The following FAQs provide information about aspects of LDAPviewer, potential problems or operational issues on certain LDAP servers and OS platforms:
LDAPviewer, by default for any LDAPv3 server, will try to read the schema from a connected LDAP server to allow it to verify certain operations and to provide the user with information about the LDAP objects supported by the connected LDAP server. LDAPviewer performs schema discovery when a new connection is initiated by reading the rootDSE for the LDAP attribute subschemaSubentry and then using the returned value (typically cn=Subschema) it reads the LDAP server's operational schema for the collections ldapSyntaxes, attributeTypes, objectClasses and matchingRules. To minimize data volumes each collection is read separately (but the attributeTypes collection especially can easily be in the range 30 to 60K on even a modest LDAP server).
Most LDAP servers allow anonymous read access to both the rootDSE and the schema, however, some LDAP servers restrict access and require credentials. If this is the case then, in the Connection Profile, check the Show rootDSE box and fill in the required credentials in the rootDSE Security fields.
If access to rootDSE and/or the subschemaSubentry is impossible (for example in LDAPv2/DSML servers) then placing the schema file(s) used by the target DIT in the schema directory will provide LDAPviewer with the same information. (LDAPviewer is distributed with most common schema files.) In addition, LDAP operational objects for many LDAP servers are included in the objects.schemax file located in the schemas subdirectory and distributed with LDAPviewer.
The amount of data that can be read during schema discovery can be substantial - notably the attributeTypes collection may be over 60K. Some servers limit the amount of data that is provided in the socket buffers such that schema discovery cannot be completed. Using the schema files (as described above) will overcome this problem. Alternatively, if access to the LDAP server is available the following commands (BSD/Linux) can used to increase the socket buffer size:
# this command displays the outgoing (from server) # tcp buffer size sysctl net.inet.tcp.sendspace # Setting the value to 64K as shown below will # usually allow full schema discovery sysctl net.inet.tcp.sendspace=65535
When LDAPviewer makes a connection to an LDAP server it attempts to discover as much information as possible about the LDAP server before reading the user's requested DIT. Specifically:
It reads what is known as the LDAP server's rootDSE entry to obtain information about the location of the operation schema as well as the LDAP vendor ID and version number where appropriate. This, typically, is a very fast operation.
It then reads the LDAP server's operational schema (specifically the collections ldapSyntaxes, attributeTypes, objectClasses and matchingRules). In total somwhere between 60 and 100K+ of data is read from even a modestly sized LDAP server. Depending on the LDAP server's performance, and especially the speed and traffic volumes of the communication connection, this process can take around 10 seconds or even longer on slow connections.
© LV Project 2016. Creative Commons Attribution 4.0 International License.