Test LDAP service

One of the first integration tasks undertaken on a new repository installation is to plug it in to the local authentication system. More often than not this is LDAP. It allows users to use their usual local username and password in the repository rather than having to remember another password. LDAP services can be provided by a Microsoft Active Directory (run by most institutions who have Microsoft desktop systems) or dedicated LDAP (e.g. OpenLDAP) service.

One thing I’ve noticed with the DSpace testathons is that often LDAP does not get tested because many of the developers do not have access to an LDAP system – for example in DSpace 1.5 LDAP authentication does not work with Manakin or SWORD. (I have fixed both in the upcoming 1.5.1 though ๐Ÿ™‚ ). With this in mind, and because I have to teach a DSpace technical course in 4 days time where we’ll be covering LDAP configuration, I’ve created an open LDAP server which can be used for testing and training.

Details:

  • ldap.provider_url = ldap://ldap.testathon.net:389/
  • ldap.id_field = cn
  • ldap.object_context = OU=users,DC=testathon,DC=net
  • ldap.search_context = OU=users,DC=testathon,DC=net
  • ldap.email_field = mail
  • ldap.surname_field = sn
  • ldap.givenname_field = givenName
  • ldap.phone_field = telephoneNumber

Users and their passwords are:

  • stuart / stuart
  • john / john
  • carol / carol

Each user has a full name (Stuart Lewis / John Smith / Carol Jones), a telephone number and email address so should be fully functional.

If you make use of this server, please drop me a line or leave a comment so I know. Otherwise it might get turned off…!mobi game

204 thoughts on “Test LDAP service

  1. pipepiper

    Worked for me.

    Was starting off with Drupal LDAP and didn’t have a place to start. This really helped me to get started.

    Thanks for setting this up.

  2. Kaspar

    Thank you for this tool!
    We are using it for test authentication in PHP just as Joe described.

  3. Kev

    i’m using c# I just want to test if I got some list of users in this LDAP

    DirectoryEntry deDoc = new DirectoryEntry(“LDAP://ldap.testathon.net:389”);
    DirectorySearcher dsDoc = new DirectorySearcher(deDoc);
    dsDoc.Filter = “(&(objectClass=user))”;
    dsDoc.SearchScope = SearchScope.Subtree;

    MessageBox.Show(dsDoc.FindAll().Count.ToString());

  4. Justo

    This worked to me, Thanks to everyone!!!

    DirectoryEntry ldapConnection = new DirectoryEntry(โ€œLDAP://ldap.testathon.net:389/ou=Users,dc=testathon,dc=netโ€, โ€œCN=stuart,OU=Users,DC=testathon,DC=netโ€, โ€œstuartโ€, AuthenticationTypes.None);

  5. Lzy

    DirectoryEntry deDoc = new DirectoryEntry(“LDAP://ldap.testathon.net:389/ou=Users,dc=testathon,dc=net”, “CN=stuart,OU=Users,DC=testathon,DC=net”, “stuart”, AuthenticationTypes.None);

    DirectorySearcher dsDoc = new DirectorySearcher(deDoc);
    dsDoc.Filter = “(&(objectClass=person))”;
    dsDoc.SearchScope = SearchScope.Subtree;

    MessageBox.Show(dsDoc.FindAll().Count.ToString());

    I use C# and it works.
    I just want to ask why the username should have to be “CN=stuart,OU=Users,DC=testathon,DC=net” ?????

  6. BrainCrumbz

    Hello everyone. First of all, thanks Mr Lewis for this service your giving us.
    We’re playing around with LDAP, and we are trying to connect to this server with this Windows client: LDAP Admin, http://www.ldapadmin.org/
    Does anyone know how to obtain the user listing with this tool?
    We can successfully connect as anonymous, but then we haven’t enough grants to list users. And we were not able to connect as some known user. TA

  7. BrainCrumbz

    Great, nevermind! We were able to make it, thanks to Stuart coment related to JXplorer (http://blog.stuartlewis.com/2008/07/07/test-ldap-service/comment-page-2/#comment-5763). Don’t know for JXplorer – it didn’t work for us – but here are the settings for a new connection in LDAP Admin:

    Connection name: whatever
    Host: ldap.testathon.net
    Port: 389
    Version: 3
    Base: ou=Users,dc=testathon,dc=net
    Simple authentication option: selected
    Anonymous connection: unchecked
    Username: cn=stuart,ou=Users,dc=testathon,dc=net
    Password: stuart

    Press “Test connection”, and there you go!

  8. sathish

    Am unable to connect with the credentials given. It says invalid. Can I have the test username and password

  9. pbull

    Thank you, this was very helpful for testing a patch to the Drupal LDAP authentication module without needing to set up a local LDAP server.

  10. Mark Roland

    Thank you for this! I’ve put off LDAP integration for years because I didn’t have a good place to start. This was just what I needed.

    Thanks to Joe (#comment-6130) for his PHP example

  11. Dave

    This is great. I’m getting “invalid credentials” with both stuart/stuart and john/john, though. Just want to make sure it is still active?

  12. Stuart Post author

    Are you using the fully qualified CN for the username? CN=stuart,OU=users,DC=testathon,DC=net (rather than just ‘stuart’ or ‘john’?)

  13. Dave

    Thanks very much. I was using “uid=” rather than “cn=”. Looks like I need to do some reading up on LDAP. Having this server available is very helpful, and greatly appreciated.

  14. Lalit

    Thank you so much Stuart
    This was really very helpful for testing LDAP authentication feature on my site.

  15. Francisco Gonzalez

    Works like a charm, thank you very much, using it with PHP ldap libraries.

  16. rodney757

    Thank you for providing this. It helps me immensely to not have to set up a local ldap server for developing an ldap authentication plugin. Thank you.

  17. Kevin

    Thanks for this service! Getting into Django development and was looking for something like this to test with for a single sign-on type app.

  18. Dean

    I set up SQUID to use this LDAP server. The SQUID setup line is
    auth_param basic program c:/squid/libexec/squid_ldap_auth.exe -v 3 -b DC=testathon,DC=net OU=users,DC=testathon,DC=net -f OU=%s -w john -p 389 -h ldap://ldap.testathon.net/

    followed by lines
    auth_param basic children 5 startup=5 idle=1
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    acl ldapauth proxy_auth REQUIRED
    http_access allow ldapauth
    http_access deny all

    I restarted SQUID.

    I then tried my web proxy using CURL like this
    curl –proxy 192.168.2.200:3128 -U john:john -S -v –proxy-anyauth http://www.google.co.uk

    And if failed …. never completed with continuous errors of:
    * Connected to 192.168.2.200 (192.168.2.200) port 3128 (#0)
    > GET http://www.google.co.uk HTTP/1.0
    < X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
    Proxy-Authorization: Basic am9objpqb2hu
    > User-Agent: curl/7.27.0
    > Host: http://www.google.co.uk
    > Accept: */*
    > Proxy-Connection: Keep-Alive
    >
    * additional stuff not fine transfer.c:1037: 0 0
    * additional stuff not fine transfer.c:1037: 0 0

  19. Stuart Post author

    Should -b DC=testathon,DC=net OU=users,DC=testathon,DC=net perhaps just be OU=users,DC=testathon,DC=net ?

  20. test

    can anyone help me for ldap settings in drupal 7 i m getting an error called cant bind to server .
    i am not able to figure it out i tried using code by joe that too giving me same error.

  21. arif

    Hello stuart, i hope u dont shutdown this server, because u save my life LOL(save from a lot of trouble from user and my boss)

  22. Sandeep

    Thank you so much for putting this up online! it has been very helpful ๐Ÿ™‚

    Cheers!
    Sandeep

  23. Enrico

    Awesome Stuart ๐Ÿ˜‰ i use it for testing my c# LDAPlibrary ๐Ÿ˜‰
    Now i try to discover how to create an User and an OrganizationUnit. ๐Ÿ™‚

    Thank so much ๐Ÿ˜€
    Benkio

  24. Marco

    Thanks for this! I’m playing around with perl + ldap and having a test box out there is just awesome

  25. kalaimani

    good one…. Its worked in .net with c#.
    How can we connect this LDAP (ldap://ldap.testathon.net:389/) in Sharepoint 2010?

  26. Alan Hatter

    Thank you for this! I’ve been looking for a way to build a functional example for my open source project but none of the public servers out there really work for my needs.

  27. Alagar Pandi P

    Hi,
    Thanks for this service. I am having following param needs to be configured in my authentication service. Could you kindly correct me whether the given below is correct?

    URL: ldap://ldap.testathon.net:389
    Bind Distinguished Name : CN=stuart,ou=Users,dc=testathon,dc=net
    Directory Context :ou=Users, dc=testathon,dc=net
    Bind Pwd: stuart
    Search Filter : (cn=%V))

    I am getting 49: Invalid credetial.

    Thanks in advance,
    Alagar.

  28. Larry

    Here is the Apache Shiro config that works for me:

    shiro.ini

    [urls]
    /**=authcBasic
    [main]
    ldapRealm=org.apache.shiro.realm.ldap.JndiLdapRealm
    ldapRealm.contextFactory.authenticationMechanism=simple
    ldapRealm.contextFactory.url=ldap://ldap.testathon.net:389/
    ldapRealm.userDnTemplate=cn={0},ou=Users,dc=testathon,dc=net

    Thanks for this resource, Stuart!

  29. Shyam Narasimhan

    Mr.Stuart,

    Thank you very much for hosting this LDAP server. I was struggling to find a server to test my client. On a hunch, I searched for a test LDAP server on the net and found yours. I will continue to use your server for a few weeks. Thanks so much again.

    -Shyam

Leave a Reply

Your email address will not be published. Required fields are marked *