Step-by-Step Guide to Creating LDAP Directory Services Diagrams in Visio 2002

Article
02/20/2014

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Published: November 1, 2001

Visimation, Inc.
Microsoft Certified Partner

Applies to:
Microsoft Visio Professional 2002
Microsoft Visio Enterprise Network Tools 2002

Summary: Create diagrams of LDAP Directory structures for use in network planning and migration with Visio Professional and Visio Enterprise Network Tools.

For the latest information, please see https://www.microsoft.com/technet/prodtechnol/visio/default.mspx and https://www.microsoft.com/office/visio

Introduction

The directory services solution in Microsoft® Visio® Professional 2002 and Microsoft Visio Enterprise Network Tools enables network and system administrators to create, plan, and maintain their networks by providing a clear and detailed graphic representation of their Lightweight Directory Access Protocol (LDAP) Directory network structure.

Managing a computer network today is no small task. In addition to controlling access to printers and files over the network, most administrators must also manage security and access, optimize traffic flow across Local Area Networks (LANs) and Wide Area Networks (WANs), coordinate repair and maintenance of network equipment, and oversee data backup, storage, and recovery.

LDAP Directory Services applications, such as iPlanet's Directory Server, provide a central location for managing network assets, such as computers, users, groups, and so on. Those assets are organized into a hierarchical tree structure, which is typically viewed in a small editing window.

Although this view of the directory can be simple to use, it does not provide a clear high-level diagram of the directory structure and—most importantly—cannot be printed.

The Visio 2002 LDAP Directory Services solution provides administrators with clear, detailed representations of current and proposed directory structures, which can be viewed, printed, and presented to management for planning new networks, coordinating migrations, and for documenting existing networks. Figure 1 shows a typical directory service application interface.

Figure 1 A typical directory service application interface showing the hierarchy of directory objects

Ease of Use

The strength of Visio lies in its ease-of-use. You don't need to be a graphic artist or have years of experience with complex graphic software packages to create directory services diagrams in Visio. You simply drag and drop from a stencil of shapes onto the drawing page.

This paper is divided into three sections; the first section is a step-by-step guide to creating an LDAP Directory Services diagram using Visio drawing tools and SmartShape® symbols. This first section applies to both Microsoft Visio Professional 2002 and Microsoft Visio Enterprise Network Tools.

The second section demonstrates how to import existing directory structures from a server, while the third section demonstrates how to export Visio drawing data to an LDAP Data Interchange Format (LDIF) file for import back into an LDAP Directory Service Application.

Section I. Steps to Creating an LDAP Directory Services Diagram

There are several steps to creating a LDAP diagram:

Starting the proper template
Adding shapes
Laying out shapes
Entering property information
Printing the diagram

Starting the Proper Template

Visio uses a set of templates and stencils to comprise a solution. In this example, you will create an LDAP Directory solution using the LDAP Objects stencils and templates. In order to create an LDAP diagram, you must first start the LDAP solution.

If Visio is not running

Start Visio.
In Choose Drawing Type, under Category, click Network.
Under Template, click LDAP Directory.

If Visio is already running

On the File menu, point to New, point to Network, and click LDAP Directory.

This opens up the LDAP template with its drawing page and set of stencils. You will see the Connect to Directory dialog box shown in Figure 2. You must exit this dialog box before you can begin creating your diagram.

In this section, we will work offline so accept the default Work offline option and click OK.

Figure 2: The Connect To Directory dialog box
Your screen should now look like Figure 3.

Figure 3: The LDAP Directory Services diagram environment

On the left side are stencils that store the master shapes (reusable shapes), and on the right is the drawing page. The drawing window includes a small window called the Directory Navigator.

The Directory Navigator

The Directory Navigator schema lists the classes and properties you need to document and diagram a directory service. Classes and properties vary according to the directory service schema. The [Sub Tree] level of the Directory Navigator displays the structure of the directory in a tree view as you add objects, also called views, to the directory diagram.

When you start a directory service solution, the default schema for that service is loaded into the Directory Navigator. Each directory service has its own set of classes and properties, which make up the default schema. Valid schema classes and properties for one directory service are often not valid for another directory service.

In addition to these display features, the Directory Navigator also enables you to drag shapes directly from the Directory Navigator window onto the drawing page, and to add and edit classes and properties in the directory schema.

Directory Navigator Components

The Directory Navigator has two main components to it: the Sub Tree and the schema. The Sub Tree level displays any objects that are present in the directory, and shows their relationships by organizing them into collapsible or expandable branches. The schema level displays all of the classes and properties in the current directory's schema.

An expandable branch is an object that has children. Common to all directory services applications is a parent/child relationship among objects in the directory. When a shape is dropped on the drawing page, or when a class is dragged out from the schema, it becomes instantiated as an object at the [Sub Tree] level of the Directory Navigator. This is where the hierarchy of the directory is established.

Figure 4 shows the Directory Navigator window.

vsldap04

Figure 4: The Directory Navigator window

Adding Shapes to the Page

You add directory objects to the drawing page by dragging and dropping from the stencil onto the drawing page. In this exercise, you will create a diagram of the directory structure of a fictitious company called Championzone.

Add the objects. The first step is to add a Country shape to the page at the top of the directory tree as shown in Figure 5.
- To add the Country shape to the drawing, right-click [Sub Tree] in the Directory Navigator and click Add Entries.
  
  Figure 5: Using the Add Entries option to add the Country shape
- In the Add Entries dialog box, select the class of object to add to the directory from the Entry class list. Select the Country class from the list and proceed to Step 2.
Rename the Country shape as shown in Figure 6. Notice that when you select the Country class from the list, that item appears in the lower half of the Add Entries dialog box. You can now rename the Country shape by selecting the name and typing in a new name.
- Type "championzone.net" in the Entry name field and click OK.
  
  Figure 6: Adding an entry and changing its name
- At this point, the Country object does not appear on the drawing page, but does appear in the Directory Navigator.
- To place the object on the page, simply drag it from the Directory Navigator and drop it on the page.
Add Organization objects.

There is usually an Organization object below the Country object, and below that appears the Organizational Units and leaf objects like Users (which in most LDAP directories are known as "Persons").
The next step in creating the Championzone directory is to add the Organization object to the page.
- Right-click the Country shape on the page and choose Add Entries.
- In the Add Entries dialog box, select Organization from the Entry class list. Rename the Organization class "Championzone" by typing in the Entry name field. Click OK.
  
  Notice that the new Organization shape automatically becomes connected to the Country shape in a parent/child relationship. The hierarchy of the directory has begun to be established. Your drawing should now look like Figure 7.
  
  Figure 7: The drawing with the Country and Organization objects added
Add Organizational Units.

Organizational Units (OUs) are storage containers that help organize and store directory objects in a logical fashion. Organizational Units can represent geographical divisions of the network, such as cities and states, can represent departmental divisions, or can also help differentiate between different types of network objects.
For example, if Championzone had branch offices in Seattle, Miami, and New York, OUs could be created for these geographical divisions. Inside of those OUs, you can place additional OUs to separate out departments, such as Marketing, Sales, and Accounting. Further divisions could be created within the departmental OUs to separate out different objects such as Persons and Devices.
- To continue the example, add three OUs to the Organization object and name them "Seattle", "Miami", and "New York".
- Proceed as in the above steps, using Add Entries to add and rename the Organizational Unit objects.
- This time, in the Number of entries field, type "3". Notice that you can rename all three of the OUs directly in the Add Entries dialog box. Your drawing should now look like Figure 8.
  
  Figure 8: The drawing with three Organizational Units
Add leaf objects.

In typical directories, the leaf objects are at the bottom of the directory tree. In this example, the Users (or Persons) that are part of the Championzone directory will be the leaf objects.
In this step you add 10 Person objects to Seattle OU (see Figure 9).
- Right-click the Seattle OU and select Add Entries from the shortcut menu.
- In the Entry class list, select person, and type 10 in the Number of entries field. Click OK.
  
  Figure 9: Adding Person objects

Laying Out Shapes

At this point, your drawing will have expanded in such a way that the layout may appear cluttered. To fix this, it is necessary to change the layout of the child shapes in the drawing. Layout options are numerous and flexible, with the ability to apply different layout styles to different parent shapes.

Layout options are viewed by selecting a shape, opening the Directory Services menu, and choosing Lay Out Children. The Lay Out Children dialog box provides options for horizontal, vertical, or side-by-side layouts. All changes made in this dialog box apply to the children of the selected shape.

Figure 10 shows the choices in the Lay Out Children dialog box.

Figure 10: The Lay Out Children dialog box

Several other layout options can be found in the Directory Services menu. These include Move Shape Left/Up and Move Shape Right/Down.

Adding Shapes with the Directory Navigator

The Directory Navigator acts as a catalog of all directory objects in an LDAP diagram. Any objects on the drawing page appear in the Directory Navigator, as well as any objects that have been deleted from the drawing.

Deleting objects from the page does not delete them from the Directory Navigator. The reason for this is to give greater control over the display of objects on the page, while maintaining the structure. For example, if you only wanted to display a particular OU in a drawing, you could delete the other OUs, print the drawing, but still keep the original structure intact in the Directory Navigator. When you wish to display the deleted objects again, simply drag and drop from the Directory Navigator to the drawing page. Alternatively, you could right-click the parent shape and choose Show Children from the shortcut menu. This will display all of the children of the parent shape.

Note: When dragging an object from the Directory Navigator onto the drawing page, an error message appears if that object is already on the drawing page. The LDAP solution does not allow more than one object with the same name and the same parent to exist in the drawing. The error message informs you that the new shape will be deleted, and the existing shape selected instead.

Note: To delete an object from the Directory Navigator, and subsequently from the directory model, right-click the shape to be deleted in the Directory Navigator and choose Delete Entry from the shortcut menu. Deleting an object from the Directory Navigator also automatically deletes the object from the drawing page.

Entering Property Information

A benefit of having a network directory is the ability to define properties for each object in the directory. These properties are set for each object class, and are then applied to each individual object based on its object type.

Each directory object has a set of pre-defined properties, which can be viewed or modified by right-clicking the shape and selecting Edit Properties from the shortcut menu. The Edit Properties dialog box shown in Figure 11 provides an easy way to enter and store information with the shape. Simply click in the appropriate cells and type in the values.

Note: If you have multiple values for a property, be sure to separate them with a semicolon.

vsldap11

Figure 11: Entering properties for a shape

Default properties exist for the default types of objects in each directory's schema, and the International Standards Organization (ISO) has usually established these. However, an administrator can create custom properties and custom objects, which do not have to conform to any ISO standard.

Similarly, Visio allows you to create custom properties in addition to the default properties.

Adding New Properties

New properties are added to a schema using the Directory Navigator. The procedure involves expanding the Schema folder in the Directory Navigator so that the property and class folders are visible. Right-clicking the Properties folder in the Directory Navigator and choosing Add Property Class from the shortcut menu opens the Edit Property Definition dialog box as shown in Figure 12. You can define such values as syntax, property name, and maximum character length in this dialog box. Editing an existing property is done by right-clicking the property, choosing Edit Property Definition from the shortcut menu, and modifying the attributes.

Note: If you intend to export the schema to LDIF, it is best practice to make sure that a newly defined property is also created in the live directory tree.

Figure 12New properties can be created, and existing ones changed, using the Edit Property Definition dialog box

Section II. Importing from a Live Directory (Visio Enterprise Network Tools only)

The LDAP Directory Services solution in Microsoft Visio Enterprise Network Tools 2002 allows an administrator to import an existing LDAP directory structure and its schema into a Visio drawing, where the parent/child relationship of objects can be better displayed. The imported directory is an exact replica of the original directory, and contains all the objects and object attributes of the original.

Note: Microsoft Visio Enterprise Network Tools, an add-on to Microsoft Visio Professional 2002, provides advanced network diagramming solutions for IT professionals, and includes subscription-based access to the latest Visio network and directory services diagramming tools, an up-to-date library of exact-replica network equipment shapes, and additional network documentation resources via the Web. The solutions and shapes in Enterprise Network Tools enable IT professionals to document, design, and share detailed information about their network and directory services so that they can better plan, deploy, maintain, and upgrade their network infrastructures. For more information about Visio Enterprise Network Tools, please visit https://netc.members.microsoft.com/.

Having a replica to work with enables administrators to plan and make changes to the directory without affecting the existing structure. Network updates and migrations can be planned and displayed to management before the physical network is actually in place.

Importing from a live directory involves the following steps:

Connecting to a server
Specifying filter options and import depths

Connecting to a Server

To import from a live LDAP directory database, you must first connect to the server that stores the directory data. When you start the LDAP solution, the Connect To Directory dialog box, shown in Figure 13, is displayed. In order to connect to the LDAP server, the Import from a live directory option must be selected.

vsldap13

Figure 13: Connect to Directory dialog box

After selecting that option, the next step is to click the Browse button, which opens the Supply Credentials dialog box as shown in Figure 14. The server name, port number, user name, and password must be supplied to connect to the server and begin importing.

vsldap14

Figure 14: The Supply Credentials dialog box

After supplying the credentials, the Directory Browser dialog box is displayed. The Directory Browser enables you to choose which levels of the directory to import, which is especially useful when working with large directories. Figure 15 shows how to choose which objects to import in the Directory Browser.

Figure 15: Choosing which objects to import in the Directory Browser

Once the connection has been established and the objects have been selected in the Directory Browser dialog box, the next step is to filter the results. In the Connect To Directory dialog box are two types of filter options: Filter options (classes) and Import depth.

Import Depth

Import depth refers to the number of levels in the directory tree that the LDAP modeler searches down from the root level. You can specify the import depth by choosing the number of child levels to import in the Import depth section.

Filter Options (classes)

In the Filter options section, there are several choices for filtering classes. Choosing All classes imports every class in the directory, while choosing Common container classes imports a preset group of classes. If you are only interested in importing certain classes of objects, the Selected classes option is very useful. Clicking Select opens the Select Classes dialog box and enables you to choose exactly which classes to import.

Importing Properties

When directory objects are imported, any properties associated with them are also imported. For large networks, importing the properties of every object may lengthen the duration of the import process, and can also lead to large file sizes. It may also cause a considerable strain on computer resources. Safeguards have been added into the Directory Services Options dialog box that enable you to set the number of objects to import. When that number is reached during import, you are asked if you want to import an additional number of objects. You get this message until you either stop or all objects have been imported.

If either import times or file sizes are concerns, it is possible to import the properties later. Clearing the Import all properties now option avoids importing the properties for the objects. The properties may be imported at a later stage by right-clicking any object in the Directory Navigator sub-tree level and choosing Import from the shortcut menu.

If you decide to delay the import, the solution has a "properties on demand" feature. This means that when a property is edited, the solution connects to the network and imports the properties automatically, even if the properties were not imported in the beginning. Delaying the import can be very efficient if you anticipate editing only a select number of objects.

Post Import

After the importing has occurred, the drawing page is not populated with objects. The import process only populates the Directory Navigator, and does not place any objects on the page. To begin creating your drawing, drag the objects from the Directory Navigator onto the drawing page.

Section III. Exporting to LDIF (Visio Enterprise Network Tools only)

In addition to importing directory objects from a live directory, Visio enables you to export your drawing data to a LDAP Data Interchange File (LDIF). This file is an ASCII text file with syntax unique to directory service applications, which stores all of the Visio drawing's directory data including objects, properties, and classes. An administrator can take this LDIF file and import its data into LDAP for live testing.

Note: Rather than just inserting the directory data in a random location in the directory, you can change the Root Distinguished Name to specify the particular location to import the data into. In the Directory Services menu, Change Root DN lets you specify the exact location for the new objects to be placed in the live directory.

Once a drawing has been created and object properties have been added, the export process can begin. On the Directory Services menu, point to Export to LDIF, and click Export entries.

Note: Visio does not export directly into a live directory. Instead, it exports directory information into a file format (LDIF) that LDAP directory services can interpret. To import into an LDAP directory, the administrator must open the LDAP directory service application, select the LDIF file created by Visio, and specify import criteria.
Choosing Export entries opens up the Save As dialog box with LDIF selected as the default file type. You can name this file and a folder to store it in. Figure 16 shows how to save the exported data as an LDIF file.

Figure 16: Saving the exported data as an LDIF file
Opening this LDIF file with Notepad.exe displays the manner in which the directory data is exported. It is this information, in plain text, that LDAP Directory Services Application uses for importing. Figure 17 shows an example of directory information in the LDIF file.

Figure 17: The directory information in the LDIF file

About Visimation

Visimation is a Microsoft Certified Partner who specializes in Microsoft Visio consulting, custom development, training, and services.