Check out the new USENIX Web site. next up previous
Next: Sendmail Enhancements Using LDAP Up: Title Page Previous: Performance Observations

Simple LDAP Query Via Short JavaScript Based Web Page

A simple Web page instructs the user to input part of an IP address or hostname, which is entered into an HTML text input field. Upon clicking on the Search button, the embedded JavaScript function creates an LDAP URL[16], in simplified and sample forms:

ldap://<LDAP server hostname>/ <LDAP search base> <LDAP search string>

ldap://<LDAP server>/o=siuc,c=us??dc=<hostname>

The JavaScript function then changes the browser's current document URL, or ``location field,'' to the composed LDAP URL which causes the built-in LDAP client to perform the LDAP search. Note that this requires the equivalent of Netscape V4 or higher.

The browser displays the LDAP results in a raw format as seen in Figure 3. The entire record returned by the LDAP server is displayed except for those fields that are restricted by LDAP access controls.

Figure 3: Sample Raw Web-based Data Display
\begin{figure}
{\small\begin{verbatim}Object Class top
domain
localadmin
d...
...31Z
modifytimestamp19990519180831Z\end{verbatim}}
\vspace{-0.20in}
\end{figure}

Since there were only two possible choices for the LDAP search string, or target, a simple if ... else statement is all that is necessary to create the dynamic portion of the LDAP URL. In the end, a fixed URL prefix was concatenated with the determined URL search target suffix obtained from the input field, for example (``+'' is JavaScript string concatenation):

URLsuffix = "dc=" + form.SearchData.value;

document.location = sSearchURL + URLsuffix;

which is then inserted into the browser's ``location'' field, causing the built-in LDAP client to perform the LDAP lookup.

The returned data is neither formatted nor limited, as it was in the case of the QLANADMIN Perl script, other than being limited by access controls on the LDAP server (see Section 10 for more information). This may allow more data to be displayed than needed or anticipated and may not be as visually appealing as desired.

Other LDAP search tools such as Web500GW, Wax/Max500, or Netscape Directory Server V3/V4 gateway (similar to Web500GW) might format the returned LDAP data differently. In some cases, they don't - it has the same appearance as the raw format. They also may provide special functions for some of the attributes, such as providing an automated e-mail function upon clicking on the e-mail address. Any URLs in the returned LDAP data may also be turned into active URLs (i.e., clicking on them goes to the specified Web page).

This example Web page facility demonstrates a uniqueness about LDAP-enabled Web browsers in that it does not depend nor rely upon a Web server for any assistance. There is no CGI script that gets executed to receive the search data, perform the LDAP search, create a new Web page for the data returned, and send the new Web page back to the client for display. The LDAP-enabled Web browser is able to display the LDAP search result all on its own. For a very simple search tool that is easy to develop and use, the raw data format may not be pretty, but may suffice - at least for testing.

Kartik[18] has a nice example of an extensive JavaScript/HTML tool for administrative LDAP searches and database updates, also without the need for a Web server.


next up previous
Next: Sendmail Enhancements Using LDAP Up: Title Page Previous: Performance Observations
Jim Dutton
2000-04-24