Softerra Ldap Browser

Softerra LDAP Administrator 2.X and Softerra LDAP Browser 2.X store profiles in the registry under the 1 and 2 registry keys respectively. Softerra LDAP Administrator 3.X keeps them in a file called metabase.stg, which is located in the application’s configuration folder 3. Softerra LDAP Browser is the industry-leading software for browsing and analyzing LDAP directories. It provides a wide variety of features for handy viewing of directory contents, getting information about directory infrastructure and objects. Softerra Lightweight Directory Access Protocol (LDAP) Browser is software for browsing and analyzing LDAP directories. It provides a variety of features for viewing directory contents and getting information about directory infrastructure and objects. Technology/Standard Usage Requirements.

Powerful Directory Management Tool

Why You need LDAP ADMINISTRATOR

  • Can you visually and intuitively modify your LDAP directory without using command line utilities but still having all the advantages and power of Windows GUI?
  • Can you access OpenLDAP, Netscape/iPlanet, Novell eDirectory, Oracle Internet Directory, Lotus Domino or Microsoft Active Directory with just one tool?
  • Can you quickly manage and navigate throughout your directory regardless of its huge size and hierarchical complexity?
  • Have you got a tool that uses efficient LDIF import and export to maintain your directory in a good working order and to eliminate all sorts of data corruption risks so that you could always restore information from backup?

To answer 'Yes' to all these questions, just start using Softerra LDAP Administrator to make your life a lot easier and your work a much more enjoyable experience!

What Users say

  • Technician Manager, University of Teesside, UK
    Overall, this is a brillant...
  • Infineon Technologies AG
    Has anybody ever told you, that you are 'simply the best'. Many thanks (also to your colleagues) from me and my 'happy colleagues' (more than 20!!!).
  • Puratos Group
    ... let me congratulate, you and your team, for the Softerra LDAPAdministrator. .... the product has a clean interface and performs veryfast.

Press Room

...Overall, we were extremely impressed with this product's great performance, impressive feature set, ease of use, and reasonable price. Softerra LDAP Administrator is a must-have for anyone involved in LDAP directory management.
...it's excellent for visualizing LDAP data on everything from a small Domino LDAP server to a complex, multi-domain Microsoft Active Directory...
LDAP Administrator ... is a great tool for bringing together different LDAP-based services and applications...We recommend that sites managing multiple LDAP stores (as most sites do), particularly those working toward making these multiple stores work together, give LDAP Administrator a closer look.

Related Products

Softerra LDAP Browser is a freeware product for browsing LDAP directories. It helps to view and analyze LDAP directory data, as well as to get specific information about directory infrastructure and objects by means of directory reports.

Softerra Adaxes, Active Directory management solution. It helps you manage, administrate, and monitor Active Directory, automate and secure user provisioning and de-provisioning in AD environments.

Server profiles can be created either under groups or directly under the root element of LDAP Administrator. If you are browsing directory structure of an LDAP server and launch the Profile Creation Wizard, then the new server profile will be created under the nearest group. If you want to create a server profile under a specific group you can set context to it before launching Profile Creation Wizard.

To create a new profile:

  1. Select an element under which you want to create a profile.

  2. On the File menu, point to New, and then click New Profile.

    You can also launch the Profile Creation Wizard with using context menu for a desired parent element.

The Profile Creation Wizard requires the following steps to be completed:

Step 1: Server Profile Name

On this step you need to enter a desired name of the new profile. You can accept the default name New Profile and rename the profile later. The name will help you make further use of the profile, distinguishing it from the others.

Usually the profile is created for immediate use and the Connect to the server right after the profile has been created box is checked. If the server is remote or you would like to create several profiles before working with them or due to other reasons you wouldn't like to connect to the server right after the profile has been created then please unchek this box.

Step 2: Profile General Information

General information about the profile comprises the following:

Host Information. Profile host, port and base DN should be specified. Host and port describe the LDAP server to connect to. Usually LDAP servers run on port 389 for regular connections and on port 636 for secure connections. You can either specify a server host/port manually, or perform a DNS lookup of LDAP servers registered in a DNS domain. Base DN is the starting point of your browsing the directory tree. Fetch Base DNs command fetches all the published naming contexts, but you can enter a deeper base DN. You can leave the base DN blank to start browsing from the RootDSE.

Note: When RootDSE is specified as the profile's base DN, then all published naming contexts are displayed as profile sub-entries. If you would like not to display naming contexts as profile sub-entries automatically, then you should uncheck the Display naming contexts as profile sub-entries box in the profile's Advanced properties on the Miscellaneous page.
Softerra ldap browser size limit exceeded

Security Options. Data encryption during communications with the server is enabled when the Use secure connection (SSL) box is checked. This box automatically toggles server port between regular (port 389) and secure (port 636) values. With the Read-only profile option enabled, all sorts of directory data modification will be unavailable. You can use the read-only option for the purpose of protecting your directory data from unwanted changes.

LDAP URL. LDAP URL is automatically updated as you configure settings of the profile. However having an LDAP URL gives you a possibility to fill in the single field and the Profile Creation Wizard will extract all the settings from it.

Step 3: User Authentication Information

Credentials provide information for authenticating a user when connected to the server. Available are the following authentication options:

Anonymous Bind. Determines an anonymous authentication type for the given server.

Currently Logged On User. Prompts a connection to use credentials of the currently logged on Windows user. This option is Active Directory-specific and works properly only when connecting to an Active Directory or ADAM server.

Other Credentials. Used when it is required to specify custom credentials for a connection. The Mechanism option sets the way in which the client and the server will negotiate with each other when establishing the connection and checking the provided credentials. Currently LDAP Administrator supports the following authentication mechanisms:

MechanismDescription
Simple Standard LDAP authentication mechanism. The principal and the password are transmitted in plain text, which makes this mechanism potentially vulnerable to cyber attacks. This mechanism is not recommended for usage in an unsafe environment like the Internet. However, using this mechanism when you connect to an LDAP server over SSL or a protected VPN channel is quite secure.
Digest MD5 This is a SASL authentication mechanism that provides a much higher protection from cyber attacks. If your server supports this mechanism, it's recommended you always prefer Digest MD5 over Simple.
GSS Negotiate A SASL mechanism that allows both client and server to negotiate for and then use the best authentication mechanism they mutually support. It’s recommended you prefer GSS Negotiate overSimple or Digest MD5 whenever possible.

Basically, a Principal is a general term for a user name, while the actual form of the principal string is mechanism-specific. The following table lists the most widespread forms of 'principal':

Principal FormDescriptionExample
LDAP DN The principal string is an LDAP distinguished name string as described in RFC4514*. cn=JohnDoe,ou=People,dc=Example,dc=com
Kerberos principal The principal string is a Kerberos principal name. johndoe@example.com
NTLM name The principal is the a Windows NTLM authentication string. EXAMPLEjohndoe

Principal and Password are used to authenticate the client to the server. The unchecked Save password box will result in LDAP Administrator asking you for the password before granting access to the server. You won't have to bother entering your password more than once in any case during a session, meaning that LDAP Administrator will only discard it after you exit the application. But if you check the Save password box for a selected profile, you'll no longer need to enter the password at all unless the box is unchecked.

Softerra Ldap Browser Linux

You can use the Select credentials command to choose from among the existing credentials for the host and port configuration.

The Try matching the credentials required for referral rebind box indicates whether the credentials will be automatically determined by the Credentials Manager when you follow LDAP referrals. If the Credentials Manager is unable to automatically determine the appropriate credentials for the LDAP referral, or if this box is unchecked, then the application will ask for credentials right after you attempt to follow a referral.

Softerra Ldap Browser Mac

Step 4: LDAP Settings

Softerra Ldap Browser Mac


At this step, you can either accept the default application settings by pressing Finish, or adjust the selected settings according to your requirements.

Filter. Filter is used for filtering directory content under the profile. By default, it is propagated down the directory structure. To specify a filter, you can use LDAP Filter Builder, which is launched by clicking the button inside the edit box.

Timeout. The Timeout parameter specifies the maximum time in seconds that LDAP Administrator will wait for search or browse operations to complete on an LDAP connection. A 0 value means no timeout, i.e. LDAP Administrator will wait for as long as it takes for an operation to complete.

Sizelimit. Sizelimit is a server-side setting that specifies the maximum number of entries to be returned in a search result or while browsing on an LDAP connection. A 0 value means no sizelimit, i.e. the server will return full query results. However, some servers may have internal sizelimits that can't be controlled by this setting.

Referral handling. Configures referral handling modes for viewing or following LDAP referrals.

Dereference aliases. Configures whether aliases are dereferenced when locating the base object of the search and in the subordinates of the base object being searched.

Advanced. Configures advanced options of the server profile.

See Also