LEX Online Manual Content

• Introduction to LEX
  • First steps
    • License Splashscreen
    • ReadOnly PopUp
    • First LDAP Connection
  • LEX GUI Elements
    • The Treeview Panel
      • Reloading the Tree Structure
      • Hiding the Tree Structure
      • The currently selected Container
    • The Object List Panel
      • Reloading the Object List
      • Object List Scope
      • Object List Filter
      • Object Names Display
      • Object Attribute Columns
      • Sorting the Object List
      • Object Icons
    • The Attribute List Panel
      • Showing and Hiding the Attribute List
      • Attribute List Position
      • Refreshing the Attribute List Contents
      • Attribute List Filter
    • The Address Bar
    • The Command Button Bar
    • The Status Bar
    • The Attribute Window
      • Attribute Window Hotkeys
      • Attribute Window Command Buttons
      • Refreshing the Attribute Window Contents
      • Attribute Window Filter
      • Text Output
  • Command Line Parameters
• Command Buttons
  • Treeview Buttons
    • Expand/Collapse Tree Panel
    • Reload Directory Info
    • Reload Entire Directory Tree
    • Search
  • Object List Buttons
    • Expand/Collapse Tree Panel
    • Expand/Collapse Attribute List
    • Reload Object List
    • Go Up one Level
    • Show Objects in all Subcontainers
    • Create New Object
    • Delete Object
    • Show Friendly Object Names
    • Show Distinguished Name in Novell Notation
    • Show Hex Output for Hex Values
    • Set Object Filter
  • Attribute List Buttons
    • Toggle Attribute List Position
    • Reload Attribute Info
    • Add New Attribute
    • Add Attribute Element to an Array
    • Remove Attribute
    • Show only Attributes that have Values
    • Show Multivalued Attributes
    • Set Attribute List Filter
  • Attribute Window Buttons
    • Reload Attribute Info
    • Compare this Object with another
    • Add New Attribute
    • Add Attribute Element to an Array
    • Remove Attribute
    • Show only Attributes that have Values
    • Show Friendly Object Names
    • Show Distinguished Name in Novell Notation
    • Show Hex Output for Hex Values
    • Show Multivalued Attributes
    • Set Attribute List Filter
    • Show Attribute Names and Values
• Menu Help
  • Connection Menu
    • Connect
    • Save
    • New LEX
    • Disconnect
    • Connection Info
    • Attributes
    • RootDSE
    • Exit
  • Edit Menu
    • Copy Attribute Name
    • Copy Attribute Value
    • Paste Attribute
    • Search
    • Undelete
    • Set Password
    • Permissions
    • New Object
    • Delete Object
    • Move Object
    • Rename Object
    • Add New Attribute
    • Add Array Member
    • Remoe Attribute
    • Set empty Value
    • Quick Edit Value
    • Edit Attribute Value
  • View Menu
    • Set Attribute as List Column
    • Column Field Chooser
      • Object type
      • Date modified
      • Modifiers name
      • Date created
      • Creators Name
      • More
      • Load Column Set
      • Save Column Set
    • Filter Display for this Attribute
    • Jump to Object
    • Toolbars
      • Address Bar
      • Button Bar
      • Status Bar
    • Directory Tree
    • Attribute List
    • List Output Settings
      • Show Objects in all Subcontainers
      • Show Friendly Object Names
      • Show DNs in Novell Notation
      • Show Hex Output for Attributes with Hex Values
    • Attribute Output Settings
      • Show Hex Output for Attributes with Hex Values
      • Show only Attribute that have Values
      • Show Multivalued Attributes
    • Refresh
    • Reload Entire Tree
  • Favorites Menu
    • Add to Favorites
    • Organize Favorites
    • Sort by Name
  • Tools Menu
    • Use in Filter Factory
    • Select for Compare
    • Compare with...
    • Directory Export - Object List
    • Directory Export - Attribute List
    • Directory Import - LDIF
    • Filter Factory
    • TreeMap Factory
    • Observation Factory
    • Pipe Factory
    • Additional Infos/Tools
      • Resolve SID Attributes to Objects
      • Converter for numeric values
      • Converter for hex values
      • Converter for GUID values
      • Converter for SID values
    • Options
  • Help Menu
    • Index
    • Search
    • Online Support
    • Check for Updates
    • Activate existing License
    • About
• Application Options
  • General Tab
  • LDAP Settings Tab
  • Object Filter Tab
  • Attribute Filter Tab
  • Container Classes Tab
  • Attribute Syntaxes Tab
  • Linked Attributes Tab
  • Dialog Settings Tab
  • Colors Tab
• Application Hotkeys
• Connecting to LDAP Servers
  • The LDAP Connections Dialog
    • Server Tab
    • Advanced Tab
    • Attribute Filter Tab
    • Column Tabs
  • Connection Profiles
  • LDAPS / LDAP over SSL
• Working with LDAP Objects
  • Creating Directory Objects
  • Renaming Directory Objects
  • Moving Directory Objects
  • Deleting Directory Objects
  • Editing Multiple Objects
  • LDAP Object Classes
  • LDAP Attributes
    • Attribute Syntaxes
    • Attribute Editors
      • String Editor
      • Integer Editor
      • Boolean Editor
      • DN Editor
      • Generalized Timestring Editor
      • Binary / Hex Editor
      • Password Editor
      • Bitmap Editor
      • GUID Editor
      • Microsoft Security Descriptor Editor
      • Microsoft Access Control Entry Editor
      • Microsoft SID Editor
      • Microsoft Large Integer Editor
      • Microsoft Interval Editor
      • Microsoft Timestamp Editor
      • Microsoft DN with Binary Editor
      • Microsoft DN with String Editor
      • Novell Object ACL Editor
      • Novell Path Editor
      • Novell EMail Address Editor
      • Novell Timestamp Editor
      • Novell Backlink Editor
      • Novell Typed Name Editor
      • Flag Attribute Editor
    • Operational Attributes
    • Binary Attributes
    • Displaying Multivalued Attributes
    • Displaying Hex/Octetstring Attributes
    • Displaying DN Attributes
    • Displaying Unused Attributes
  • Undeleting Active Directory Objects
    • AD Tombstone Reanimation
    • AD Recycle Bin
  • Copy and Paste of Attribute Values
• Working with LDAP Directories
  • ReadOnly Mode
  • Directory Tree Caching
  • Container Class Evaluation
• Building LDAP Filters
  • LDAP Filter Syntax
  • The Filter Factory
  • The Filter Constructor
  • The Single Filter Editor
  • Famous Filters
• Searching The Directory
  • Search Results
  • Searching the Global Catalog in AD Environments
• Comparing Objects
  • Compare Window Hotkeys
  • Compare Window Command Buttons
• Exporting Directory Data
  • Exporting Object List Data
  • Exporting Attribute List Data
• Importing Directory Data
• Licensing Contract for Users

Moving Directory Objects

LEX can move objects from one LDAP container to another. The destination container has to be in the same LDAP hierarchy which LEX is currently connected with. If you want to move an object, there are several different ways to do this:

• To move a new object, you first have to select it either in the treeview panel or the object list panel in the LEX main window. If you are in the object list, you also could select several objects and move them all together to another directory.
  
  
• You can use now the menu option Edit - Move Object to open the Choose Destination Container dialog.
  
  
• Or you just use the Move Container / Move Object option from the context menu (right mouse click in the treeview or object list).
  
  
• There may be situations where the options and buttons for moving objects may be disabled. This might be if the LEX ReadOnly Mode is active, or when the application focus lays on the attribute list.

This is the Choose Destination Container dialog. In this window you can decide where to move the regarding object(s):

---

Referential Integrity for renamed Objects

Moving objects relies on an basic LDAP protocol method which is called 'Modify DN', because the storage place in the directory is contained in the object's distinguished name. So if we want to move object from one container to another, we actually change the distinguished names of these objects.

There is a general problem when objects are to be moved: If the DN of an moved object was stored in an attribute of another directory object - what happens with this attribute after the move operation?

A common example for such references to other objects are group memberships attributes. But there are other attributes as well which holds references and should be considered when renaming objects. This is how the different directory services handles this issue:

	Active Directory: References to other objects will be adjusted automatically by the server when objects are renamed. This is true for all attributes with DN content. A special case: There could be references even to objects in other domains in universal groups. This is more complicated, because these are objects outside of the server's own directory domain database. In this scenario the domain controller with the FSMO role 'Infrastructure Master' performs the adjustment for such references.
	OpenLDAP: When objects are renamed, OpenLDAP can adjust the references in other attributes, but it needs a special plug-in (a so called overlay) for this: For this purpose you have to activate the overlay RefInt (Referential Integrity, slapo-refint) on the OpenLDAP server.
	Novell eDirectory: References to other objects will be adjusted automatically by the server when objects are renamed - this is true for all attributes with DN content.
	Sun iPlanet / Sun Java System Directory Server: When objects are renamed, a Sun Directory Server can adjust the references in other attributes, but it needs the activation of a special plug-in for this: Referential Integrity dsconf set-server-prop -h <server> -p <port>  ref-integrity-enabled:on After this configuration you have to restart the whole server daemon, furthermore you have to configure all the attributes which are to be monitored by the Referential Integrity plug-in: dsconf set-server-prop -h <server> -p <port>  ref-integrity-attr:member dsconf set-server-prop -h <server> -p <port>  ref-integrity-attr+:<attribute-name>
	Microsoft Exchange 5.5: An Exchange 5.5 cannot handle such references on name changes. Therefore object renaming is not allowed and all trials to rename an object will be suppressed and an error will be returned.

---

Moving Subtrees

Some directories don't allow moving or renaming objects which have child objects. This is also called 'Subtree Move/Rename'. Examples are older versions of Novell eDirectory, or OpenLDAP server where other backend database than hdb-db are used.

But LEX can handle this if you want: The container structure of the subtree which is to be moved is copied to the destination. After the same container structure exists at the destination, all the leaf objects which are stored in the source containers are moved - this move is real and preserves all the attributes:



This LEX technique is called 'Subtree Cloning'. Please note that the containers (and only those) will be NEW objects in this case! If you source container object have important attribute properties, they are lost, because the copy operation of the container structure just takes the object names of the containers and doesn't transfer any attribute!

So if you are connected to an LDAP server which does not allow subtree move/rename, and you want to perform such an operation, you have to decide whether LEX should do the subtree cloning for you. Normally this message appears now:



If you want LEX to do the cloning without warning, just go to the application options (menu Tools - Options - Dialogs) and deactivate the Ask for subtree cloning if the directory doesnt support container renaming or moving option -or just click on the Don't show this dialog again.