Designer Add-Ons - LDAP Tools

I have been writing about the various plugins for Designer that people have written, in the hopes of getting word out to people who may not know about them.

I mentioned some written by Stefaan Van Cauwenberge and he has put a bunch of his plugins and tools available on his website at:

I have one more add on to talk about that is interesting. I found this a few years ago, and have not seen any updates or news on it since 2007, but as far as I can tell it continues to work, even in Designer 4.5.2.

Check out the LDAP Tools plugin available at:

(If you go to Click on the menu item IDM Designer plugin.)

Like the other plugins discussed in this series, it consists of a JAR file that you copy into the Designer plugins directory. Restart Designer and now you have a new menu called IDM Plugins and it has three entries:

     LDAP Query
     RegEx Checker
     String En/Decoder

This tool was clearly written by someone who used Designer and thought about the things he went out to external websites for and wrote them up so he could use them native in Designer. I like the way he thinks.

First up is LDAP Query, which makes sense as you would expect, do LDAP Queries out of Designer. The second tool I run after Designer is almost always iManager or an LDAP browser so I can look at data in the systems I am working with. Having it in the box in Designer can be a mixed blessing of very useful but also frustrating.

Like all Designer plugins, it does mean that if Designer is blocking, say while comparing, you cannot use these tools so there is a bit of a downside to this eggs in one basket approach, but regardless it is pretty useful for those times you need it.


First up, click on the Settings button to see the configuration window, and you fill in the usual stuff. The IP Address/DNS name, the bind DN, SSL or not, the port to use, and a password. Once you have it entered, you can save the configuration so you can re-load it when you revisit the tool later. Basically all the usual things you expect to see when in an LDAP Browser. Nothing special here (Other than the error codes seem to be in German, oh well). I am sure the passwords are stored probably clear text in a configuration file in the Designer file space so keep that in mind.

Once you have entered and loaded an LDAP profile, you can click on the Bind/Connect button. Enter a search DN, enter a filter, and away you go. Like modern LDAP browsers you will see a tree you can browse of the tree of objects. This is not a perfect tool, in fact while writing this I forgot to enable the VPN so the host I was connecting too was unreachable and it did not time out cleanly at all. I guess you get what you pay for.

Honestly due to the blocking nature of Designer, I do not actually use the LDAP aspect of this tool very much, but it is still nice to have available for a quick check of something. In Designer 4.5 they removed the eDirectory Browser view, which I miss. That was basically an instance of ConsoleOne that ran in Designer (Its all Java and if you have NCP available via JClient, you should be good to go) and allowed you to browse the trees you had configured as Identity Vaults. There were many of the common plugins there, but just disabled in a config file. However you probably could not easily install more, and honestly that was not the point. But it was nice having the ability to go browse the tree and see the Other tab from ConsoleOne in Designer when you selected an object. This plugin goes a long way to replacing that aspect of Designer that got removed.

I found it interesting that they did not call this out in the readme for Designer that I noticed. (If I missed it, please comment and let me know where).

RegEx Checker

This item turns out to be very useful when you are working with regular expressions. It is great if you can do RegEx entirely in your head with no mistakes. If so, skip this and move on. You have my admiration. However for the rest of us, I am sure like most you can get somewhat close on a RegEx and then need to run it against a bunch of data to be sure it works as you expected. Personally I used to drop out of Designer and use a tool I bought called RegexBuddy, which is really quite powerful and I like quite a bit. So much so I reviewed it for Cool Solutions a few years ago:

Now RegexBuddy is a much better tool, since it allows you to insert Regex 'tokens' from a menu which is great if you know what you want, what it is called, but not the actual Regex for it. It also has an explain mode, where you can paste a complex RegEx and it will explain what each piece of it does. This does not always explain it meaningfully but at least functionally you can start to understand what is going on.

However, that is not the main use case for the tool, just a neat side feature. Most of the time, you just need to validate that some RegEx properly selects the data you expect.

In the IDM Tools menu, select the RegeEx Checker item, and you will see a box as below:


I used a silly example of:

Which I think means for the set of numbers (0-9), lower case letters (a-z) and upper case numbers (A-Z) look for repetition 3 times (the {0,3} part) and then whatever ever else you find (the .* stuff).

That turns out to be valid for my random keystrokes I entered as a string. But it is nice since you can experiment and try different combinations and have it validated on the fly. This is sort of like extending Simulator in Designer to handle Regular Expressions as well. Of course you could use Simulator to do this. Build a simple test where say if operation attribute someName is regular expression equal, with the regular expression. Then run Simulator and do a modify event with an attribute of someName and then set the value in the XDS document to be the value you wish to test. This is a bit cumbersome, since you have to keep running it through Simulator which is a number of extra clicks. Also you have to construct your XDS document with the proper data, or else have a copy handy, snagged from the engine trace with the appropriate event.

Simulator is pretty powerful, and even has a nice GUI tool to build valid XDS documents to your needs. There is a problem with handling multiple events in a single document. That would be a single <nds> document that has say both an <add> and a <modify> event in it. This is a pretty common case in the engine, where you send in a create for a user, get the <add> event, but as part of that you add some group memberships which generate <modify> events for the Group object and they get tacked onto the same XDS document, but as a second and third or more event.

If you paste this into Simulator as the source document it sort of handles it the first pass through, but when you come back to it, where it would normally remember the event so you could reuse it for a while, it will throw away some of the event. Usually it throws away the second and onwards events. This is a shame, since it is useful to run the same test again and again as you develop, testing out each code change.

If it is a simple XDS event then Simulator usually has no issue remembering it, but there are a number of slightly different but apparently valid XDS tricks that Simulator does not like. Don't fight it you will not win, just keep the XML in a copy buffer and paste it again and again as needed.

This especially applies to non-XDS XML, for example SOAP events. If you are testing a SOAP driver and want to run a SOAP event through it, you will have to keep pasting it into the editor since the editor is severely biased towards XDS and will through away most of the event between passes.

Even though Simulator would work fine, and in some ways is the better way in the past, because Regular Expression implementations have subtle differences between themselves. So much so, that in that tool I use RegexBuddy, it lets you select the flavour of RegEx implementation to use, and it knows about 15 flavours.

By running the Regular Expression checker in the same instance of Designer, you are pretty closely guaranteed that you are using the same Regular Expression implementation that Designer is using, and since we know Simulator mostly runs the engine JAR's themselves to run the simulation, that is probably as close as you can get to certainty that the results should match the engine's results.

I ran into this in a fun way during the transition from IDM 3.6 to IDM 4, and I was working on an IDM 3.6 project at a customer, but had already moved on to use Designer 4.0. There was a bug related to how the Replace All token worked, if you wanted to use a GCV to hold a Regular Expression pattern, that was broken in IDM 3.6, but I did all my development and testing in Designer 4.0 which was using the IDM 4.0 engine JARs and thus it worked. But I deployed it and it failed. I tried it in Simulator it worked. What was going on? I eventually tracked it down to this specific bug. In fact they fixed it AGAIN in a later IDM release but because enough people relied on the old behavior added an Engine Control Value to enable or disable the fix. I forget what they called the issue, but it has to do with escaping RegEx special characters, if you pass in the RegEx string in a variable or Global Configuration Value (GCV). The simplest workaround is to use the ~GCVName~ representation since it does a string replacement at driver start time, meaning there is no run time interpretation of the GCV.

String En/Decoder:

Sometimes it is really handy to paste a string and see what it looks like Base64 encoded. Often you get an LDAP value back that is Base 64 encoded instead of a proper string and you want to see why. (For LDAP it is often because there is a leading or trailing space, and LDIF does not allow encoding that except if it is base 64 encoded).

Here you get the option to encode or decode a string, in two formats. Base64 and URL. That is quite a handy little thing,

As I was setting up a test case, I managed to crash it, which seems a bit odd, so take care, you are getting what you paid for in a plugin last updated in 2007. Amazing it still seems to run fine in the latest Designer, so I guess a minor issue like this is to expected.

Overall a clever tool, and would be nice to see it updated but I like clever tools so I am mostly happy with it.

If you have found another Designer plugin that I have missed, please add a comment with a link since I would love to review it. I have one more review written of a clever plugin, but I am waiting on the author to release the plugin. It is a good one! Solves a couple of problems, but now I have to be patient.


How To-Best Practice
Comment List