[------legend----------------] [ + Added feature ] [ * Improved/changed feature ] [ - Bug fixed/refactoring ] [ ! security bug fix ] [ ~ partial implementation ] [----------------------------] Changelog 2020-07-28 v3.70 + View as another user if the server supports the proxied authorization control. - Smaller bug fixes. Changelog 2020-03-26 v3.70 BETA 4 - Jump to entry (F4) wouldn't work on some DN type string that were stored in string attributes and where the case didn't match the actual DN. * Improved driver cache statistics with the number of changed objects in cache per event type. * Added Get role and resource stats to the IDM menu, gets the number of roles, resources, role request objects and resource request objects. * Display the uptime of eDirectory and the size of the DIB when connecting. * Improved debug and trace logging in the Non Unique Value Finder. Changelog 2019-11-10 v3.70 BETA 3 * Show number of objects found when searching in the main window. * Updated some dependencies. Changelog 2019-10-19 v3.70 BETA 2 + Added "Show only enabled drivers" under the IDM menu. When checked and you click on "Show IDM Drivers" it will only display drivers that are enabled on the server you are connected to. + Added three radiobuttons (All, Running, Stopped) to only show those IDM drivers that are either Running and Stopped (All), only Running or only Stopped. This is applied when you click on the "Show IDM Drivers" button. Changelog 2019-09-10 v3.70 BETA 1 + Implemented certificate validation when connecting over a TLS channel and "Validate certificate" is enabled on the connection profile. A keystore is created in the .console2 directory, "c2_truststore.jks", the password is console2 if you want to manipulate it outside of C2. When you trust a new certificate it's added to the keystore. - Disabled "Copy to clipboard" on non-texteditor fields. * Added "Trim?" checkbox to the filter generator, removes trailing spaces from attribute values. * You can now select multiple drivers after clicking "Show IDM Drivers" and change the startup mode for all of them. * You can now change trace level for multiple selected drivers. Changelog 2018-11-21 v3.68 * Added right click menu for cut/copy/paste to many more places. + Added fields to the "Extra" tab when viewing AD objects: Show the objectGUID attribute in IDM AD driver association format. Show the objectGUID attribute in Base 64 format used as the ImmutableID in O365. - Fixed a bug in JLDAP when connecting to OpenDJ and parsing a schema matching rule that has no NAME attribute. * Added handling of superior attributes to the schema parsing subsystem. * Changed the LDAP Browser to show max 50 000 entries when expanding a tree node. + Added support for generating LDAP filters using GUID strings for AD and eDir to the LDAP filter generator. + Added new Converter tool under the Extra menu. At the moment it allows you to do Base64 decoding and convert the AD GUID to different formats. + Added support for copying cefConfiguration attributes to the Beta -> eDirectory auditing feature. Changelog 2018-10-02 v3.67 - Adjustments to multithreaded searches, sometimes the GUI may hang. This release may or may not fix the issue. Changelog 2018-09-21 v3.66 - A search using a custom LDAP filter could hang if you entered an invalid filter. The app now detects an invalid filter and shows an error message. - The Beta -> Create Entry function didn't detect the RDN in some cases. Changelog 2018-09-02 v3.65 - Batch Operations -> LDIF Export was not using paging when exporting from AD resulting in only 1000 entries being exported. - LDAP browser was not using paging when connected to AD resulting in not being able to list containers containing more than 1000 objects. * eDirectory GUID is now displayed in upper case because IDM uses upper case GUID's as the association value. * Tested with IDM 4.7, eDirectory 9.1. * Tested with Java 10 and Java 11. - Send to IDM from XDS file didn't always honor the selected file encoding resulting in corrupted values being sent in some cases. * Testing a connection in the Profile Manager or connecting to a profile in the main window is now done in a background thread and a progress dialog is displayed which can be closed to cancel the connection attempt in those cases when the server is unavailable. This means that the UI doesn't lock up when connecting to unavailable servers. There are still other parts where the connection attempt is not multithreaded yet. * More searches than before are multithreaded and will display a progress dialog if they take more than 2 seconds to complete. * LDIF importer now logs a summary in the log file: - Number of successful entries imported - Number of failed entries - Number and type of error Changelog 2018-02-04 v3.61 - If you opened the LDAP browser, closed it, disconnected and connected to another LDAP server the browser would still be connected to the previous LDAP server making it impossible to browse unless you restarted the application. Changelog 2017-12-31 v3.60 * "Get Driver Status" now displays historic data, the number of total events that have changed since you lasted clicked the button and estimated time of completion if the number of events has decreased. + Added "Open in LDAP Browser" right click menu which opens a DN directly in the LDAP Browser. + Added syntax highlightning and line numbering to the string attribute editor. * Set driver trace level now supports setting a trace level that is higher than 100, new maximum is 1000. + Console2 has its own Telegram channel for new release announcements and tips and tricks: https://t.me/console2 + Added support for editing text data that is stored in binary attributes in eDirectory with syntax 1.3.6.1.4.1.1466.115.121.1.5 The following attributes are supported: DirXML-ApplicationSchema DirXML-ConfigManifest DirXML-ConfigValues DirXML-Data DirXML-DriverFilter DirXML-DriverStorage DirXML-EngineControlValues DirXML-PersistentData DirXML-ReciprocalAttrMap DirXML-ShimConfigInfo DirXML-pkgExtensions DirXML-SPEntitlementsXML DirXML-pkgInitialState nspmComplexityRules nspmExcludeList srvprvProcessXML srvprvRequestXML srvprvUserPrefsPlus sscConfiguration sscRuntime sscRuntimeTest Changelog 2017-10-14 v3.55 * eDirectory Index Manager now supports compound indexes. + eDirectory Index Manager automatically connects to the current selected profile as a Source profile. * eDirectory Index Manager buttons now have mnemonic shortcuts. + Add the current timestamp to some messages in the results text area in the main window. - Fixed inappropriate authentication message that was logged when connecting to a server to read the root DSE. * Closes the Batch Operations window automatically on a disconnect. Changelog 2017-09-03 v3.54 * Open in editor (F3) and Jump to (F4) now supports special eDirectory attributes that use such syntaxes as: Path, ACL, Typed Name * Better default column width in the entry viewer, the attribute name column no longer takes up 50% of the window. + Non Unique Value Finder. Search for attributes whos values exist on multiple objects. For example if you have an attribute that should be unique in the LDAP directory, but it is not, use this function to find all objects that have this a value that also exists on some other object. Find this new function under Extra -> Non Unique Value Finder. The results are written to a CSV file. Changelog 2017-08-18 v3.53 - Fixed a bug with CSV import feature not finding objects to update sometimes. Changelog 2017-07-02 v3.52 * LDAP Browser/Viewer: Deleting entry removes it from the tree view and selects the nearest parent. * LDAP Browser: Add support for F5 keyboard shortcut for refreshing an entry. + LDAP Viewer: Added "Open in new window" button. Opens the current entry in a new window. Changelog 2017-05-27 v3.51 + LDAP Browser: Add support for OpenLDAP, Active Directory, OpenDJ - LDAP Browser: Fixed a bug that prevented viewing of the cn=Monitor object in eDirectory 9. + Get JVM runtime information now works with IDM 4.6 and outputs information to the logfile. * Charity donation requirement increase from USD 50 to USD 100 Changelog 2017-02-19 v3.5 + LDAP Browser: Press F3 on a selected DN attribute to jump to that object. + LDAP Viewer: Press F4 on a selected DN attribute to open a new viewer on that object. + LDAP Viewer: Added right click popup menu. + LDAP Browser: Added support for deleting multiple objects at once. + LDAP Browser: Added support for Subtree Delete Control when deleting objects. - Fixed a bug in the nrf* viewer that prevented it from parsing attributes that contained the # character. * Improved Java 9 compatibility. * Improved error handling when reading corrupt LDIF files. * Upgraded SLF4J to v1.7.23 * Upgraded Logback to v1.2.1 * Upgraded UnboundID LDAP SDK to v3.2.1 Changelog 2016-11-02 v3.45 * Changed the selection model in the LDAP Entry viewer. - Fixed a bug that prevented the LDAP Viewer from showing some objects in AD. - Fixed a bug in the nrf* viewer that prevented it from opening when the nrf- attributes contained corrupt data. Changelog 2016-10-07 v3.44 * Ability to select file encoding in the XDS Sender GUI when reading from a XML file. * Ability to select and view the Root DSE in the LDAP browser (Beta->Browser) * Ability to right click in the tree in the LDAP browser and select "Go to DN". Allows you to enter a DN to go to. * Added a text field in the LDAP browser that shows the currently selected DN. You can also enter your own DN and click "Go to DN" button or press Enter. Changelog 2016-10-02 v3.43 + The LDAP Browser now shows the DN of the selected entry in the title bar. * Updated UnboundID LDAP SDK to v3.2.0 Changelog 2016-09-21 v3.42 - Fixed NullPointerException when connecting to DirX Changelog 2016-09-10 v3.41 + Attribute editor for: photo, ldapPhoto, jpegPhoto, thumbnailPhoto Allows you to view the images stored in those attributes and upload new images * Improved confirmation dialog when deleting attribute values. Instead of showing a very wide dialog that sometimes didn't fit on the screen if the value was very long we now display a scrollable textarea. This has the benefit of allowing you to copy the values you are about to delete. + Beta: LDAP Browser "Favorites". Add favorite entries that you can quickly access from the "Favorites" menu when using the LDAP Browser which itself is in beta. You can find the LDAP Browser under the menu Beta->Browser. - Fixed schema parsing bug that caused it not to load all attributes which in turn affected some of the attribute editors. ~ Workaround described in the README on running Console2 with Java 9 EA. * Updated Jasypt to v1.9.2 * Updated Apache Commons IO to v2.5 Changelog 2016-06-29 v3.4 Beta - Fixed regression bug in Schema Browser which caused it to not reload the schema after adding a new attribute/class or changing optional attributes on a class. * Changed the way attribute editors are loaded so it is compatible with Java 9. * Began testing C2 with Java 9 EA. All functions that have to do with NMAS and Universal Password do not work with Java 9 at the moment. * Began implementing HiDPI icons support. Changelog 2016-06-19 v3.3 - Attribute editor combo box caching bug fixed. + Setting driver start option is now available for multiple drivers at once. + DirXML-Associations attribute editor. + Object Class attribute editor. * Much improved LDAP browser. - Misc. bug fixes. * Misc. layout improvements. Changelog 2016-05-15 v3.2 + Create new entry feature - can be found under the Beta menu -> Create entry or in the Entry Editor/Viewer as a button in the toolbar. - Fixed a bug that caused some of the new value editors to not work. + Nrf viewer now parses action_tm + Add DN attribute editor + Added beta-level LDAP Browser, you can find it under Beta->Browser * Updated SLF4J to v1.7.21 * Updated Logback to v1.1.7 * Updated UnboundID LDAP SDK library to v3.1.1 Changelog 2016-03-27 v3.05 * Requires Java 8 + Attribute editing functionality - available when opening a entry by double clicking on it. + Add new attribute + Add new attribute value + Edit attribute value (text, boolean, integer, date/time) + View binary attribute in Hex viewer + Remove attribute or value + Remove entry * Tested with eDirectory 9.0 Changelog 2016-02-20 v3.04 * "Show IDM Drivers" button now only displays drivers that belong to the driver set that is associated with the server you are connected to. Previously it would display all drivers even though you could not do much with them if they were on another driver set except change the trace settings. - Fixed a bug that occurred when clicking on "Change server" and then disconnecting and then connecting again. The application would still be connected to the other server. - Pressing the Enter key in the Value field when searching for objects did nothing the first time the key was pressed, you had to press it twice to begin the search. * Implemented a workaround for IDM engine 4.5.2 and 4.5.3 where a resync is not triggered when setting the association state to 3. * Removed 30 day trial license that was extended with each new version. * Updated Logback to v1.1.5 * Support for IDM 4.5 DirXML-AssociationsLite in Association Manager. Changelog 2016-02-06 v3.03 * Removed auto complete support for LDAP filters in the Association Manager, Batch operations and the main search field because it was hard to edit the filter. * Increased the number of recently remembered items from 10 to 20. - Fixed a bug where LDAP filter combo box would grow and extend past the window frame if one used a really long LDAP filter and then restarted the application which would then load the filter from the auto complete preferences. * Updated SLF4J to v1.7.14 Changelog 2015-10-25 v3.02 * Allow selection of multiple objects in the TestWindow that appears when testing LDAP queries and in the "Found objects:" list that appears when searching in the main window. * Added doesn't contain, doesn't start with and doesn't end with to the query builder. * You can select and start/stop multiple drivers at once. * Extra->Value Count Report now supports setting a static LDAP filter. Changelog 2015-09-27 v3.01 - Connection test in the profile manager was not working in certain situations. Changelog 2015-09-20 v3.0 v3.0 released Changelog 2015-05-29 v3.0 beta 27 - Fixed a bug that prevented the "Batch operations, LDIF import/export" function from working with other directories than eDirectory - Fixed a bug in the Schema Browser/Editor when updating optional attributes. Changelog 2015-05-14 v3.0 beta 26 * Improved Dump cache performance several hundred times by not displaying the number of written bytes to file. Instead we are displaying the number of processed nodes. Changelog 2015-03-28 v3.0 beta 25 * Updated Logback to v1.1.3 * Password field gets focus when clicking "Connect" and a password is required. Changelog 2015-03-01 v3.0 beta 24 * Improved IPv6 support * Updated SLF4J to v1.7.10 * Updated UnboundID LDAP SDK library to v2.3.8 Changelog 2014-10-26 v3.0 beta 23 * Updated UnboundID LDAP SDK library to v2.3.7 * Updated SLF4J to v1.7.7 * Updated Logback to v1.1.2 Changelog 2014-10-05 v3.0 beta 22 * Added support for the NMAS OATH HOTP method, a new tab below the eDirectory tab. It displays information regarding NMAS OATH. Enable/disable OTP See if the OATH OTP Secret is set See and change the OTP counter See and change the OTP digits number See and change OTP user resync look-ahead window Generate a new OTP secret and display the result in Hex and Base32 format. Changelog 2014-05-17 v3.0 beta 21 * Added CTRL+C support to the LDAP Entry viewer window that comes up when double clicking on a search result. + Added "Check UP status" to the UP menu. The function performs Universal Password check for all password enabled objects in the tree and writes the results to a file. + Add "Bulk update attributes from CSV" to the Extra menu. The function performs a import from a CSV file. The format of the file must be: dn|attribute name|attribute value The function performs a REPLACE on the attribute. * Added Password/Logon tab to AD information tab. It contains the following information: Password Expiry Time Last Interactive Logon Failed Interactive Logon Failed Interactive Logon Count Failed Interactive Logon Count At Last Successful Logon Authenticated by DC Changelog 2014-03-15 v3.0 beta 20 * Added support for AD in the "Compare Groups" function. * Added support for large AD groups in "Compare Groups" using range retrieval of the member attribute. - Uses objectCategory instead of objectClass when searching AD in the Search Window. - Add group to the drop down in the Search Window. Changelog 2014-03-09 v3.0 beta 19 - Send XDS from IDM, the text from the textarea is now encoded with UTF-8. Changelog 2014-03-09 v3.0 beta 18 - Fixed small bugs in the Schema Browser. * Update Logback to v1.1.1 * Updated SLF4J to v1.7.6 Changelog 2014-02-01 v3.0 beta 17 * Added "Edit" buttons to the editable autocomplete comboboxes. * Updated Logback to v1.1.0 * Updated UnboundID LDAP SDK library to v2.3.6 Changelog 2014-01-11 v3.0 beta 16 + Implemented licensing - Console2 is no longer freeware. Future versions will require a license to use. Changelog 2013-12-22 v3.0 beta 15 * Improved the schema browser, added CTRL+C support to different list fields. * Added "Reset" buttons to the "Create class" and "Create attribute" tabs. + Added "Used By" tab to the Schema Browser, select an attribute to see which classes use it. + Added "Create from LDIF fragment" tab, quickly create attributes/classes by entering a valid LDIF fragment. + Added "Copy schema" tab, copy attributes and classes between different directories, currently it's only tested with eDirectory. Changelog 2013-12-01 v3.0 beta 14 - Fixed a bug with the query builder, it would create a lowercase filter. Now it preserves the case of the entered values. * Added new operators to the query builder to allow for substring searches: contains, starts with and ends with. Changelog 2013-10-05 v3.0 beta 13 - Improvments to the dump cache functionality * Updated to Jasypt v1.9.1 Changelog 2013-09-21 v3.0 beta 12 - Fixed a bunch of bugs that was caused by the new autocomplete functionality. + Setting log level to TRACE using the Extra -> Debug Level menu causes C2 to save any SSL/TLS certificates it encounters when connecting to the user.home/.console2 directory. Usually %USERPROFILE%\.console2 on Windows. Note that you must set the log level *before* connecting. After connecting I recommend that you change the log level back to ERROR to increase performance. Changelog 2013-08-10 v3.0 beta 11 + Now requires Oracle Java 7. Java 6 JRE is no longer supported. * The log files are now stored in the user.home/.console2 directory. That's usually %USERPROFILE%\.console2 on Windows. * Added autocomplete support to several comboboxes. Some comboboxes also have autocomplete history enabled where the 10 latest entries are saved. * Improved the Query Builder, added autocomplete support. Display a combobox containing all object classes when you select "objectClass". Changelog 2013-07-14 v3.0 beta 10 - Fixed a small bug in Association Manager that occured when you closed and reopened it. * Index Manager now allows you to select and delete multiple indexes at once. + Index Manager now allows import of index definitions from LDIF. Changelog 2013-07-06 v3.0 beta 9 + Added a function for creating and editing eDirectory database indexes. Support copying indexes between servers and trees. * Updated Logback to v1.0.13 * Updated UnboundID LDAP SDK library to v2.3.4 Changelog 2013-05-04 v3.0 beta 8 - Fixed a bug that occured when connecting to profiles that had different encryption passwords. If you connected to Profile 1 using encryption password A and then tried to connect to Profile 2 that used password B you would not be prompted for a password, instead the operation would fail silently and you had to restart Console2. * Updated Logback to v1.0.12 Changelog 2013-04-14 v3.0 beta 7 + Added support for editing the IDM audit event ID filter. Normally it's edited using iManager and the "Log Level" tab on a driver or driver set. You can find it under in the menu: Beta -> IDM auditing. It allows you to copy settings between driver sets and drivers in the same or different trees. For example you can configure the Log Level in your development environement and then replicate those settings to your QA and production. You may export settings to a file and later import those settings. Edit settings by doubleclicking a driver set or driver. + Added support for copying eDirectory auditing instrumentation settings between servers. You can setup one server the way you want it using iManager and the eDirectory auditing plugins and then using this tool you can copy those settings to servers in the same tree or other trees. You can copy to multiple servers at once. Access the feature from the menu: Beta -> eDirectory auditing. There is support for exporting the settings to a file and importing them. - Several small bug fixes. * Updated Logback to v1.0.11 * Updated SLF4J to v1.7.5 Changelog 2013-02-03 v3.0 beta 6 + Added a GUID text field on the Extra tab on the eDirectory and AD tabs. Displays the text value the eDirectory GUID attribute and the AD objectGUID attribute. Changelog 2013-01-06 v3.0 beta 5 + Added Misc menu to the IDM menu. Contains the following functions: - Reset Driver Stats - Add server to Driver Set - adds the connected to server to a driver set. - Remove server from Driver Set - removes the connected to server from its driver set. - Refresh Application Schema - obtain application's schema and store the schema in the DirXML-ApplicationSchema attribute on the DirXML-Driver object. - Migrate into IDV from application - sends a query to the connected system for performing a sync operation on the publisher channel. Changelog 2012-12-16 v3.0 beta 4 * Improvements when setting Remote Loader, Driver and Applications passwords. + Added a Schema Browser/Editor allowing you to browse the directory schema. Displays all the necessary information for object classes and attributes. Has the following tabs: - Classes -- Display all classes -- Show details for a selected class (name, OID, type) -- Double click on an attribute to switch to the attribute tab -- Double click on a class to display details about that class -- Show required attributes -- Show optional attributes -- Edit optional attributes -- Show superclasses -- Show subclassess -- Show all qualifier flags for a class -- Show the raw LDIF class definition -- Edit the raw LDIF class definition -- Delete object class -- Save changes to the object class - Attributes -- Displays all attributes -- Show details for a selected attribute (name, OID, type, description, syntax) -- Show all qualifier flags for an attribute -- Show the raw LDIF attribute defintion -- Edit the raw LDIF attribute defintion -- Delete attribute -- Save changes to an attribute - Syntaxes -- Shows all syntaxes -- Shows syntax details (OID, description) -- Shows the raw LDIF syntax defintion -- Shows which attributes use each syntax - X-Filter -- Shows all qualifers ("X" flags) on classes -- Shows all qualifers ("X" flags) on attributes -- Click on a qualifier to see which class or attribute have that qualifer defined -- Double click on a class/attribute to go directly to that class/attribute - Create attribute -- Allows you to create a new attribute definition in the schema -- You can set the name, OID, description, syntax and a number of flags -- You can set some eDirectory specific qualifer flags - Create class -- Allows you to create a new class defintion in the schema -- You can set the name, OID, description, type -- You can select the superclass to inherit from -- You can select mandatory attributes -- You can select optional attributes -- You can set eDirectory specific flags ---- You can select naming attributes ---- You can select the containing classes ---- You can choose if it's a container class or not + Added a "DirXML-PasswordSyncStatus" button that decodes the information in the "DirXML-PasswordSyncStatus" attribute on a user and shows it in a readable format. Can be found on the Password tab under the eDirectory tab on the main window. + LDAP Filter Builder - click the "Query Builder" button in the "Class" row on the main window. Can also be found in "Association Manager" and in the "Batch operations" windows. Click the button with the "looking glass" icon. Allows you to construct an LDAP filter using comboboxes. Does not perform any verification that the attribute support the selected operator. You have to know what you are doing. * Updated Logback to v1.0.9 Changelog 2012-10-28 v3.0 beta 2 * Added a "Save Password" checkbox to the Profile Manager in case you don't want to save your password you may uncheck it. The default is to save the password. If you have any profiles with saved passwords where you don't want the password to be saved anymore, load the profile in the Profile Manager, uncheck "Save Password?" and save the profile again. When loading such profiles you will be prompted to enter the password. If you don't enter a password then an anonymous connection will be attempted. - Multiple Tree Logon check no longer performs a disconnect on the "admin" LDAP connection (the one used for performing the search). Changelog 2012-10-14 v3.0 beta 1 + Multiple Tree Check complete redesign. Add/remove server panels at will. Connect using a profile list dropdown. Displays status of the tested account in the target directory, if it's disabled, expired, locked out and if the password has expired. + Changed the GUI on the main screen. Removed the text fields for hostname, password etc. Removed several profile related fields and buttons. Instead there is just a profile drop down, a Connect and Disconnect button and a Profile Manager button. For all connections you must now create a profile in the Profile Manager first. + Added a "Profile Manager" for managing all connection profiles. Here you can add new connection profiles, change and delete existing profile. You can also test your connections. You may also import connections from Apache Directory Studio. * Updated Logback to v1.0.7 * Updated SLF4J to v1.7.2 + Added support for tracing all method calls to the C2 logfile using Javassist and SLF4J extensions. This allows for detailed logging of the programs execution which is useful for troubleshooting. To use it start the application with the following command line: java -jar ldapmu_upc.jar -javaagent:lib/slf4j-ext-1.7.1.jar NOTE!!! Change 1.7.1.jar to the actual filename for the version you are using! You then have to set the debug level to at least INFO in the C2 menu. Please note that this slows down the application over 100 times! + Added support for importing LDIF files. - menu Extra -> Batch operations + Added support for exporting LDIF files. - menu Extra -> Batch operations + Added support for exporting a drivers cache to an XML file. Menu IDM -> Dump driver cache to file Select the driver which must be stopped and enabled, select the output file and press the perform operation button. No progress bar in this version! + Added support for the IDM CheckObjectPassword operation. Menu Extra -> Batch operations This allows you to perform the CheckObjectPassword check that can be performed using iManager/dxcmd for all objects that match an LDAP filter. Instead of checking one object at a time you can check thousands of objects at once. You can choose to display the results on screen or save them to a file. The CheckObjectPassword performs the following for each object: LDAP request to check the nspmDistributionPassword value of an eDirectory object against the object's associated password in a connected system. This requires special rights in the directory, admin rights or the following: Rights needed: The request issuer must have Manage Password rights to the target object, or must be authenticated as the target object. To check the password of the issuer's object, the issuer must have read access to the DirXML-AccessCheckObjectPassword attribute on the target DirXML-Driver object. To check the password of any object, the issuer must have write access to the DirXML-AccessCheckObjectPassword attribute on the target DirXML-Driver object. Manage Password rights means that the request issuer has either write access to the ACL attribute on the target object or has write access to the Password Management attribute on the target object. + Multivalue counter - menu Extra -> Value Count report Allows you to search for attributes that contain more than a specified number of values. Say you want to find all objects that have two e-mail addresses, you can enter the following in the search window: mail,2 The application will fetch all objects containing the mail attribute and show you which one contain two or more values. Beside being displayed on screen an LDIF file will also be created in the C2 directory. The file is named MultiValueFinderyyyy-MM-dd HH_mm_ss.ldif You can enter multiple attributes to search for, one on each line. Example: mail,2 sn,2 This will cause the application to search for all objects that contain BOTH the mail and sn attribute AND that contain two or more values in those attributes. + Reciprocal attribute report generator - menu Extra -> Reciprocal Report Allows you to find objects where the reciprocal attribute values are missing. For example if you have a group and a user in eDirectory then the user that is a member of a group will have the attribute groupMembership which will point to the group. The group will have the attribute member which will point to the user. The report generator can be used to find all objects that have the groupMembership attribute and then check each group to make sure that they have the user listed in their member attribute. In case that the user is missing from the member attribute this will be written to a logfile named "ReciprocalReportyyyy-MM-dd HH_mm_ss.txt" You can enter any DN attribute name to check. + LDAP filter generator - menu Extra -> Batch operations Can also be found in the same row as the "Class" combobox on the main window. Click the little black cat icon. This allows you to generate an LDAP filter by pasting in values, one per row. Example, you can enter something like this: 1 2 3 etc. Then you must enter a name for the attribute, for example workforceID. The Generate button will then create an AND or OR filter depending on your choices. You can also select to append a static filter to the generated one. The filter will then look something like this: (|(workforceID=1)(worforceID=2)(workforceID=3)) Very effective if you have hundreds of values you need to search for. ~ Centers new windows instead of displaying them in the upper left corner. Changelog 2012-05-13 v2.7 + Starting/Stopping a driver will now popup a progress dialog. It will also update the driver status icon after the operation completes. The progress dialog is displayed for a maximum of 10 seconds while the driver is starting/stopping. If the operation takes more than that you will get a message telling you that the outcome of the operation could not be determined. Closing the progress dialog (pressing Cancel), has no effect on the operation, it will just close the dialog. * Restart driver button displays a progress bar when click. * Moved the "Show IDM Drivers" button. * When clicking on the "Search" button the IDM drivers panel will be hidden. Click on "Show IDM Drivers" to show the drivers panel again. + Added a "root DSE Viewer" under the Extra menu allowing you to view the root DSE entry of an LDAP server. It will also display a description of some LDAP extensions and controls. * Added search button to the base DN text field in Associations Manager allowing you to search for a base DN. * Added a "Base DN" text field next to the "Attribute" drop-down. + Added a Display LDAP filter button to Association Manager that will show you the LDAP filter that will be used for the search. You can then try the LDAP filter in an LDAP browser such as Apache Directory Studio. + Added a "Test result" button to Association Manager that displays all list of all entries that will be affected. You can double click the entries in the list to display a simple attribute viewer showing all attributes including operational attributes. You can copy the DN by selecting an entry and right clicking or pressing CTRL+C on the keyboard. * Better information in the "Associations Manager" in case you enter an invalid LDAP filter. - Fixed an issue that occurred when loading an encrypted profile. If you entered the wrong decryption password you could not click "Load profile" again and enter the correct password because you would not be prompted. You had to restart the application. Now if you enter the wrong password and click "Load profile" again, you will be prompted for the correct password. + Added support for anonymous binds, if you leave the User and Password fields blank then an anonymous bind will be attempted. + Added new function: Export eDirectory CA public key in the Extra menu. Allows you to export the eDirectory root CA public key to DER or Base 64 format. Instead of using iManager or ConsoleOne. Useful when you need the certificate for Remote Loader, for ICE or some other utility that wants to verify the server certificate. * Changed some debug mode functionality. Increased the level of detail that is logged to file. - Small bugfixes, text adjustments. + Support for connecting to Lotus Domino LDAP servers. Tested with v8.5.3. + Support for connecting to Microsoft ADLDS servers. Tested with 2008 R2. * Updated Logback library to v1.0.3 * Updated UnboundID LDAP SDK library to v2.3.1 - Fixed a bug with the "Change Server" button when switching between different servers in the same driverset. It wasn't working since v2.5. + Added "Check for new version" under the Help menu, it takes you to the Cool Solutions page. Changelog 2012-03-17 v2.51 - Fixed main window resizing issue Changelog 2012-03-17 v2.5 * Renamed "Migrate from IDV" menu item to "Association Manager (Migrate etc.)" + Delete associations. Added support for deleting associations in the "Association Manager" + Export associations. Added support for exporting associations to a text file from "Association Manager" + Import Associations. Added support for importing associations from a text file. The file must be formatted in the same way as the export file that C2 creates. + Added "Delete selected object" menu item Ability to delete objects from the directory + Added "Reciprocal" menu item Ability to for example add a user to a group and at the same time update the Member attribute on the group pointing back to the user. * Added a scrollbar to the main window so the application is usable when using the minimum resolution of 1280x768. * Updated Logback to v1.0.1 See README.txt for more info on how to use these functions. Changelog 2012-01-14 v2.0 + Added support for sending XDS documents to IDM. Replicates the following dxcmd functionality: Submit XDS command document to driver Submit XDS event document to driver Queue event for driver To use it connect to a IDM server, click "Show IDM Driver", select a driver, click IDM in the menu, click "Send XDS to IDM". You can type in a XDS document directly in the textarea or you can select a XML file containing XDS events. The XML must be valid. For each operation type in the file (add, modify, delete etc.) the program will submit a separate XDS document to IDM. * The "Job Manager" can now set trace attributes on a job (trace level, trace file, trace file size) * Updated Logback to v1.0, SLF4J to v1.6.4, Apache Commons Lang to v3.1, Jasypt to v1.9, UnboundID LDAP SDK to v2.3.0 - Code improvments/refactoring * Changed "Custom LDAP filter" search functionality. Write it directly into the value text field. - Improved error messages. + You can copy the DN of the selected object in the "Found objects" list to the clipboard by pressing CTRL+C or right clicking and selecting "Copy to clipboard". * Profiles can now be deleted in "Multiple Tree Check" * Added checkbox "Ignore aliasObject" to "Multiple Tree Check" to prevent double results when having two objects named the same and one of them is an alias. + "Multiple Tree Check", after checking the login you can now click on a button to the far right seek (looking glass) to bring up a simple LDAP Browser and look at the object that was found. + Removed UPC from the Console2 name. + Added a "Restart driver" button and menu item + Added support for connecting to IBM Tivoli Directory Server (TDS) Changelog 2011-10-23 v1.991: - "Multiple Tree Check", when not finding a user in AD an error would be shown instead of the "No objects found" message. - Removed the alert window that would be shown when clicking "Retrieve info" if there was no Password Policy assigned. Text is shown in the "Errors" area instead. - Fixed window resizing issue in Named Password Manager, Job Manager, Assign Password Policy to object. Changelog 2011-10-22 v1.99: * Changed some layout options so the controls would expand when the window was maximized, so the screen space isn't wasted. + Added a checkbox to the load profile password dialog, "Remember password during session?". If checked you don't have to reenter the password when loading another profile if the password is the same. * Updated Logback to 0.9.30, Apache Commons Lang to 3.0.1 and SLF4J to 1.6.3 - Small bug fixes. - Changed the location where profiles for "Multiple Tree Check" are saved. Migration is performed automatically when the "Show profiles" button is clicked. + In "Multiple Tree Check" you can doubleclick on the "Server" text field to bring up a list of available server profiles. The list comes from the main window. + In "Multiple Tree Check" the status label is reset every time you click the "Try" button. - On the AD Timestamps tab, if the value is 0 then it won't be displayed. Before it was converted to the year 1601. * Password prompt when saving profiles presents both password fields in the same dialog window. * eDirectory time fields are displayed converted to yyyy-MM-dd HH:mm:ss insted of zulu time so they are easier to read. The zulu time is displayed in a tool tip. Changelog 2011-09-17 v1.91: - After saving a new profile it would not show up in the dropdown list unless C2 was restarted. Changelog 2011-09-10 v1.9: + Added Logback and Simple Logging Facade for Java (SLF4J) to C2. All logging should now go through Logback instead of just simply System.out.println. The default loglevel is ERROR. + Added logging to file. The file is automatically created each time C2 is started. It is named c2-log-yyyyMMdd_hhmmss.txt + Loglevel can be set using the menu Extra->Debug level. * Removed the "Show profiles" button, profiles are now automatically loaded when the app i started. + "Migrate from Identity Vault" (IDM->Migrate from IDV) has been updated. 1) You can set so it sleeps for X seconds every Y entries. This means that when doing mass resyncs you can set the app to pause e.g. 30 seconds after processing e.g. 1000 entries. This lets other events come into the queue, and gives them a chance of completing in a timely manner instead of waiting for all entries to resync. This can be useful when the driver on which you are performing the resync on is used for password synchronization. 2) Resync statistics, after a resync you will find out how many entries were resynced, how much time it took and an approximation of how many entries would be processed per 1 hour. * All thrown exceptions are now logged using Logback. * Updated Jasypt library to v1.8 - Fixed a couple of bugs * Rearranged the main GUI Changelog 2011-05-22 v1.5: - Fixed some small bugs. + When setting a password when connected to eDirectory it will now set the userPassword attribute if it can't set the password using NMAS, i.e. if the user is missing a password policy. + You can assign password policys using Extra->Assign password policy to object (Beta) + Added a Named Password Manager. (Beta) + Added a Job Manager for IDM jobs. (Beta) + Delete the Universal or Simple Password from objects. + Get and set the Simple Password to/from objects. + Set the trace file size for IDM drivers. + Set the trace file path for IDM drivers. + When using Simple Paged Results method in Migrate from IDV you can set the page size. + Added Synchronous method to Migrate from IDV. (Beta) + Updated DirXML libraries to v4.0.1 Changelog 2011-04-10 v1.11: - Fixed a bug that prevented successfull connections. Changelog 2011-04-03 v1.1: + Added a new tab "Extra" under the eDirectory tab. It displays pwdChangedTime and pwdFailureTime. + Added a checkbox that allows you to decide if you want to use SSL when connecting. + Added a combobox that allows you to select if you are connecting to AD or eDir. + Added "user" to the class combobox (default when AD is selected). + Added "sAMAccountName" to the attribute combobox (default when AD is selected). + When saving profiles it will now save the portnumber, the SSL-checkbox selection, and the systemtype selection (AD/eDir). + You can press enter in the Value textfield to perform the search. + You can press Alt + V to place the cursor in the Value search field. + Added support for Active Directory. You can connect to AD using a clear-text connection or over SSL as you can with eDirectory. + Display several timestamps from AD, these fields are "read-only". + You can set the password on a AD account, you can also: Enable/disable the account. Unlock the account if it's locked out. Set/unset "Password not required" Set/unset "Password never expires" See if the password has expired. Set/unset that the user must change password on next login. + Added an attribute viewer that shows all attributes when doubleclicking or pressing enter on a entry in the search results window. The window can be closed with Ctrl-W or with Esc. + Added AD support to the "Multiple Tree Logon check" (MTC). When connecting to AD you should enter an AdminDN and AdminPasword unless you have configured AD to allow anonymous searches. + Added buttons to the MTC that allow you to select if SSL is to be used or not. + Added systemtype comboboxes next to each server row in MTC that allows you select if the system is eDir or AD. + Added a textfield next to each server row in MTC that allows you to enter the attributename to search for instead of the one in the combobox. For example you may want to enter sAMAccountName if connecting to AD. If the field is empty the default choice from the combobox will be used. + Updated the Get Driver Stats function. It now displays the output inside a textarea that can be scrolled and provides the most important stats on the textarea on the main form. + Updated UnboundID LDAP SDK to 2.1.0 Changelog 2011-02-06 v1.0: - Fixed a bug with the "Base:" field in "Migrate from IDV", it wasn't being used. - Fixed a bug with the LDAP filter parsing in "Migrate from IDV" that could occur when switching the selection in the combobox for which objects should be synced. - Hopefully fixed a bug when closing the "Migrate from IDV" windows, sometimes it would cause the JVM process to consume 50-100% CPU until the app was closed. + Added icons. + Changed the way the TAB key switches focused components. + Add mnemonic keys to most buttons. + In the "Migrate from IDV" I've added a combobox where you can select what kind of LDAP search it should perform, "Simple Paged Results" or "Asynchronous". The async type is faster to start since it doesn't wait for the LDAP server to return the total amount of entries. The backdraw is that the progressbar can't be updated. The async search is also good when you work against a eDirectory version where the Simple Paged Results control isn't supported or not working as it should. + In the "Multiple Tree Logon check" I've added more status text. When a logon fails the error message will be displayed as a tool tip when you hover the mouse cursor over the RESULT label. Added a mode combobox where you can select "Bind" or "Compare" as the method. The "Compare" method is only used if you have specified AdminDN etc. + Added more tooltips to some components. + Enabled a menuitem, Get Driver Stats that produces a very rough output of the current driver statistics such as cache size, number of entries in the cache and more. + Updated UnboundID LDAP SDK to v2.0.1 Changelog 2011-01-09 v0.92: Added several new functions: + In the main GUI, when searching for objects you may specify your own LDAP-filter instead of using the predefined ones. Do this by clicking the class dropdown and select the option Custom LDAP filter (write your own AFTER clicking Search). Then click Search and you will be prompted for a LDAP-filter. + Multiple Tree Logon Check, can be found under the File menu. Allows you test a username and password against multiple trees at once. You can specify a username and password you want to test. You can then specify up to five IP-addresses to different trees. You can enter something I call AdminDN and AdminPassword for each tree, but it doesn't have to be the admin, it can be any user that has enough rights to perform the correct LDAP search. If your LDAP security settings permit you can skip the AdminDN and check the anonymous search checkbox. The program will then try to perform a anonymous search for the username you entered. Once the program finds the username in the tree it will try to perform a bind using the password you have specified. Depending on the outcome you will get a SUCCESS or a FAILURE message. If the username is not unique you will get an error as well. You can save/load profiles containing the tree information such as IP-address, AdminDN, AdminPassword, Port. The profile name will automatically get the prefix MTC~- to differentiate it from the profiles used by the main Console2 app. The port field must have the following format: SSL-port:Clear-text port, e.g. 636:389 + The Migrate from IDV has two new functions. You can select if you want to resync only object that are associated, or only objects that are not associated, or both. The standard value is to resync both associated and non-associated objects. Then there is a checkbox: Delete association value before sync If you check it then associatied objects will have their association value deleted. E.g.: if the assocation is: cn=AD,cn=DriverSet,dc=System#1#{1234567} Then the resync association will be: cn=AD,cn=DriverSet,dc=System#4# Be sure that you know what you are doing! v0.90 - Initial version