Directory Manager

In addition to the ability to query the core database with database queries, you can also use the Directory manager tool that lets you locate, access, and target devices in other directories via LDAP (the Lightweight Directory Access Protocol).

You can query devices based on specific attributes such as processor type or OS. You can also query based on specific user attributes such as employee ID or department.

For information about creating and running database queries, see Using queries.

Read this chapter to learn about:

About the Directory manager window

Use Directory manager to accomplish the following tasks:

The Directory manager window consists of three panes: a directory pane on the left, a preview pane on the right, and the bottom pane containing a target list and a list of LDAP queries.

Directory pane

The directory pane displays all registered directories and users. As an administrator, you can see a list of queries that are associated with the directory. You can create and then save new queries for a registered directory with a right mouse click or by using drop-down menus.

Creating and saving LDAP directory queries

The task of creating a query for a directory and saving that query is divided into two procedures:

To select an object in the LDAP directory and initiate a new query
  1. In the left navigation pane, click Distribution > Directory manager.
  2. Browse the Directory manager directory pane, and select an object in the LDAP directory. You'll create an LDAP query that returns results from this point in the directory tree down.
  3. From Directory manager, click the New LDAP query toolbar button. Note that this icon only appears when you select the root organization (o) of the directory tree (o=my company) or an organizational unit (ou=engineering) within the root organization. Otherwise, it's dimmed.
  4. The basic LDAP query dialog box appears.
To create, test, and save the query
  1. From the basic LDAP query dialog box, type a descriptive name in the Name field.
  2. Click an attribute that will be a criterion for the query from the list of directory attributes (example = department).
  3. Click a comparison operator for the query (=,<=, >=).
  4. Enter a value for the attribute (example department = engineering).
  5. To create a complex query that combines multiple attributes, select a combination operator (AND or OR) and repeat steps 1 through 3 as many times as you want.
  6. When you finish creating the query, click Insert.
  7. To test the completed query, click Test.
  8. To save the query, click Save. The saved query will appear by name under Saved queries in the directory pane of Directory manager.

About the basic LDAP query dialog

About the Directory manager dialog

From the Directory manager toolbar, click the New directory toolbar button to open the Directory manager dialog. This dialog enables you to start managing a new directory, or to view properties of a currently managed directory. This dialog also shows the URL to the LDAP server and the authentication information required to connect to the LDAP directory:

About the Advanced LDAP query dialog

From the Basic LDAP query dialog, click Advanced to open the advanced LDAP query dialog, which displays the following:

The Advanced LDAP query dialog appears when you select to edit a query that has already been created. Also, if you select an LDAP group in directory manager and then choose to create a query from that point, the Advanced LDAP query dialog appears with a default query that returns the users who are members of that group. You can't change the syntax of this default query, only save the query.

More about the Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP) is an industry standard protocol for accessing and viewing information about users and devices. LDAP enables you to organize and store this information into a directory. An LDAP directory is dynamic in that it can be updated as necessary, and it is distributed, protecting it from a single point of failure. Common LDAP directories include Novell Directory Services (NDS) and Microsoft Active Directory Services (ADS).

The following examples show LDAP queries that can be used to search the directory:

The formal definition of the search filter is as follows (from RFC 1960 :

The token <attr> is a string representing an AttributeType. The token <value> is a string representing an AttributeValue whose format is defined by the underlying directory service.

If a <value> must contain one of the characters * or ( or ), precede the character with the slash (\) escape character.