Console2 v2.7

By: Aleksandar Mujadin

May 26, 2012 2:51 pm

Reads: 2346


Download console2_v2.7

This is a simple application that can replace some iManager/Designer/ConsoleOne/dxcmd functions.
The main goal is to collect all the functions that I use the most in one application.

New in v2.7

+ Starting/Stopping a driver will now popup a progress dialog.
It will also update the driver status icon after the operation completes.
The progress dialog is displayed for a maximum of 10 seconds while the driver
is starting/stopping. If the operation takes more than that you will get a message
telling you that the outcome of the operation could not be determined.
Closing the progress dialog (pressing Cancel), has no effect on the operation, it
will just close the dialog.

* Restart driver button displays a progress bar when click.

* Moved the “Show IDM Drivers” button.

* When clicking on the “Search” button the IDM drivers panel will be hidden.
Click on “Show IDM Drivers” to show the drivers panel again.

+ Added a “root DSE Viewer” under the Extra menu allowing you to view the root DSE entry
of an LDAP server. It will also display a description of some LDAP extensions and controls.

* Added search button to the base DN text field in Associations Manager
allowing you to search for a base DN.

* Added a “Base DN” text field next to the “Attribute” drop-down.

+ Added a Display LDAP filter button to Association Manager that will show you
the LDAP filter that will be used for the search. You can then try the LDAP
filter in an LDAP browser such as Apache Directory Studio.

+ Added a “Test result” button to Association Manager that displays all list
of all entries that will be affected. You can double click the entries in the list
to display a simple attribute viewer showing all attributes including operational attributes.
You can copy the DN by selecting an entry and right clicking or pressing
CTRL+C on the keyboard.

* Better information in the “Associations Manager” in case you enter an invalid LDAP filter.

- Fixed an issue that occurred when loading an encrypted profile. If you entered
the wrong decryption password you could not click “Load profile” again and enter
the correct password because you would not be prompted. You had to restart
the application. Now if you enter the wrong password and click “Load profile”
again, you will be prompted for the correct password.

+ Added support for anonymous binds, if you leave the User and Password fields
blank then an anonymous bind will be attempted.

+ Added new function: Export eDirectory CA public key in the Extra menu.
Allows you to export the eDirectory root CA public key to DER or Base 64 format.
Instead of using iManager or ConsoleOne. Useful when you need the certificate
for Remote Loader, for ICE or some other utility that wants to verify the server

* Changed some debug mode functionality. Increased the level of detail that is logged to file.

- Small bugfixes, text adjustments.

+ Support for connecting to Lotus Domino LDAP servers. Tested with v8.5.3.

+ Support for connecting to Microsoft ADLDS servers. Tested with 2008 R2.

* Updated Logback library to v1.0.3

* Updated UnboundID LDAP SDK library to v2.3.1

- Fixed a bug with the “Change Server” button when switching between different servers in the same
driverset. It wasn’t working since v2.5.

+ Added “Check for new version” under the Help menu, it takes you to the Cool Solutions page.

Use this software at your own risk.
No warranty is provided. If you don’t like it, don’t use it.

If you find it useful you may donate using the PayPal button in the application.


System Requirements:
Minimum screen resolution: 1280×768 – absolute minimum that is.
Oracle Java JRE 1.6.0_21 or higher
If you are going to save profiles I recommend the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 which can be downloaded
from here (near the bottom of the page):

Client tested on Windows XP SP3, Windows Vista x64 and Windows 7 x64.
It /should/ work on “any” platform with the correct JRE.

Serverside requirements:
eDirectory with LDAP(S)
Tested with:
IDM 3.6.1/4.0.0/4.0.1 on Linux
eDirectory 8.8.5/8.8.6 on Linux
It /should/ work with IDM 3.5.0 or higher but I haven’t tried (if using IDM functions).

Known Issues:
* The simple paged result control used for the “Association Manager” function doesn’t
seem to work on NetWare 6.5.SP8 with eDirectory 8.8.4.
Haven’t tested it with a newer version of eDirectory on NetWare.
Use asynchronous/synchronous mode instead.

* The main GUI isn’t threaded which means if you do something like click on “Show IDM Drivers” which performs a search like (objectClass=DirXML-Driver) it looks like the program has hanged while it’s actually working, waiting for a reply from the server. This can take a couple of minutes if the tree has alot of objects (tested with over 1 million objects it took about 2 minutes 30 seconds on an “old” PC (AMD Athlon 64) with a 5400 rpm disk where the Object Class attribute wasn’t indexed), but it will respond eventually.

* The IDM extended operations don’t work reliably on 64-bit eDirectory where the ndsd process has allocated a large amount of memory (tested with 2-4GB).
The operation fails with the following error in DSTrace:
10:34:37 40D0B940 LDAP: DoExtended on connection 0x6dd41a00
10:34:37 40D0B940 LDAP: DoExtended: Extension Request OID: 2.16.840.1.113719.
10:34:37 40D0B940 LDAP: malloc of 9 bytes failed
10:34:37 40D0B940 LDAP: Unable to alloc data memory in NLDAPSetResponseBer
10:34:37 40D0B940 LDAP: Sending operation result 0:”":”" to connection 0x6dd41a00


* Profiles for multiple eDirectory trees which you can save/load
- The logon password can be encrypted before the profile is saved
# Since v1.1 Console2 supports connections to Active Directory as well.
* Profiles can be moved between computers using the Export/Import function
* Saved profiles can be deleted
* IDM functions
- List IDM drivers
- Show/change driver status on different servers (Use the Change Server button to connect to another IDM server and use the Initial server button to return to the original server you connected to)
# Show if a driver is started/stopped/disabled etc.
# You may start/stop drivers
# Show startup settings, autostart, manual, disabled
# You may change the startup settings
# Restart driver button (v2.0)
- Show/change driver trace level
- Show/change driver trace file size (v1.5)
- Show/change driver trace path (v1.5)
- Get driver statistics (v1.0)
# Cache size
# Number of events in the cache
# Better interface coming in next version – only displays the XML at the time
- Show if the driver object password, remote loader password and application password is set
# Clear/set the application password
# Clear/set the remote loader password
# Set the driver object password
- “Association Manager” feature (v2.5)
-> Initiate a “migrate from identity vault” feature
# Select the appropriate radio button
# Enter a valid LDAP filter and select the driver on which you want to initiate the migrate on
# You may also enter a base DN if you want
# You can choose to resync only associated objects, only unassociated objects or both (standard) (v0.92)
# You can choose to delete the association value when resyncing (v0.92)
# You can choose the mode of operation, Simple Paged Results or Asynchronous search (v1.0)
# You can set the page size for simple paged mode (v1.5)
# You can use the synchronous method (v1.5)
# You can pause the resync process for X seconds every Y entries (v1.9)
# Statistics on how many entries were resynced and the time it took (v1.9)
-> Delete associations (v2.5) – use at your own risk
# Select the appropriate radio button
# Select a driver, enter a valid LDAP filter and choose the association state to search for
# Associations on objects found by the filter will be deleted
# Synchronous search mode is used automatically
-> Export associations (v2.5) – use at your own risk
# Select the appropriate radio button
# Select a driver, enter a valid LDAP filter and choose the association state to search for
# Associations on objects found by the filter will be exported to a textfile together with the object DN in the following format:
cn=object,o=acme cn=driver,cn=driverdn,o=acme#1#{123-ABC}
Notice that the object DN and and the association are separated by a tab (\t)
# Synchronous search mode is used automatically
-> Import associations (v2.5) – use at your own risk
# Select the appropriate radio button
# Click the button and choose the file to import
# The textfile must be formatted like this:
cn=object,o=acme cn=driver,cn=driverdn,o=acme#1#{123-ABC}
Notice that the object DN and and the association are separated by a tab (\t)
You can only have ONE object per row
# The function will NOT overwrite existing associations, if the association already exists the operation will fail
# If you already have an association for the same driver on a object you will get double associations unless you delete those associations before importing
-> Test results button (v2.7)
# Displays the objects that will be affected when you perform a migrate/delete/export
-> Display generated LDAP filter button (v2.7)
-> Search for base DN (v2.7)
- Manage Named Passwords (v1.5)
# Currently in “beta” mode
- Manage IDM jobs (v1.5)
# Currently in “beta” mode
# Set job trace level (v2.0)
# Set job trace file path (v2.0)
# Set job trace file size (v2.0)
- Send XDS documents to IDM (v2.0)
# Replicates the following dxcmd functionality:
* Submit XDS command document to driver
* Submit XDS event document to driver
* Queue event for driver
# Type in the XDS XML directly or read from a valid XML file
# For each XDS operation in a file (add, modify, delete etc.) the program sends a separate XDS document to IDM
* Universal Password funtions
- Using the search box on the main screen you can search for users and retrieve Universal Password information
# You can see the Effective password policy for the user
# You can see if Universal Password is enabled for the user
# You can see if the Universal Password is set
# You can see if the Universal Password history is full
# You can see if the NDS password matches the Universal Password
# You can see if the Simple Password matches the Universal Password
# You can see if the Universal Password is older than the NDS password
# You can see if the Simple Password is set
# You can see if the Simple Password is in cleartext
# You can see if the NDS password matches the Simple Password
# You can see if the Universal Password confirms with the password policy
# You can assign password policys to objects (v1.5)
# You can delete the Universal Password or Simple Password from objects (v1.5)
# You can set the Simple Password on objects (depending on password policy) (v1.5)
# You can read the Simple Password from objects (v1.5)
* Login settings functions
- After clicking on a user in the search results box you can use the tabs to change login settings, click Save to apply the new settings
# View/change Login Disabled
# View/change Login Activation Time
# View/change Login Expiration Time
# View/change Grace Login settings
# View loginTime and lastLoginTime
# View/change Password Expiration Time
# View/change various Password settings
# View/change Locked By Intruder
# View Intruder attempts/address/intruder reset time (Only the IP-address is handled correctly)
# View the pwdChangedTime and pwdFailureTime attributes (v1.1)
* Test username/password on multiple trees at once (v0.92)
- Multiple Tree Logon Check, try to logon to up to 5 trees at once to verify that the password is correctly synced
# Since v1.1 you can connect to Active Directory as well.
- Select if want to use SSL or not (per connection) (v1.1)
- Select if the system is eDirectory or Active Directory (v1.1)
- Enter another attribute name to use for each connection besides the default
one in the combobox. If the field is left empty it will use the default. (v1.1)
* Active Directory support (v1.1)
- Display the following timestamp values in readable format:
# lastLogonTimestamp
# lastLogon
# pwdLastSet
# lockoutTime
# badPasswordTime
# accountExpires
- After searching for a user and clicking on the search result you can use
the AD tab to see/change the following:
# Enable/disable the account.
# Unlock the account if it’s locked out.
# Set/unset “Password not required”
# Set/unset “Password never expires”
# See if the password has expired.
# Set/unset that the user must change password on next login.
* Attribute viewer (v1.1)
- By doubleclicking on a search result or pressing enter on the keyboard you
can bring up a simple attribute viewer that display all attributes including
operational attributes.
* Delete objects (v2.5)
- Select an object in the search view and click “Extra” in the menu and then
“Delete selected item”.

* Reciprocal attributes updater (v2.5)
- Click “Extra” in the menu and the “Reciprocal”
This is standard in all normal eDirectory tools such as iManager, ConsoleOne
If you add a user to a group those tools update the Group Membership attribute
on the user and the Member attribute on the group. This tool allows you to perform
the same operation but it can update any attribute you specify.

* Lotus Domino support (v2.7)
- Since v2.7 you can connect to an Lotus Domino LDAP server. Tested with v8.5.3.
- You can change users HTTPPassword
- Doubleclick on the user in the search results window to display the attribute
- Some password related attributes are displayed in the “Domino” tab.

* ADLDS support (v2.7)
- Tested with Microsoft ADLDS on Windows 2008 R2.
- Usually requires a base DN to be entered when searching.

* Root DSE viewer (v2.7)
- Click on Extra -> root DSE viewer
- Displays the root DSE of the server you are connected to.

* Export eDirectory CA public key (v2.7)
- Click on extra -> Export eDirectory CA public key
Allows you to export the eDirectory root CA public key to DER or Base 64 format.
Instead of using iManager or ConsoleOne. Useful when you need the certificate
for Remote Loader, for ICE or some other utility that wants to verify the server

* Check for new version (v2.7)
- In the “Help” menu. Takes you to the Cool Solutions page for C2.

Console2 use Java libraries from:
* Novell
- DirXML
* UnboundID LDAP SDK
* Jasypt
* Apache
* Logback

Thanks to: Novell, UnboundID, Jasypt, Apache, SLF4J, Logback!
Changelog format inspired by Novell PWM:

Uses icons from and
All free icons listed on this page are licensed under a Creative Commons Attribution-Share Alike 3.0 License. This means that you can freely use these icons for any personal and commercial purposes (software interfaces, online services, blogs, templates etc.). However, you should include a link to in your credits.

License: Donationware
You may not sell this software.



<em><span style=”font-size: small;”><span style=”font-family: Calibri;”>NetIQ does not test or validate any software, code or other materials provided in, on or through NetIQ Cool Solutions (collectively, “Materials”), so please use caution when downloading or accessing any Materials from Cool Solutions and ensure that you have reasonable and current security, spyware and anti-virus measures in place on your computer and/or network prior to downloading. Additionally, do not use any Materials downloaded from Cool Solutions in any production environment without first testing the Materials to ensure they are compatible with your version of NetIQ software or any other hardware or software present in your network or environment. Cool Solutions is not a substitute for authorized NetIQ support and should not be used as such. NETIQ COOL SOLUTIONS AND ANY MATERIALS ARE PROVIDED ON AN AS-IS, AS-AVAILABLE BASIS WITHOUT ANY WARRANTY OF ANY KIND. By downloading this file, you are agreeing to these terms of use. To report a problem please contact: <a href=””></a>. Your use of Cool Solutions is governed by the Cool Solutions Terms and Conditions. <a href=””><em></em>/coolsolutions/terms-and-conditions/</a></span></span></em>

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)
Console2 v2.7, 5.0 out of 5 based on 2 ratings

Categories: ConsoleOne, Cool Tools, eDirectory, Identity Manager, IDM Designer, iManager

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.


  1. By:geoffc


    Nice work! Very nice tool. Somewhat of an odd set of functionality, but as you said, it is what YOU need to do your job.

    Very useful! Thanks for distributing it!

  2. By:geoffc

    I keep bugging Jim Willeke to add more stuff to his tool, but he is being something more of a purist than you, and saying that is an ‘odd’ mix and does not believe they belong together. I say potato/tomato, one is a fruit! I like your approach, and might comment on some of the UI choices, but it does what it says it does, which is nice!

  3. By:marcus_jonsson

    Daddy’s got a new favorite tool!

    Nice work, love it! :)

    Thanks Alekz.

  4. By:jtl

    Keep up the good work :)

  5. By:herman

    This tool is only working on high resolution screens,.
    My screen have a resolution of 1366×768 and i don’t see everything. There is no scroll bar.

  6. By:woutervantil


    Could you post a screenshot from the tool?
    I am curious how it looks.


  7. By:alekz

    Thanks for the report. I’ll try to get it fixed in the next version!