Easy way to test an LDAP User's Credentials

DirectoryLdapOpendsOpendj

Directory Problem Overview

Is there an easy way to test the credentials of a user against an LDAP instance? I know how to write a Java program that would take the 'User DN' and password, and check it against the LDAP instance. However is there any easier way? Specially a method that not only authenticates the user, but also lists all the user's roles.

Directory Solutions

Solution 1 - Directory

ldapwhoami -vvv -h <hostname> -p <port> -D <binddn> -x -w <passwd>, where binddn is the DN of the person whose credentials you are authenticating.

On success (i.e., valid credentials), you get Result: Success (0). On failure, you get ldap_bind: Invalid credentials (49).

Solution 2 - Directory

Use ldapsearch to authenticate. The opends version might be used as follows:

ldapsearch --hostname hostname --port port \
    --bindDN userdn --bindPassword password \
    --baseDN '' --searchScope base 'objectClass=*' 1.1

Solution 3 - Directory

You should check out Softerra's LDAP Browser (the free version of LDAP Administrator), which can be downloaded here :

<http://www.ldapbrowser.com/download.htm>

I've used this application extensively for all my Active Directory, OpenLDAP, and Novell eDirectory development, and it has been absolutely invaluable.

If you just want to check and see if a username\password combination works, all you need to do is create a "Profile" for the LDAP server, and then enter the credentials during Step 3 of the creation process :

enter image description here

By clicking "Finish", you'll effectively issue a bind to the server using the credentials, auth mechanism, and password you've specified. You'll be prompted if the bind does not work.

Solution 4 - Directory

Note, if you don't know your full bind DN, you can also just use your normal username or email with -U

ldapsearch -v -h contoso.com -U turiya.gouw@contoso.com -w 'MY_PASSWORD' -b 'DC=contoso,DC=com' '(objectClass=computer)'

Solution 5 - Directory

Authentication is done via a simple ldap_bind command that takes the users DN and the password. The user is authenticated when the bind is successfull. Usually you would get the users DN via an ldap_search based on the users uid or email-address.

Getting the users roles is something different as it is an ldap_search and depends on where and how the roles are stored in the ldap. But you might be able to retrieve the roles during the lap_search used to find the users DN.

Categories
Recommended Directory Solutions
Recommended Ldap Solutions

Previous Solution:

ScrollViewer mouse wheel not scrolling

C#WpfXamlScrollviewerMousewheel

Next Solution:

What is method hiding in Java? Even the JavaDoc explanation is confusing

JavaOopMethod Hiding

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
Questionuser1888243View Question on Stackoverflow
Solution 1 - DirectoryYuvikaView Answer on Stackoverflow
Solution 2 - DirectoryTerry GardnerView Answer on Stackoverflow
Solution 3 - DirectoryX3074861XView Answer on Stackoverflow
Solution 4 - DirectoryturiyagView Answer on Stackoverflow
Solution 5 - DirectoryheiglandreasView Answer on Stackoverflow