JXplorer handles all the basic ldap operations required to browse and modify an ldap directory. In addition it is highly configurable - the user can customise it in a number of ways, ranging from simple configuration of html viewing templates through to creating plug in java code.
The following describes each feature in more detail:
A graphical tree view allows users to easily delete and copy entries. A table view (or an html form view, if provided) allows the user to edit attributes of an entry, including multi-values and binary attributes. JXplorer reads schema from ldap v3 directories and uses that schema to create a template for creation of new entries from scratch.
Many directories do not support the renaming of non-leaf entries, or the deletion of entire trees of entries. JXplorer supports both by reading and re-writing the tree behind the scenes.
Constructing raw ldap search filters is beyond most users, so in addition to raw entry JXplorer provides a mathematically complete, yet easy to use, method of graphically building these search filters.
Full support for SSL and SASL authentication is provided via a custom java SSL socket factory. Graphical tools are provided to browse the certificate keystores and view certificates.
Users may provide their own html template pages to display their data, using a simple extension to html (the addition of an 'attribute' tag). In addition, html forms can be provided to modify entries using the same technique. The same html page can combine both editable and read only data.
If html templates are not available, or when viewing arbitrary data, a generic table view of entries is provided.
A wide range of binary data (audio files, images, certificates etc.) are handled by both the table and html entry editors, and more can be added by the user through writing code plugins. On windows, many data types can be handed off to the default handlers, and this works to some extent on unix variants as well.
Users can write their own entry handling 'plug-ins' to work along side, or take the place of, the html and table entry editors.
These plugins are triggered on the particular object class (or parent object class) of the entry being viewed. Using this technique entire applications for directory administration and handling can be (and have been!) written.
A graphical interface to the java keystore has been written, and has been tested with a number of keystore formats. This allows users less familiar with certificate based security to work with certificates in a manner similar to that supported in modern web browsers.
The keystore is used to set up SSL and SASL authentication. Developers can also use the GUI keystore code stand alone in their own applications.
The default Sun security provider / key stores are currently somewhat limited, especially with relation to private key handling (their pkcs#12 and pkcs#8 support, as of java 1.4, is very fragile). To support these formats more thoroughly, or to support other types of keystore (raw PEM files, pkcs#11 smartcards etc.) other security providers may be specified. The graphical key store interface will automatically pick up and handle these new key store types as they are made available.
JXplorer comes with java-style translation files (a list of keywords and phrases). The basic java i18n file readers have been extended to allow these files to read UTF-8 and Unicode.
JXplorer has been translated into Japanese in the past, and tested with Chinese, Korean, French and German. (Unfortunately the Japanese translation files are currently incomplete due to further development work adding new words and phrases, but creating these translation files should be straight forward for a native speaker - please contact us if you do this in Japanese or any other language, we would love to add them to the release!)
JXplorer also correctly deals with normal ldap unicode handling. Combined with java's support for locale-specific language encodings, this means it works correctly 'out of the box' on non-english platforms as far as data entry and display are concerned (although actual program text will still appear in English until a translation file is produced).
JXplorer can both read and write LDIF (Ldap Data Interchange Format: RFC 2849) files, allowing data to be dumped from and loaded into directories. In addition it can operate to a limited extent on these files off-line (although the lack of schema information precludes some operations).
It is a simple matter to set up a different look and feel, different icons, different html templates etc. All that has to stay the same is the open source licence!
Drag and Drop browsing is enabled in the tree - although at the moment it's sometimes a little frustrating, and you may want to turn it off... :-(
There are a number of features in ldap that browsers have historically struggled with:
Multi valued rdns:
Ldap allows names to
have multiple values: eg 'cn=fred+sn=blogs+id=11873'.
Many browsers are unable to display these entries.
binary attributes:
Entries with binary
attribute values are difficult to deal with. JXplorer
provides a number of default handlers for common
binary data types (gif, jpg, passwords, certificates,
a number of audio formats) and allows loading/saving
of binary data from and to file in all cases.
Certificates:
There is a default certificate
viewer functionally similar to the default windows
certificate viewer built into JXplorer.
Unicode characters:
Ldap specifies the use
of UTF-8 to represent unicode in distinguished names.
Unfortunately there are a number of equivalent methods
of doing this, and many browsers handle none, or only one.
JXplorer has been widely tested on a number of Asian
languages (Japanese, Korean, Chinese) as well as
many European languages.
Special Characters in Names:
A number of
characters (e.g. '+' ',' '=' etc.) are handled
specially in ldap names. JXplorer seamlessly translates
them between the user interface and the back end.
Version 3 JX uses the Sun DSML/jndi provider to allow access to DSML enabled directories. Currently it only allows anonymous binds.
Slapd compatibility has been improved in version 3, with support for the 'SUP' schema keyword added, and experimental support for forcing ';binary' to be added to binary attributes using the 'useVerboseBinary' config variable.