JXplorer handles all the basic ldap operations required to browse and modify an ldap directory. In addition it is highly configurable - the user can customise it in a number of ways, ranging from simple configuration of html viewing templates through to creating plug in java code.
The following describes each feature in more detail.
Ldap operations: add/delete/copy/modify
A graphical tree view allows users to easily delete and copy entries. A table view (or an html form view, if provided) allows the user to edit attributes of an entry, including multi-values and binary attributes. JXplorer reads schema from ldap v3 directories and uses that schema to create a template for creation of new entries from scratch.
JX can manage multiple directories at the same time, and even allows copying data between them.
Complex operations: tree copy and tree delete
Many directories do not support the renaming of non-leaf entries, or the deletion of entire trees of entries. JXplorer supports both by reading and re-writing the tree behind the scenes.
Optional GUI based search filter construction
Constructing raw ldap search filters is beyond most users, so in addition to raw entry JXplorer provides a mathematically complete, yet easy to use, method of graphically building these search filters.
SSL and SASL authentication
Full support for SSL and SASL authentication is provided via a custom java SSL socket factory. Graphical tools are provided to browse the certificate keystores and view certificates.
HTML templates/forms for data display
Users may provide their own html template pages to display their data, using a simple extension to html (the addition of an 'attribute' tag). In addition, html forms can be provided to modify entries using the same technique. The same html page can combine both editable and read only data.
Table view of generic entry data
If html templates are not available, or when viewing arbitrary data, a generic table view of entries is provided.
Binary Data Attribute Handling
A wide range of binary data (audio files, images, certificates etc.) are handled by both the table and html entry editors, and more can be added by the user through writing code plugins. On windows, many data types can be handed off to the default handlers, and this works to some extent on unix variants as well.
Users can write their own entry handling 'plug-ins' to work along side, or take the place of, the html and table entry editors.
These plugins are triggered on the particular object class (or parent object class) of the entry being viewed. Using this technique entire applications for directory administration and handling can be (and have been!) written.
Security Keystore GUI
A graphical interface to the java keystore has been written, and has been tested with a number of keystore formats. This allows users less familiar with certificate based security to work with certificates in a manner similar to that supported in modern web browsers.
The keystore is used to set up SSL and SASL authentication. Developers can also use the GUI keystore code stand alone in their own applications.
Pluggable security providers
The default Sun security provider / key stores are currently somewhat limited, especially with relation to private key handling (their pkcs#12 and pkcs#8 support, as of java 1.4, is very fragile). To support these formats more thoroughly, or to support other types of keystore (raw PEM files, pkcs#11 smartcards etc.) other security providers may be specified. The graphical key store interface will automatically pick up and handle these new key store types as they are made available.
Full internationalisation support
JXplorer comes with java-style translation files (a list of keywords and phrases). The basic java i18n file readers have been extended to allow these files to read UTF-8 and Unicode.
JXplorer has been translated into Japanese in the past, and tested with Chinese, Korean, French and German. (Unfortunately the Japanese translation files are currently incomplete due to further development work adding new words and phrases, but creating these translation files should be straight forward for a native speaker - please contact us if you do this in Japanese or any other language, we would love to add them to the release!)
JXplorer also correctly deals with normal ldap unicode handling. Combined with java's support for locale-specific language encodings, this means it works correctly 'out of the box' on non-english platforms as far as data entry and display are concerned (although actual program text will still appear in English until a translation file is produced).
LDIF file format support
JXplorer can both read and write LDIF (Ldap Data Interchange Format: RFC 2849) files, allowing data to be dumped from and loaded into directories. In addition it can operate to a limited extent on these files off-line (although the lack of schema information precludes some operations).
Highly user configurable
It is a simple matter to set up a different look and feel, different icons, different html templates etc. All that has to stay the same is the open source licence!
Drag-n-drop browsing operation
Drag and Drop browsing is enabled in the tree - although at the moment it's sometimes a little frustrating, and you may want to turn it off... :-(
Handles tricky ldap cases
There are a number of features in ldap that browsers have historically struggled with including:
- Multi valued rdns:
Ldap allows names to have multiple values: eg 'cn=fred+sn=blogs+id=11873'. Many browsers are unable to display these entries.
- Binary attributes:
Entries with binary attribute values are difficult to deal with. JXplorer provides a number of default handlers for common binary data types (gif, jpg, passwords, certificates, a number of audio formats) and allows loading/saving of binary data from and to file in all cases.
There is a default certificate viewer functionally similar to the default windows certificate viewer built into JXplorer.
- Unicode characters:
Ldap specifies the use of UTF-8 to represent unicode in distinguished names. Unfortunately there are a number of equivalent methods of doing this, and many browsers handle none, or only one. JXplorer has been widely tested on a number of Asian languages (Japanese, Korean, Chinese) as well as many European languages.
- Special Characters in Names:
A number of characters (e.g. '+' ',' '=' etc.) are handled specially in ldap names. JXplorer seamlessly translates them between the user interface and the back end.
Version 3 JX uses the Sun DSML/jndi provider to allow access to DSML enabled directories. Currently it only allows anonymous binds.
Slapd compatibility has been improved in version 3, with support for the 'SUP' schema keyword added, and experimental support for forcing ';binary' to be added to binary attributes using the 'useVerboseBinary' config variable.
For directories that support it (such as AD), JXplorer can use paged results to read back large data sets in multiple requests.