LEX Online Manual Content

Creating Directory Objects

If you want to create a new object in the LDAP directory you are connected with, there are several different ways to do this:

To create a new object, you first have to focus either the treeview panel or the object list panel in the LEX main window. The container which is currently selected in the treeview panel will be the container where the new object will be deleted.
You can use now the menu option Edit - New Object... to open the Create New Object dialog.
You could also use the Create new object button to open the Create New Object dialog.
Or you just press INSERT or use the New Object option from the context menu (right mouse click in the treeview or object list).
There may be situations where the options and buttons for creating new objects may be disabled. This might be if the LEX ReadOnly Mode is active, or when the application focus lays on the attribute list.

This is the Create New Object dialog:

Object create dialog

The most important elements in this dialog are the two text boxes Objectclass and Object name. Behind the Object name box, you see the container where the new object will be created.

Apart from that all the buttons and attribute edit functions are the same than in other LEX attribute lists.

Be aware that the new object with all the attribute value you specified is not created till you use the Create key. Only now the request with all the data is sent to the LDAP server.

Setting the Object Class

Because LEX normally evaluates the directory schema information of the current LDAP server, all the object classes which exists in your environment are known by the application. So you can choose one from the drop down list at the Objectclass text box.

Because each object class has a fixed set of attributes which are associated with it, LEX can show the set of attributes in the list which fits exactly to the given object classes. The initial set of object classes is derived from the class hierarchy in the schema. But even if you specify some additional object classes (by adding array members to the value 'objectClass'), the set of attributes is adjusted for the given class combination.

Each class has some attributes which are mandatory. Normally you cannot create an object if a mandatory attribute is missing. But sometimes the way the directory handle this mandatory attributes is quite inconsistent. LEX just tries to read all relevant information from the schema, but please be informed that sometimes you can create an object, although not all the mandatory attributes are set.

The mandatory attributes are listed at the top of the list in another color. You can configure this in Tools - Options - Colors - Font color for must-have attributes for new objects.

Setting the Object name

You can set the relative distinguished name for the new object here. Please note that this is not only the actual object's name, but also the DN label identifier, for example 'CN=' or 'OU='. some object can have other label identifiers than CN or OU, so we have to explicitly configure it here.

If the objects name contains special characters, you should be aware of the rules for such characters in LDAP distinguished names. Read the next paragraph for details.

Special Characters in Distinguished Names

Originally, the syntax of Distinguished Names was established in RFC 1779 and RFC 2253. In the meantime, the more modern RFC-Specification RFC 4514 applies here.

Most of the modern LDAP servers can handle easily the special characters of the ASCII table (for example the german o-umlaut). However, a few restrictions apply when building a Distinguished Name:

1. If object names (RDN names) shall start or end a space character, this must be preceded with a leading backslash '\'.

2. If the following characters shall be used in an object name, they also have to be escaped with leading backslash '\'.

, + " \ < > ; =

3. If object names shall start with a "#" this must be preceded with a leading backslash '\'. Especially for ADS domain controllers or ADAM servers it's a strange effect that the system uses the escaping backslash for the '#' at all position in the name string. Normally this is not necessary, the backslash is only important at the beginning because modern LDAP servers accept a syntax where a name starts with "#" and consist then of a hex code for the name.

4. Additionally, any character can be expressed with it's UTF8 value, encoded with a leading backslash for each value. So in environments where the LDAP server doesn't accept pure UTF-8 strings for distinguished names, you can easily encode all special characters for your object's names. You don't need this encoding in Active Directory environments, because you can use UTF-8 strings with special chars directly as distinguished names.

Here are some examples for UTF-8 escaped characters:

Character	UTF-8 Representation
ä	\79
,	\2C
\	\5C
®	\C2\AE
½	\C2\BD
Ω	\CE\A9
€	\E2\82\AC

A few general examples for special characters in the distinguished name, shown in an Active Directory Environment:

Object Names with special characters

These objects have the following Distinguished Names:

cn=\ Balrog, ou=LOTR,dc=cerrotorre,dc=de
cn=\#G#o#l#u#m#,ou=LOTR,dc=cerrotorre,dc=de
cn=Blanchet\, Cate,ou=LOTR,dc=cerrotorre,dc=de
cn=Jackson\2C Peter,ou=LOTR,dc=cerrotorre,dc=de
cn=Lee\, Christopher \<Saruman\>,ou=LOTR,dc=cerrotorre,dc=de
cn=McKellen\, Ian \+\+Gandalf\+\+,ou=LOTR,dc=cerrotorre,dc=de

Editing in the Create New Object Dialog

If you want to set a value in attribute list of a new object, you can do this exactly if you would edit an attribute in one of the other attribute lists of LEX:

You can use the F2 key to quick-edit the value. If no in-place edit box can be opened, you will see a normal editor dialog for the attribute value.
You can press ENTER to open the standard editor dialog for the attribute value. LEX comes with quite a lot of different editors for the attribute syntaxes - the correct one is chosen automatically.
Both functions are also available if you use the context menu in the attribute list (right mouse click).

Command Buttons in the Create New Object Dialog

The Add new attribute button adds a new attribute value to the new object. Normally all the objects attribute should be shown automatically based on the schema information.

The Add attribute element to an array button can add a new value to an multi valued attribute. You cannot use this button if you have selected a single valued attribute.

The Remove attribute button deletes an existing attribute value from the new object.

The Show only attributes that have values button toggles the display between the "full attribute range" view and the "set attribute only" view. In the "full attribute range" view, all attributes of an object are shown, regardless whether they have values associated or not.

The Show friendly object names button creates a user-friendly output of names.

The Show distinguished name in Novell notation button shows the names in Novell's dotted notation.

The Show hex output for attribute with hex values button toggles the display for attributes which data type has binary character (hex values / octetstring values). This refers to the object list as well as to the attribute list. The values are shown as their hexadecimal values OR as their corresponding ASCII characters.

The Show multivalued attributes button toggles the display for attributes which contains an array of values. Normally such multi valued attributes are displayed condensed
Multivalued attributes condensed display

Multivalued attributes condensed display

If you choose to show all such attributes with all values, activate the button and the display changes to
Multivalued attributes full display

Please note that there is a quick and easy way to switch the multi valued display for one single attribute in the list: Just press the SPACE key on your keyboard or use the context menu (right mouse click) and the option Show Multivalue as Array / Show Multivalue as Singe Line.