How to test LDAP authentication

  • 7002339
  • 09-Jan-2009
  • 29-Jan-2015

Environment

Novell eDirectory

Situation

How to test LDAP authentication
How to tell if LDAP is working properly
Testing ldap authentication
Unable to connect to LDAP over port 636
Unable to connect to LDAP over port 389

Resolution

Download "LDAP Browser/Editor version 2.8.2" here.   
Note: LDAP Browser/Editor requires Java 1.2.2 (or greater).

To Run the LDAP Browser/Editor
1.  Download and unpack the archive (it extracts into 'ldapbrowser' directory)
2.  On a Windows machine, execute "lbe.jar" or  "lbe.bat"
3.  On a UNIX machine, execute "lbe.sh"

Note: If needed, modify lbe.bat (for Win9x/NT) or lbe.sh (for UNIX) with your Java settings.

Additional Information

For Clients that require a certificate be provided, export either from the Servers KMO or the CA.
1. Export the Trusted Root certificate from ConsoleOne or iManager.
    a. Open the "LDAP Server" object and choose the "SSL Configuration" tab.
    b. Note the object listed in the SSL Certificate dialog box and open that object.
    c. Choose "Trusted Root Certificate" in the "Certificates" tab.
    d. Do not export the private key.
    e. Export the file in DER format; name it c:\RootCert.der.

Or

1a. Export the Self Signed Certificate from ConsoleOne or iManager.
    a. Open CA object in O=Security
    b. Select Certificates -> Self Signed Certificate
    c. Do not export the private key.
    d. Export the file in DER format; name it c:\RootCert.der


There are 4 type of LDAP binds, use the information below to test the 4 cases.

Non-Secure (389) Anonymous

1.  Select "New" then name the Session - Example: <server_name> 389 anonymous
2.  On the Connection Tab insert the following information:
          Host: Insert the IP address of the LDAP server Example: 192.168.70.12
          Port: 389
          Base DN: Insert name of your Organization Example: o=novell
          Verify Anonymous bind is checked

Non-Secure (389) Authenticated
1.  Select "New" then name the Session - Example: <server_name> 389 authenticated
2.  On the Connection Tab insert the following information:
          Host: Insert the IP address of the LDAP server Example: 192.168.70.12
          Port: 389
          Base DN: Insert name of your Organization Example: o=novell
          Uncheck Anonymous bind
          User DN: Insert a user to authenticate as.  Example: cn=admin,o=novell (Note: LDAP uses commas to separate username and context)
          Password: the user's password


Secure (636) Anonymous

1.  Select "New" then name the Session - Example: <server_name> 636 anonymous
2.  On the Connection Tab insert the following information:
          Host: Insert the IP address of the LDAP server Example: 192.168.70.12
          Port: 636
          Base DN: Insert name of your Organization Example: o=novell
          Check "SSL"
          Verify "Anonymous bind" is checked


Secure (636) Authenticated

1.  Select "New" then name the Session - Example: <server_name> 636 authenticated
2.  On the Connection Tab insert the following information:
          Host: Insert the IP address of the LDAP server Example: 192.168.70.12
          Port: 636
          Base DN: Insert name of your Organization Example: o=novell
          Check "SSL"
          Verify "Anonymous bind" is unchecked         
          User DN: Insert a user to authenticate as.  Example: cn=admin,o=novell (Note: LDAP uses commas to separate username and context)
          Password: the user's password


ldapsearch is also a good tool to test ldap connections.
Key switches are -x for simple bind 
-H ldaps:// for the host, connecting securely.
-D is dn for the bind user
-W will prompt for bind users password
-b is the base to start the search
-s is the scope

/usr/bin/ldapsearch -x -H ldaps://192.168.70.12:636 -D cn=admin,o=novell -W -b "o=novell" -s base

Formerly known as TID# 10075010