1 — The State of Apache Directory Studio

1.1 — What is Apache Directory Studio?

Apache Directory Studio is an LDAP client platform based on Eclipse and extending it with several plugins. These plugins can be installed into an standard Eclipse distribution using an update site. Developers familiar with Eclipse will experience a seamless integration into their IDE. There are also installers and compressed archives available to run Apache Directory Studio as a standalone application on Mac OS X, Linux and Windows.

Apache Directory Studio leverages the Eclipse platform (Views, Editors, Wizards, Jobs API, Help System) by implementing Eclipse extension points. It also provides its own extension points to make itself extensible.

Developed at the Apache Software Foundation (ASF) as a sub-project of the Directory project, Apache Directory Studio is Open Source, free and distributed under the terms of the Apache License 2.0.

The Apache Directory Studio Architecture

1.2 — Features

The current version of Apache Directory Studio is composed of five major plugins:

✓ The LDAP Browser Plugin is a tool for browsing, searching and editing entries present in an LDAP Server.

✓ The LDIF Editor Plugin can be used to edit LDIF files. It provides syntax highlighting and context assistance.

✓ The Schema Editor Plugin is intended to design and edit the Schema of an LDAP Server (object classes and attribute types).

✓ The Configuration Plugin for Apache DS can be used to edit the configuration file of the Apache Directory Server.

✓ The ApacheDS Plugin provides an integrated LDAP server within Apache Directory Studio.

1.3 — Version history and future

Version 1.0 was released during the first edition of LDAPCon, in September 2007 in Köln. Since then, five gradual improvements releases were issued.

The latest stable version is 1.5.3 has been released in April 2010 and the start of the work on a 2.0 release of Apache Directory Studio began later that year.

A little more than a year later, we are happy to present a preview of the new features and enhancements the Apache Directory community has been working on.

2 — Presentation of Apache Directory Studio 2.0

2.1 — A common shared code-base between ApacheDS and Apache Directory Studio

In parallel to the development of Apache Directory Studio 2.0, the team of developers at the Apache Directory project also started working on a 2.0 version of ApacheDS, the LDAP server.

Initially developed at different times, on different branches and by different people, these two "products", while having a lot of similarities, had their own implementation of some common key LDAP concepts like attributes, entries, etc.

Thus a lot of code has been modified in both projects with a common objective to share as much as possible the same code-base and avoid re-inventing the wheel in each project.

These things does not show up that much in the user interface of most plugins of Apache Directory Studio but, under the hood, a lot of things have been changed. Overall, the UI may look the same but the internals mechanics have seen major modifications.

This is particularly true in areas like connection, schema and entries/attributes management.

2.2 — A new LDAP protocol wrapper, the Apache Directory LDAP API

Following this effort, another important milestone has been the creation of a dedicated Java LDAP API.

Initially presented at last LDAPCon in 2009, the Apache Software Foundation and the OpenDS team at Sun Microsystems decided to join their effort in defining a new implementation of an LDAP API, as a replacement to the too generic, and sometimes mis-leading, JNDI (Java Naming and Directory Interface) API.

The acquisition of Sun Microsystems by Oracle changed the game and the API is now only developed at the ASF and near a first official stable release.

The key concepts of this new API are 'ease of use' and 'versatility'. Designed from the LDAP protocol, the API offers common objects and methods related to LDAP management like:

✓ the ability to work with an LDAP connection with support for all kinds of operations (bind, search, add, delete, etc.), as well as complex authentication methods (SASL, Kerberos)

✓ easy entries, attributes and values manipulation

✓ schema handling for better comparison of values

✓ utilities to read/write LDIF files

Here’s an example of usage of the Apache Directory LDAP API:

// Creating the LDAP connection LdapConnection connection = new LdapNetworkConnection( "localhost", 10389 );

// Binding connection.bind( "uid=admin,ou=system", "secret" );

// Searching for entries EntryCursor results = connection.search( new Dn( "ou=system" ), "(objectClass=*)", SearchScope.SUBTREE, "*" );

// Iterating on the results while ( results.next() ) { // Getting the next entry Entry entry = results.get();

// Iterating on the entry’s attributes for ( Attribute attribute : entry ) { // Iterating on the attribute’s values for ( Value value : attribute ) { // TODO: Do something with the value } } }

// Adding an entry Entry entry = new DefaultEntry( "ou=group, ou=system" ); entry.add( "objectClass", "top", "organizationalUnit" ); entry.add( "ou", "group" ); connection.add( entry );

// Deleting an entry connection.delete( "ou=group, ou=system" );

// Closing the LDAP connection connection.close();

/* ------*/

// Reading a LDIF file LdifReader ldifReader = new LdifReader( "/Users/pajbam/Desktop/file.ldif" );

// Iterating on the entries in the LDIF file while ( ldifReader.hasNext() ) { // Getting the next entry LdifEntry ldifEntry = ldifReader.next(); }

// Closing the LDIF reader ldifReader.close();

An example of code showing the usage of the Apache Directory LDAP API.

The Apache Directory LDAP API is used at the base of ApacheDS and has also been included into Apache Directory Studio 2.0. It is now possible to use this API as a network provider in the connections of the LDAP Browser. Each connection has a new parameter defining the preferred network provider and a popup menu allows the user to select his preferred way to communicate with the directory server.

The New LDAP Connection Wizard showing the choice between network providers

2.3 — ApacheDS Configuration Plugin v2.0 for the upcoming ApacheDS 2.0 release

Another feature introduced in Apache Directory Studio is the Configuration Editor for ApacheDS version 2.0. This upcoming release of ApacheDS, currently being developed, will bring a lot of new features like an improved multi-master replication, a new schema manager and a dynamic configuration editable via LDAP (and an LDIF file).

The ApacheDS Configuration Plugin v2.0 allows you to edit the configuration of an ApacheDS 2.0 server live, directly on the server via a connection defined in the LDAP Browser. From basic settings such as the ports for LDAP/LDAPS protocols of the LDAP server, to more complex partition configuration, this new version of the plugin helps you modify the settings to fit your needs via a simple user interface.

The ApacheDS 2.0 Configuration Editor

2.4 — Brand new LDAP Servers plugin built for openness

Apache Directory Studio 1.x already included an ApacheDS plugin (actually several, one per ApacheDS version) which allowed the user to create a new instance of an ApacheDS LDAP server in just a few clicks.

For the 2.0 version, we wanted to enlarge our vision and provide a way to be more generic, extensible and open. Based on the already existing functionalities we have built a new LDAP Servers plugins which defines an extension point allowing any developer to add new LDAP server implementation adapters. All previous ApacheDS plugins for version 1.5.3 to version 1.5.7 have been converted to use the new mechanism and contributors can easily add their own server adapter implementation.

Most of the user interface stays the same and a new page in the server creation wizard allows the user to select the server type (vendor, product, version) he wants for his new server.

The New LDAP Server Wizard displaying all the available servers.

3 — Presentation of IKTEK Directory Studio

3.1 — Apache Directory Studio as a foundation

IKTEK Directory Studio is a commercial LDAP and Directory tooling platform leveraging Apache Directory Studio’s Open Source license (Apache License 2.0) and extension points which contributes additional features to the platform.

The product is built by IKTEK, a french software and consulting company specialized in Identity Management and Open Source which counts two of the most active committers on the Apache Directory project.

IKTEK is dedicated to provide enterprise enhancements to features existing in Apache Directory Studio, as well as new specific plugins for OpenLDAP.

3.2 — Enhancements to the LDAP Browser

3.2.1 — The Template Editor

The first enhancement to the existing tools in the LDAP Browser of Apache Directory Studio is the Template Editor. This specific Entry Editor allows you to display or edit entries selected in the LDAP Browser in a much more pleasant way than in the traditional Table or LDIF Editors.

According to the type (objectClass attribute) of the entry the Template Editor chooses one of the templates to display informations of entry on screen in a nicely formatted manner.

Templates are written in XML and additional ones can be developed and added easily in the preferences of the application. We provide a complete documentation on the XML syntax to use to design a template. From simple widgets like text fields, checkboxes or radio buttons to more complex ones like password, date or image editor, the template format is powerful and allows all kind of designs.

The Template Editor displaying a person entry.

3.2.2 — The Combined Editor

Another great addition is the Combined Editor which gathers all three commonly used editors, the Template Editor, the Table Editor and the LDIF Editor into a single tabbed editor.

The tab bar at the bottom of the editor makes it easy to switch from one view to the other without requiring extra clicks.

The behavior of the editor is configurable in the preferences. A default editor can be defined and it is also possible, if the Template Editor is set as default, to fall back automatically to another editor if no template has been found for the currently selected entry.

The Combined Editor with the Table Editor selected.

3.3 — New dedicated plugins specific to OpenLDAP

3.3.1 — The OpenLDAP ACL Editor

The OpenLDAP ACL Editor is a specific Value Editor that can be used to edit OpenLDAP ACL values. It features an easy to use visual editor and a powerful source code text editor.

The visual editor displays a clear and comprehensive user interface with specific widgets for each kind of clause while the source code text editor, which provides syntax highlighting and code templates proposals, can be used for more complex ACL expressions.

Editing an ACL value with the OpenLDAP ACL Editor.

3.3.2 — The OpenLDAP Configuration Editor

Following the same principles as the ApacheDS Configuration Editor, the OpenLDAP Configuration Editor is a complete solution to edit the configuration of an OpenLDAP server live, via a connection in the LDAP Browser.

The graphical editor allows you to edit basic settings, as well as databases and overlay configurations.

Editing the OpenLDAP configuration from a connection.