Softerra Ldap Browser

In this example, we use the names ldap-client.crt and ldap-client.key. In the Softerra LDAP Browser, install the key pair. Go to Tools Certificate Manager. Click Import Click Next. Click Browse In the File type drop-down list in the lower-right corner of the dialog. Softerra LDAP Browser 4.5: 15.2 MB: Freeware: Softerra LDAP Browser is the industry-leading software for browsing and analyzing LDAP directories. It provides a wide variety of features for handy viewing of directory contents, getting information about directory infrastructure and objects. This is a silent installer and uninstaller for Softerra LDAP Browser. More infos from here. Safari Browser For Windows free download - Avant Browser, Softerra LDAP Browser, Opera Mini - fast web browser, and many more programs.

FAQ is the first place to look at if you want to find out more about what using Softerra LDAP Administrator is really like. Below you'll find answers to most frequently asked technical questions usually associated with our product.

No, it doesn't. If you want to use version 2008, please upgrade.
Softerra Ldap Browser
For basic HTML View customization, you have to be familiar with HTML and XML. Advanced HTML View customization may require XSLT and JavaScript experience. For further details, please take a look at the HtmlView folder located in 'C:Program FilesCommon FilesSofterra SharedLDAP Administrator 3' for LDAP Administrator 3.x and C:Program FilesSofterraLDAP Administrator 4 for LDAP Administrator 2008.

By default, LDAP Administrator uses the local application data folder to store its configuration files, like metabase and schema cache. Such behavior can cause problems for those using roaming profiles in their network.

  • Open registry editor (Start->Run->regedit.exe)
  • Navigate to or create registry key
    • HKEY_LOCAL_MACHINESOFTWARESofterraLDAP Administrator 3Settings - for version 3.x
    • HKEY_LOCAL_MACHINESOFTWARESofterraLDAP Administrator 4 - for version 2008.x/2009.x (aka 4.x)
  • Create a non-zero DWORD value here called EnableApplicationDataRoaming

You can use the HKEY_CURRENT_USER registry hive as well if you want to change the location of application data files only for specific users. In case both registry entries are used, the value from HKEY_LOCAL_MACHINE has a priority over the value from HKEY_CURRENT_USER.

The method described above applies only to Softerra LDAP Administrator version 3.4 (build 1700) and higher.

Where does the application store my profiles?

How can I copy or back up my profiles?

Do I need to back up my profiles when reinstalling LDAP Administrator?

Softerra LDAP Administrator 2.X and Softerra LDAP Browser 2.X store profiles in the registry under the [1] and [2] registry keys respectively. Softerra LDAP Administrator 3.X keeps them in a file called metabase.stg, which is located in the application’s configuration folder [3].

You can copy or back up your version 2.X profiles using the Windows Registry Editor tool. To copy version 3.X profiles, just copy the metabase.stg file from [3]. Note: this file is not human readable, so it can't be read or manually edited. To copy your profiles from one workstation to another, just copy the existing metabase.stg file into the appropriate folder on the target workstation.

You don't need to back up/restore your profiles when reinstalling Softerra LDAP Administrator because they do not get removed during the uninstallation.

  1. HKEY_CURRENT_USERSoftwareSofterraLDAP Administrator
  2. HKEY_CURRENT_USERSoftwareSofterraLDAP Browser
  3. C:Documents and Settings%LOGINGUSERNAME%Local SettingsApplication DataSofterraLDAP Administrator 3

At some moment LDAP Browser experiences a considerable slowdown, so you have to wait 2-3 seconds before it adds a new node into the left-hand side tree view panel.

Incorrect DNS setting or complete absence of DNS.

Change your DNS settings so that the client and server hosts have both direct and reverse resolving via DNS enabled. Another possible solution could be adding required records to the hosts (lmhosts) file.

An error occurs while attempting to install LDAP Browser/LDAP Administrator and the installation process is abandoned.

The reason for the above is usually one of the following:

  • The installation package has been corrupted/damaged during download.
  • You are not duly authorized to install the applications to your system.
  • Your hard drive has run out of free space or your disk quota is exceeded.
  • You don't have permissions to write to the application destination folder.
  • To make sure the installation package is not damaged, you need to check its MD5 hash sum. To calculate MD5/SHA1 hash, you can use one of the free hash calculators available. After getting the package's MD5/SHA1 hash sum, you then need to compare it to the original one provided at the download page. If MD5/SHA1 hash differs in any way, this means that the package is corrupted and has to be downloaded anew. Please note that the damaged package might have been cached by your proxy servers chain or by your web browser local cache, so it's strongly recommended you disable your proxy and clear the browser cache before a repeat file download.
  • Make sure you are duly authorized to install applications and to write to the filesystem.
  • Check if your hard drive has enough free disk space. Perform a temporary directory cleaup, if necessary. It's recommended you have at least 20 Mb free disk space of the destination drive to ensure successful installation.

This article concerns LDAP Administrator versions 2.x or LDAP Browser versions 2.x. Having an LDAP server profile created with the SSL configuration enabled, you still can't connect to the server. As a result, '[error 81] Can't contact LDAP server' is displayed.

This kind of behaviour occurs due to the absence of necessary SSL certificates in the certificate database, or the absence of the certificate database itself. This certificate database is required for an LDAP client library to establish the SSL connection.

You should create and populate a certificate database containing the necessary certificates manually.To do this, please follow the procedure below:

Softerra Ldap Browser Filter

  • Download and install the Netscape web browser version 4.x. Note that it's vital to use version 4.x - later version like 5+ or Firefox use newer certificate store format which is incompatible with the version used by LDAP Browser 2.x.
  • Run the Netscape browser.
  • Open URL: https://yourserver:sslport/, where:
    • yourserver - Your LDAP server address, provided it is an IP or host name. For example: 192.168.234.33 or ldap.mycompany.com.
    • sslport - A TCPIP port number used by your server to accept SSL connections. Usually his port number is 636.
  • You'll see the Netscape Certificate Name Check window. Follow the instructions provided there and accept the server certificate for this and future sessions.
  • Close the Netscape browser
  • Copy the key3.db and cert7.db files from the Netscape user profile directory to the LDAP Administrator or LDAP Browser root directory.
  • Restart LDAP Administrator or LDAP Browser.
  • Open the server profile.
  • Change Port number at the General tab. Press Apply.
  • Check the Try to use SSL box at the LDAP Settings tab. Press Apply.
  • Press OK.

I have found a problem/a bug. Where can I report it to?
I'd like to make a suggestion. Who can I send it to?
I've come across a problem and can't find a solution. What do I do?

If you have found a problem or a bug, please send us a report. Try to include as much hardware (CPU, RAM, Motherboard, Video) and software (OS version, Service pack, Internet Explorer version, MS Office version, LDAP Administrator version) information of yours as possible along with the description/instructions to help us reproduce the problem.

To send a bug report or a suggestion, you can use the built-in functionality of LDAP Administrator or LDAP Browser. Open the Help menu and choose the Bug report or the Suggestion menu item featured therein.If you come across a problem, first please look through the FAQ section hereof for the solution, or consult help supplied with the application. In case you are still unable to cope with the problem, please do not hesitate to email us. We'll do our best to help.

LDAP Administrator 2008.x or 3.x

When you connect to the Active Directory server using LDAP Administrator 2008 or 3.x expanding a first level node cases Operations Error with message The operation being requested was not performed because the user has not been authenticated or Invalid Credentials with The logon attempt failed.

Softerra Ldap Browser
LDAP Browser 2.x

When you connect to the Active Directory server using LDAP Browser 2.x, in the Output window or the messages.log file you'll see the following lines

... with no entries available for browsing or search except the RootDSE entry. The absence of schema can create problems while trying to browse directories or to view binary attributes in particular.

You may experience such a behaviour when you connect to the Active Directory server anonymously or use invalid credentials. Windows logon name notion if often confused with the notion of LDAP DN. The former one could not be used to Active Directory authentication.

Unless specially configured, it is imperative you provide valid credentials for connecting to the Active Directory server.

To edit your credentials, open Server Profile Properties. Choose the Credentials tab and enter the proper user name and password into the corresponding input boxes. Generally, the Active Directory credentials have the following format: CN=Windows_User_Name,CN=Users,DC=company_name,DC=domain. For example: CN=John Smith,CN=Users,DC=example,DC=com. It's also possible to use the Kerberos principal name. For example: johns@example.com.

If you use LDAP Administrator 3.3 or later you may opt for using Currently logged on user checkbox and do not type any credentials information at all.

What is the difference between LDAP Administrator and LDAP Browser?
Which product should I use?
Which one better meets my needs?


LDAP Administrator is a powerful LDAP directory client which allows browsing, searching, creating, modifying and deleting LDAP directory content. LDAP Administrator is a commercial product, but its limited trial version is available for free for evaluation purposes. It is an ideal tool for web and software developers and mail/system administrators. It helps users manage and navigate a wide variety of LDAP servers easily and quickly.

LDAP Browser is a lightweight version of LDAP Administrator - it only allows browsing and searching an LDAP directory content without the ability of its modification. Unlike LDAP Administrator, LDAP Browser is absolutely free including if used commercially. LDAP Browser is a great tool for students and people wishing to get to know the LDAP technology but unsure they can handle all the complexity of LDAP command line tools.

When a container consists of thousands of entries, its opening takes too much time before all the subentries are displayed.

Generally speaking, getting a thousand entries or more is not a fast operation because of the amount of data to be transferred. Besides, LDAP Administrator and LDAP Browser have certain tricks to ensure a better appearance in process of the smaller and mid-sized directory browsing. But if you surf through heavily stuffed LDAP directories, such tricks can slow the overall application performance down considerably.

To improve on the performance of LDAP Administrator/LDAP Browser, open the Tools menu and choose the Options menu item. In the dialog displayed click the Interface tab. Uncheck the Fetch subentries upon item selection and the Force to display the entry fetched last checkboxes featured thereon.

I've got the 'Ordinal 6567 could not be located in MFC42U.DLL' error. What went wrong?

While trying to start LDAP Administrator or LDAP Browser, the Ordinal 6567 could not be located in MFC42U.DLL error was displayed.

The problem occurred due to you having an invalid version of MFC42U.DLL installed. What LDAP Administrator requires is the MFC42U.DLL version supplied with Visual C++ v.6.0. So most probably you've got an older version installed on your system, perhaps the one supplied with Visual C++ v.5 or v.4.2.

We suggest you obtain a valid version of MFC42U.DLL. For example, you can get your copy from a PC where the application is working fine or from a Visual C++ 6.0 CD-ROM.

After one connects to an OpenLDAP server and attempts to add, modify or delete an attribute, Error 18 (incorrect matching) is displayed.

An EQUALITY matching rule specifier missing in some attribute type definitions of the OpenLDAP schema. EQUALITY matchingrule is used by the server to perform value comparison and thus is expressly required for the mentioned operations. The absence of EQUALITY matchingrule makes it impossible to compare attribute values, which causes operation failure.

Open the attribute schema definition and add an EQUALITY matching rule specifier which best fits a particular attribute type.

While browsing or searching through a directory, you are unable to get all of the subentries or search results and the '[error 4] sizelimit exceeded' message is displayed. Every time you are getting just a limited number of entries (e.g. 1000) returned.

Such a behavior may occur due to either of the two possible reasons, or both:

  • Profile settings. An LDAP Administrator profile you have created for the server has settings which are responsible for the request timeout and the search result size limit. Those restrictions are sent to the server with each request and if the size limit is less than the number of subentries in a certain entry, the application won't be able to get all of them.
  • LDAP Server settings. An LDAP server can be configured to return a certain number of entries that is not greater than the one defined. This can be done by modifying the server configuration files or the source code prior to compilation. In most cases such a configuration is made in order to optimize server load and prevent hacker attacks.
  • VLV or Simple Paging. Starting from version 3, LDAP Administrator features the Simple Paging and Virtual List View support. Their respective use is only limited to whether your server supports this kind of operations. To learn more on the above, please consult the application Help: Help->LDAP Administrator Help->Browsing Directory->Managing Large Amounts of Entries.
  • Profile settings. To edit a server property, select a server item in the left-hand side tree view panel and press the Properties button on the toolbar or press Alt-Enter. Then select the 'LDAP Settings' tab, where the Entry count limit input will be displayed. Enter a new value better meeting your requirements. A Zero for this parameter means that the server is asked to return all the entries found in process of search.
  • LDAP Server settings. There isn't a universal way of solving this problem, for it depends on a number of reasons: what kind of server you are working with, whom the server belongs to, whether or not you enjoy administrator rights and physical access to the server. If your server is absent in the list of solutions recommended for well-known servers, we suggest you ask your system administrator or consult the server documentation.

    Workaround for well-known servers
    • Microsoft Active Directory. By default, Microsoft Active Directory which is a part of Windows 2000 Server, allows fetching only 1000 entries per one search request. In terms of this system such a restriction is called MaxPageSize. This parameter can be changed using the ntdsutil.exe file which is a command line tool supplied with Windows 2000 Server. Another way to change this parameter is to edit it directly inside the CN=Default Query Policy, CN=Query-Policies, CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=YOUR_COMPANY, DC=YOUR_COMPANY_TLD entry by using LDAP Administrator. In both cases you must have administrator rights.
    • OpenLDAP. The time limit for the OpenLDAP server can be changed in the config file (which can usually be found at /etc/openldap/slapd.conf). The parameter is called sizelimit. For more information please consult the slapd.conf Manual page or the OpenLDAP documentation.

Server profiles can be created either under groups or directly under the root element of LDAP Administrator. If you are browsing directory structure of an LDAP server and launch the Profile Creation Wizard, then the new server profile will be created under the nearest group. If you want to create a server profile under a specific group you can set context to it before launching Profile Creation Wizard.

Softerra Ldap Browser Download

To create a new profile:

  1. Select an element under which you want to create a profile.

  2. On the File menu, point to New, and then click New Profile.

    You can also launch the Profile Creation Wizard with using context menu for a desired parent element.

The Profile Creation Wizard requires the following steps to be completed:

Step 1: Server Profile Name

On this step you need to enter a desired name of the new profile. You can accept the default name New Profile and rename the profile later. The name will help you make further use of the profile, distinguishing it from the others.

Usually the profile is created for immediate use and the Connect to the server right after the profile has been created box is checked. If the server is remote or you would like to create several profiles before working with them or due to other reasons you wouldn't like to connect to the server right after the profile has been created then please unchek this box.

Step 2: Profile General Information

General information about the profile comprises the following:

Host Information. Profile host, port and base DN should be specified. Host and port describe the LDAP server to connect to. Usually LDAP servers run on port 389 for regular connections and on port 636 for secure connections. You can either specify a server host/port manually, or perform a DNS lookup of LDAP servers registered in a DNS domain. Base DN is the starting point of your browsing the directory tree. Fetch Base DNs command fetches all the published naming contexts, but you can enter a deeper base DN. You can leave the base DN blank to start browsing from the RootDSE.

Note: When RootDSE is specified as the profile's base DN, then all published naming contexts are displayed as profile sub-entries. If you would like not to display naming contexts as profile sub-entries automatically, then you should uncheck the Display naming contexts as profile sub-entries box in the profile's Advanced properties on the Miscellaneous page.

Security Options. Data encryption during communications with the server is enabled when the Use secure connection (SSL) box is checked. This box automatically toggles server port between regular (port 389) and secure (port 636) values. With the Read-only profile option enabled, all sorts of directory data modification will be unavailable. You can use the read-only option for the purpose of protecting your directory data from unwanted changes.

LDAP URL. LDAP URL is automatically updated as you configure settings of the profile. However having an LDAP URL gives you a possibility to fill in the single field and the Profile Creation Wizard will extract all the settings from it.

Step 3: User Authentication Information

Credentials provide information for authenticating a user when connected to the server. Available are the following authentication options:

Anonymous Bind. Determines an anonymous authentication type for the given server.

Currently Logged On User. Prompts a connection to use credentials of the currently logged on Windows user. This option is Active Directory-specific and works properly only when connecting to an Active Directory or ADAM server.

Other Credentials. Used when it is required to specify custom credentials for a connection. The Mechanism option sets the way in which the client and the server will negotiate with each other when establishing the connection and checking the provided credentials. Currently LDAP Administrator supports the following authentication mechanisms:

MechanismDescription
Simple Standard LDAP authentication mechanism. The principal and the password are transmitted in plain text, which makes this mechanism potentially vulnerable to cyber attacks. This mechanism is not recommended for usage in an unsafe environment like the Internet. However, using this mechanism when you connect to an LDAP server over SSL or a protected VPN channel is quite secure.
Digest MD5 This is a SASL authentication mechanism that provides a much higher protection from cyber attacks. If your server supports this mechanism, it's recommended you always prefer Digest MD5 over Simple.
GSS Negotiate A SASL mechanism that allows both client and server to negotiate for and then use the best authentication mechanism they mutually support. It’s recommended you prefer GSS Negotiate overSimple or Digest MD5 whenever possible.

Basically, a Principal is a general term for a user name, while the actual form of the principal string is mechanism-specific. The following table lists the most widespread forms of 'principal':

Principal FormDescriptionExample
LDAP DN The principal string is an LDAP distinguished name string as described in RFC4514*. cn=JohnDoe,ou=People,dc=Example,dc=com
Kerberos principal The principal string is a Kerberos principal name. johndoe@example.com
NTLM name The principal is the a Windows NTLM authentication string. EXAMPLEjohndoe

Principal and Password are used to authenticate the client to the server. The unchecked Save password box will result in LDAP Administrator asking you for the password before granting access to the server. You won't have to bother entering your password more than once in any case during a session, meaning that LDAP Administrator will only discard it after you exit the application. But if you check the Save password box for a selected profile, you'll no longer need to enter the password at all unless the box is unchecked.

You can use the Select credentials command to choose from among the existing credentials for the host and port configuration.

The Try matching the credentials required for referral rebind box indicates whether the credentials will be automatically determined by the Credentials Manager when you follow LDAP referrals. If the Credentials Manager is unable to automatically determine the appropriate credentials for the LDAP referral, or if this box is unchecked, then the application will ask for credentials right after you attempt to follow a referral.

Step 4: LDAP Settings

At this step, you can either accept the default application settings by pressing Finish, or adjust the selected settings according to your requirements.

Filter. Filter is used for filtering directory content under the profile. By default, it is propagated down the directory structure. To specify a filter, you can use LDAP Filter Builder, which is launched by clicking the button inside the edit box.

Timeout. The Timeout parameter specifies the maximum time in seconds that LDAP Administrator will wait for search or browse operations to complete on an LDAP connection. A 0 value means no timeout, i.e. LDAP Administrator will wait for as long as it takes for an operation to complete.

Sizelimit. Sizelimit is a server-side setting that specifies the maximum number of entries to be returned in a search result or while browsing on an LDAP connection. A 0 value means no sizelimit, i.e. the server will return full query results. However, some servers may have internal sizelimits that can't be controlled by this setting.

Referral handling. Configures referral handling modes for viewing or following LDAP referrals.

Dereference aliases. Configures whether aliases are dereferenced when locating the base object of the search and in the subordinates of the base object being searched.

Advanced. Configures advanced options of the server profile.

Download Softerra Ldap Browser 4.5

See Also