=Victoria, c=AU
         rdn  -- o=The University of Melbourne


 5. Does LDAP Explorer have search/find feature? 

    The feature that searching entries in Directory Server has been added
    in LDAP Explorer version 1.14. In login windows, "Search Scope" item 
    select "subtree" then press "explore" button. LDAP Explorer will open
    and filter all the entries that satisfied searching condition. The 
    display will be a little bit slow than normal "one level" scope if you
    select "subtree" search.


 6. How to deal with temporary files - "LE00*" on hard disk? They become
    more and more. And they are eating up a lot of space. 

    Here's a way how to delete temporary files that are 1 day old:

    [root@igloo /root]# find /home/httpd/html/tmp -name "LEOO*" -atime 1 -exec rm {} \;

    Add this command line to your crontab. Cron job will check the file 
    stamptime and delete it automatically if it's one day old.


 7. Apache returns "Maximum execution time exceeded in tree.php3 on line 
    xxx". 

    This problem happens while you are browsing a very large Directory 
    Server tree or an entry with a lot of attributes. PHP is time out
    before apache finishes the session. 

    Here's a simple way to solve this problem. Change the variable 
    "max_execution_time" in PHP configuration file
    (e.g, /etc/php3/apache/php3.ini) from default 30 (seconds) to 300. 
    Then restart apache server.

    Another solution hinted by Sergio Ballestrero is using set_time_limit
    function. If the value is set to 0, no time limit is imposed while
    script is executed.

 8. How to config Novell eDirectory Server to let LDAP Explorer can 
    explore it?

    Here is some experiences to config your Novell eDirectory Server:

    1) Novell eDirectory trial copy on Linux can be downloaded 
    from:

	http://www.novell.com/download/

    including NDS/LDAP server for Linux and Windows component.

    2) Stop OpenLDAP server on your Linux box. Because you can not 
    change default LDAP port (389) in eDirectory.

    3) Install Novell eDirectory on your Linux box. Select "YES" when
    installation program asks you whether Install LDAP, Create LDAP 
    Group Object 

    4) Start NDS/LDAP server, run:

 	/etc/rc.d/init.d/ndsd start

    5) Install eDirectory Windows component on Windows box. Login as
    client of Netware. Then start java based ConsoleOne. 

    6) Select Properties of LDAP Group, in General option, turn on 
    "All Clear Text Passwords"

    7) Click OK buttion in ConsoleOne. 

    8) in LDAP Explorer, inputting your configuration, e.g:

	LDAP Server: igloo.its.unimelb.edu.au
	Port: 389
        Base DN: o=mycompany
	Bind DN As: CN=admin,OU=is,O=mycompany
	Bind Password: 12345678
	Filter: objectclass=*
	Search Scope: one level

    Click Explore button then you can access full directory service
    provoided by Novell eDirectory.

    Novell has a public LDAP server at: www.nldap.com. To have a test,
    you can set configuration as:

	host: www.nldap.com
	port: 389
	base DN: o=Novell


 9. Why the double-quotes symbol " in the inputting field became \" in the
    Directory Server?

    It's a trick of PHP language to be set for GPC (Get/Post/Cookie) 
    operations. The default option is set On by nable-magic-quotes in
    configuration file - php.ini. Switch it to Off will solve the problem.


10. Why LDAP Explorer returns "no such file or directory" after upgraded 
    PHP to 4.0.3x?

    Brian Dragoo <bdragoo@thomasaquinas.edu> reported LDAP Explorer 
    returned:

	Warning: fopen("/home/httpd/html/tmptmp/LEOOOEYsTr","w+") - No such file
    or directory in /home/httpd/html/LDAPExplorer/tree.php3 on line 187

    after upgraded his PHP to version 4.0.3. 

	The reason is that PHP developers has changed the behaviour of 
    function tempnam (). A test script can identify the difference 
    between the old and latest version:

	<?php 

	require ("template/header.inc");
	require ('default.php3');

	$tmpfname = tempnam (".", "FOO");

	echo "tmpfname = $tmpfname";
	echo "<BR>";

	require ("template/footer.inc");

	?> 

	In old version of PHP, it returns:

		tmpfname = ./FOOL1aqdZ

	In version 4.0.3x, result is:

		tmpfname = /tmp/FOOL1aqdZ

	But PHP 4.0.3x on Solaris box returns:

		tmpfname = ./FOOL1aqdZ

	A quick fix of the problem is change the configuration in default.php3 
	file from:

		$default->tmpdir = "/tmp";

	to:

		$default->tmpdir = "/";



