Easy way to test an LDAP User s Credentials

Question

Is there an easy way to test the credentials of a user against an LDAP instance   I know how to write a Java program that would take the  User DN  and password  and check it against the LDAP instance   However is there any easier way   Specially a method that not only authenticates the user  but also lists all the user s roles

User · Answer

You should check out Softerra s LDAP Browser  the free version of LDAP Administrator   which can be downloaded here    http   www ldapbrowser com download htm  I ve used this application extensively for all my Active Directory  OpenLDAP  and Novell eDirectory development  and it has been absolutely invaluable   If you just want to check and see if a username password combination works  all you need to do is create a  Profile  for the LDAP server  and then enter the credentials during Step 3 of the creation process      By clicking  Finish   you ll effectively issue a bind to the server using the credentials  auth mechanism  and password you ve specified  You ll be prompted if the bind does not work

User · Answer

Use ldapsearch to authenticate  The opends version might be used as follows   ldapsearch --hostname hostname --port port       --bindDN userdn --bindPassword password       --baseDN    --searchScope base  objectClass    1 1

User · Answer

Authentication is done via a simple ldap bind command that takes the users DN and the password  The user is authenticated when the bind is successfull  Usually you would get the users DN via an ldap search based on the users uid or email-address    Getting the users roles is something different as it is an ldap search and depends on where and how the roles are stored in the ldap  But you might be able to retrieve the roles during the lap search used to find the users DN

User · Answer

ldapwhoami -vvv -h  lt hostname gt  -p  lt port gt  -D  lt binddn gt  -x -w  lt passwd gt   where binddn is the DN of the person whose credentials you are authenticating   On success  i e   valid credentials   you get Result  Success  0   On failure  you get ldap bind  Invalid credentials  49

User · Answer

Note  if you don t know your full bind DN  you can also just use your normal username or email with -U  ldapsearch -v -h contoso com -U turiya gouw contoso com -w  MY PASSWORD  -b  DC contoso DC com    objectClass computer

[directory] Easy way to test an LDAP User's Credentials

Examples related to directory

Examples related to ldap

Examples related to opends

Examples related to opendj