Blog

Online LDAP Test Server

By | Date posted: February 22, 2014
Identity-100

Here are the credentials for an Online LDAP Test Server that you can use for testing your applications that require LDAP-based authentication.  Our goal is to eliminate the need for you to download, install and configure an LDAP sever for testing. If all you need is to test connectivity and authentication against a few identities, you have come to the right place.  If you find this useful or would like us to enhance/modify this test LDAP server, please leave a comment.

LDAP Server Information (read-only access):

Server: ldap.forumsys.com  
Port: 389

Bind DN: cn=read-only-admin,dc=example,dc=com
Bind Password: password

All user passwords are password.

You may also bind to individual Users (uid) or the two Groups (ou) that include:

ou=mathematicians,dc=example,dc=com

  • riemann
  • gauss
  • euler
  • euclid

ou=scientists,dc=example,dc=com

  • einstein
  • newton
  • galieleo
  • tesla

LDAP-Users

The list of users and groups available are displayed above.  For searching, editing and maintaining your own LDAP server, or for connecting to this Online Test LDAP instance, we recommend Apache Directory Studio.

Related content:

226 Comments to "Online LDAP Test Server"

  1. Reply
    Anonymous
    March 17, 2014 at 7:02 pm

    This is great, thanks!

    • Reply
      lyndaeldo
      September 21, 2015 at 4:09 am

      Hope this will help you….Asp.Net Connectionstring

      Lynda

    • Reply
      Truby Voglund
      October 7, 2015 at 12:07 am

      I am trying to use this with meteor and I get the message User: gauss not found. Are the users above still supported?

    • Reply
      sasi
      November 11, 2015 at 12:44 pm

      What is the password i need to use to configure in my local

  2. Reply
    Sandeep
    March 20, 2014 at 7:40 am

    I want “ou” of the user logged in, inside my spring code. i.e I want to know if a mathematician has logged in or a scientist. What should I do?

    • Reply
      James Wood
      March 20, 2014 at 6:04 pm

      Sandeep,

      In this particular LDAP setup, the OUs are of type groupOfUniqueNames. Because of this, membership in the group is determined by the uniqueMember attributes that are present with each OU. To determine a user’s OU membership, you would have to scan each of the OUs and find a uniqueMember attribute containing the DN of the user you are looking for.

      If you wish to look at this for yourself, please use Apache Directory Studio and the information provided above to review the setup.

  3. Reply
    Mouloud AIT-KACI
    April 15, 2014 at 11:18 pm

    Is the server down ? it does not seem to be pingable. When I try LDAP connecting to it, the tentative times out.

    • Reply
      Tech Support
      April 16, 2014 at 1:39 pm

      Mouloud: The sever is up. It was not ping-able in the past, but now you should be able to ping ldap.forumsys.com to check your connectivity. Let us know if you have any further issues.

      • Reply
        Mouloud AIT-KACI
        April 16, 2014 at 2:39 pm

        Many thanks for the quick reply. I’ve checked with Apache Directory Studio in order to debug my program. Turns out I made a typo in the dn. Everything is fine with the server. Again thank you for providing this test server, it saves a lot of trouble. Cheers !

      • Reply
        Anonymous
        May 28, 2014 at 10:25 pm

        hi just now i ping to ldap.forumsys.com, but it said request time out…is the server up?

        • Reply
          Mouloud AIT-KACI
          May 29, 2014 at 3:13 pm

          Yes it is responding. You may have problems resolving the domain name.

          • ashish
            July 9, 2015 at 1:25 am

            I can resolve the ip address but not pingable

  4. Reply
    Pradeep
    May 5, 2014 at 1:45 am

    I am using unboundid API, i got error “LDAPException(resultCode=49 (invalid credentials), errorMessage=’invalid credentials’)” . i tried HOSTNAME = “ldap.forumsys.com”, dn = “uid=riemann,ou=mathematicians,dc=example,dc=com” , and password=password.

    • Reply
      James Wood
      May 9, 2014 at 3:42 pm

      Pradeep,

      The issue you are seeing is due to the fact that “uid=riemann” is a member of “ou=mathemeticians”, but does not reside under that ou. His membership in that ou is established by a uniqueMember attribute on “ou=mathemeticians”.

      The DN for uid=riemann” is “uid=riemann,dc=example,dc=com”.

    • Reply
      Anonymous
      October 27, 2015 at 11:34 am

      Hi
      Can you please share the code !

  5. Reply
    Ron Fluegge
    May 5, 2014 at 10:48 am

    This is great!! Thanks! If anyone needs sample code using ASP.net System.DirectoryServices.Protocols for Sun, let me know. Glad to share.

    • Reply
      Aswini
      June 26, 2014 at 11:44 am

      Hi Ron,

      Could you please share the sample asp.net code to connect to online Ldap and search for the user and get success/failure response
      I am using Directory Entry where its giving COM exception.
      DirectoryEntry entry = new DirectoryEntry(“ldap://ldap.forumsys.com/DC=example,DC=com”, “example\\euler”, “password”);

      Console.WriteLine(entry);
      Object obj = entry.NativeObject;

      Here is the exception
      + [System.Runtime.InteropServices.COMException] {“Unknown error (0x80005000)”} System.Runtime.InteropServices.COMException
      If any1 has code please send

    • Reply
      Anonymous
      June 27, 2014 at 10:14 am

      Hi Ron,

      Could you please share the asp.net code.
      I am trying to write asp code which reads parameters from web page and pass to Ldap authentication I am getting COM exception and its telling invalid DN specified.
      Here are the values I used
      DirectoryEntry entry = new DirectoryEntry(“LDAP://localhost:10389″, “uid=tesla,dc=example,dc=com”, “password”)
      DirectorySearcher searcher = new DirectorySearcher(entry);
      searcher.PropertiesToLoad.Add(“uid”);
      var result = searcher.FindOne();

      }
      catch (Exception e)
      {
      Console.WriteLine(“\r\nUnexpected exception occured:\r\n\t” + e.GetType() + “:” + e.Message);
      Console.ReadKey();
      }
      }
      Always giving error as DN is invalid.
      Can someone help to fix this out

    • Reply
      Dilip kumar
      January 1, 2015 at 10:35 am

      Hi ,
      Can you please share your ASP .NET code
      dkumar_dipu@yahoo.co.in

      • Reply
        Charlie Parker
        March 12, 2015 at 11:12 am

        Dilip can you please share an example? Thanks

  6. Reply
    Anonymous
    May 28, 2014 at 12:28 pm

    uhm… is it just a weird mistake on my part, or uid=euler has wrong sn and cn?

    • Reply
      James Wood
      May 28, 2014 at 2:34 pm

      You are correct uid=euler had incorrect information in the sn and cn. This has been corrected. Thank you.

  7. Reply
    Andrei
    June 17, 2014 at 7:26 am

    How possible is it to add a ‘mail’ field with an email address for each user? The program I am trying to test needs an email address for persons to be valid. Thanks.

    • Reply
      James Wood
      June 18, 2014 at 2:49 pm

      A mail attribute has been added to all users. The format of the is @ldap.forumsys.com.
      For example, if you were looking at “uid=einstein” then the email address in the mail attribute would be “einstein@ldap.forumsys.com”.

      • Reply
        Andrei
        June 18, 2014 at 2:50 pm

        Thank you! :)

  8. Reply
    Yury
    June 19, 2014 at 3:06 am

    Hello James,

    is it possible that LDAP server is down at the moment? I have noticed it was unreachable during the day in European timezone yesterday and today.

    Best regards,
    Yury

    • Reply
      James Wood
      June 19, 2014 at 1:30 pm

      Yury,

      The server is currently ping-able and reachable through Apache Directory Studio. Our team here worked with it yesterday to resolve Andrei’s request, so that points to there being an issue between your local network and the LDAP server.

      Please try to ping the server now to see if it is available to you.

      Best regards,
      James

      • Reply
        Anup
        January 7, 2015 at 6:14 am

        I am new to LDAP. I want to set a LDAP server.Could anyone please provide steps to install a LDAP server?

        Also, Could you please provide details of below questions?

        1. Minimum System requirements
        2. Do I need any license to purchase?
        3. What are the other softwares I should install before setting up a server?
        4. Steps/Procedure to follow..

        Thanks
        Anup
        +91 9028489518
        anuppatil@eaton.com

  9. Reply
    Grateful Anonymous
    June 21, 2014 at 4:51 am

    Thanks for offering the service. It’s being useful in testing an in-development feature.

  10. Reply
    pi
    June 23, 2014 at 2:28 pm

    Hi,

    I am trying to test connection to Ldap using Softerra Ldap Browser.
    In Ldapurl I gave ldap://ldap.forumsys.com:389/ and Principal as uid=riemann,dc=example,dc=com and password as password and click on finish.
    I am getting error as “Can’t validate credentials. Cannot contact Ldap Server”.
    I used same connection string (ldap://ldap.forumsys.com:389/) in my code ,there also I m getting error as
    {“An invalid dn syntax has been specified.\r\n”} and System.DirectoryServices.DirectoryServicesCOMException.
    But when I try pinging ldap.forumsys.com I m getting reply.
    Could you please tell what could be issue?

    • Reply
      James Wood
      June 25, 2014 at 1:44 pm

      Pi,

      I am using ApacheDirectory studio as mentioned in the main blog entry. I am able to bind and browse the LDAP directory using “uid=riemann,dc=example,dc=com” as my user.

      I installed the tool you mentioned and was also able to connect using the same credentials and the default values on the wizard (Authentication Mechanism: Simple). Again I had no problems browsing around the LDAP directory.

      The DNS name ldap.forumsys.com resolves to the IP address 23.20.46.132. If this is not the case from your computer, then the issue is DNS related. Please try using the IP above to test the server until the DNS issue on your end is resolved.

      Best regards,
      James

  11. Reply
    Anonymous
    June 24, 2014 at 1:36 pm

    Hi James,

    I am trying to use this Ldap details in my code. In my code I need Ldap connection string which I passed as ldap://ldap.forumsys.com:389 and domain as ” forumsys.com” and I am getting error as server is not operational. can u please tell whether the domain and the ldap connection string passed is correct?

    • Reply
      James Wood
      June 25, 2014 at 1:48 pm

      Anonymous,

      Please review my earlier reply to Pi about checking DNS from your end.

      Your LDAP connection string appears to be correct.

      In addition, I do not know what you mean by “domain.” I assume you mean DN (Distinguished Name). The value for that would be “dc=example,dc=com” as a base DN, or a user to which you would want to bind such as “cn=read-only-admin,dc=example,dc=com”.

      Best regards,
      James

  12. Reply
    Anonymous
    June 24, 2014 at 4:33 pm

    Thank you so much! This is very helpful.

  13. Reply
    Anonymous
    June 25, 2014 at 1:04 am

    Thank you!! This allows me to run some tests and wireshark my connection… much appreciated!

  14. Reply
    Radian
    June 30, 2014 at 8:11 am

    Hi, is this ldap server down? I cannot connect with Apache Directory Studio: “connection timeout”, but ping to ldap.forumsys.com is working. What am I missing?

    • Reply
      James Wood
      June 30, 2014 at 12:27 pm

      Radian,

      The server is available and I am able to connect with Apache Directory Studio. This could be the firewall on your end blocking the connection to the LDAP server.

      You can try connecting to the server from another network location. For example, if you are at work, try connecting when you are at home.

      James

  15. Reply
    no
    July 3, 2014 at 7:47 pm

    Thank you very much for taking the time to maintain this hugely valuable testing resource.

  16. Reply
    Steve
    July 11, 2014 at 10:49 am

    Really cool thanks! Any plans for an LDAPS server?

    • Reply
      James Wood
      July 21, 2014 at 2:26 pm

      I will pass your request along.

  17. Reply
    Jeff
    July 17, 2014 at 2:22 pm

    Hi,

    I’m currently using an AD LDS instance on windows server 2012 and I’ve created an application directory partition with users inside and I can’t seem to bind to them. What is the correct way to create users so you are able to bind to them?

    Thanks

    • Reply
      James Wood
      July 21, 2014 at 2:50 pm

      Jeff,

      Assistance on this blog is limited to help with LDAP services provided by ldap.forumsys.com. As AD LDS is not used for this service, we cannot offer assistance with it. I would suggest pursuing your answer in a user forum or via a search engine.

      Best regards,
      James

  18. Reply
    Brian
    July 20, 2014 at 1:43 pm

    Thank you for creating this. Very helpful in my LPI2 exam

  19. Reply
    Brian
    July 21, 2014 at 2:00 pm

    Thanks for this resource!

    Issuing the following search against the ldap server:
    ldapsearch -W -h ldap.forumsys.com -D “uid=tesla,dc=example,dc=com” -b “dc=example,dc=com”

    gives the following result

    search: 2
    result: 32 No such object

    Shouldn’t we expect to see the following?

    search: 2
    result: 0 Success

    I’m new to ldap and I’m having some issues understanding this.
    Thanks,
    -Brian

    • Reply
      James Wood
      July 22, 2014 at 11:04 am

      Brian,

      I was not able to reproduce the error you sent given the command line you provided. Your expected result is what you should see as you will see below.

      Although I had to change the quotes from your message to get them to work, I was able to run the command and enter the password (password). Below is the truncated result from what I ran.

      $ ldapsearch -W -h ldap.forumsys.com -D “uid=tesla,dc=example,dc=com” -b “dc=example,dc=com”
      Enter LDAP Password:
      # extended LDIF
      #
      # LDAPv3
      # base with scope subtree
      # filter: (objectclass=*)
      # requesting: ALL
      #

      # example.com
      dn: dc=example,dc=com
      objectClass: top
      objectClass: dcObject
      objectClass: organization
      o: example.com
      dc: example

      # search result
      search: 2
      result: 0 Success

      # numResponses: 15
      # numEntries: 14

      This is what happened when I kept the quotes as provided from your message:

      $ ldapsearch -W -h ldap.forumsys.com -D “uid=tesla,dc=example,dc=com” -b “dc=example,dc=com”
      Enter LDAP Password:
      ldap_bind: Invalid DN syntax (34)
      additional info: invalid DN

      Best regards,
      James

      • Reply
        Brian
        July 22, 2014 at 6:25 pm

        James,

        Thanks for the reply, I’ll need to do more research to establish what went wrong.

        Thanks again for the resource!

  20. Reply
    Anonymous
    July 23, 2014 at 3:00 pm

    thank yo for this, very useful, i am testing it with spring ldap.

  21. Reply
    Swapnil A. Narvekar
    July 24, 2014 at 1:11 pm

    It helped me a lot !!…
    Thanks a lot !!…

    • Reply
      Anonymous
      July 8, 2015 at 5:15 am

      Hi,

      I am trying to test above ldap server in jenkins. But no luck. Could you please let me know how you achieved that.

  22. Reply
    Swapnil A. Narvekar
    July 24, 2014 at 1:15 pm

    I wanted to configure Jenkins with LDAP Authentication.
    I was looking for the online LDAP Server for the testing purpose.I found this one and It worked as expected.
    Thank you once again.

  23. Reply
    Jeff
    July 30, 2014 at 3:08 pm

    Hi James,

    I’m making an application that is supposed to check users from Active Directory, setting it up is a pain and I was just wondering if I tested my code with this LDAP server would be the same thing?

    Thanks a ton,

    Jeff

    • Reply
      Ron
      July 30, 2014 at 3:39 pm

      I had the same need and this worked great for me. I appreciate that this site is available … could not have created a new client w/o it.

  24. Reply
    George
    July 30, 2014 at 4:22 pm

    Hi James,

    This is a great forum and I wanted to test out my stuff with my c# application. I’m using this code and it keeps returning me an error. Can anyone see what I am doing wrong?

    Thanks a ton,

    George

    using System;
    using System.Text;
    using System.Collections;
    using System.DirectoryServices;

    public class LdapAuthentication
    {
    private String _path;
    private String _filterAttribute;

    public LdapAuthentication(String path)
    {
    _path = path;
    }

    public bool IsAuthenticated(String domain, String username, String pwd)
    {
    String domainAndUsername = domain + @”\” + username;
    DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);

    try
    { //Bind to the native AdsObject to force authentication.
    Object obj = entry.NativeObject;

    DirectorySearcher search = new DirectorySearcher(entry);

    search.Filter = “(SAMAccountName=” + username + “)”;
    search.PropertiesToLoad.Add(“cn”);
    SearchResult result = search.FindOne();

    if (null == result)
    {
    return false;
    }

    //Update the new path to the user in the directory.
    _path = result.Path;
    _filterAttribute = (String)result.Properties[“cn”][0];
    }
    catch (Exception ex)
    {
    throw new Exception(“Error authenticating user. ” + ex.Message);
    }

    return true;
    }

    public String GetGroups()
    {
    DirectorySearcher search = new DirectorySearcher(_path);
    search.Filter = “(cn=” + _filterAttribute + “)”;
    search.PropertiesToLoad.Add(“memberOf”);
    StringBuilder groupNames = new StringBuilder();

    try
    {
    SearchResult result = search.FindOne();

    int propertyCount = result.Properties[“memberOf”].Count;

    String dn;
    int equalsIndex, commaIndex;

    for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
    {
    dn = (String)result.Properties["memberOf"][propertyCounter];

    equalsIndex = dn.IndexOf("=", 1);
    commaIndex = dn.IndexOf(",", 1);
    if (-1 == equalsIndex)
    {
    return null;
    }

    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex – equalsIndex) – 1));
    groupNames.Append("|");

    }
    }
    catch (Exception ex)
    {
    throw new Exception("Error obtaining group names. " + ex.Message);
    }
    return groupNames.ToString();
    }
    }

    class test
    {
    static void Main()
    {
    LdapAuthentication ldap = new LdapAuthentication("LDAP://cn=read-only-admin,dc=example,dc=com");
    ldap.IsAuthenticated("LDAP://ldap.forumsys.com", "uid=gauss", "password");

    }
    }

    • Reply
      Anonymous
      August 20, 2014 at 7:16 am

      Hi George

      You can try to use
      DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd, AuthenticationTypes.None);
      instead of
      DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);

  25. Reply
    Pradeep
    August 5, 2014 at 1:35 pm

    Hi James,
    I am trying to connect to your LDAP using c# code

    PrincipalContext ctx = new PrincipalContext(ContextType.Domain, “LDAP://23.20.46.132:389″, “uid=euclid,dc=example,dc=com”, ContextOptions.SimpleBind, @”uid=euclid,dc=example,dc=com”, “password”);

    I am getting error message ‘Server could not be contacted’….

    Please share me code snippet (preferably c#) to connect to LDAP using username and password.

  26. Reply
    Ade G
    September 2, 2014 at 5:42 am

    Very useful, many thanks for providing this ! …. As a complete newbie to LDAP, I have a question that im hoping isnt too dumb …

    I have an application that I want to be able to log in automatically using LDAP to validate the supplied user ID / password. I can see that you need the LDAP host name to connect, but in the bind string, how do I find out the domain components (e.g. example & com in this instance) ? Are these supplied by the person who administers the LDAP server ?

  27. Reply
    Daniel
    September 7, 2014 at 1:30 pm

    Hi,
    i am trying to test my Symfony2 Application. I use the IMAG/Ldap-Bundle. My ldap-configuration looks like this:

    imag_ldap:
    client:
    host: ldap.forumsys.com
    port: 389
    version: 3
    skip_roles: true

    user:
    base_dn: ou=scientists,dc=example,dc=com
    name_attribute: uid

    if i try to login with one of the scientists username/password combination i always get “Username doesn’t exist”. If i change the base_dn to: uid=euler,dc=example,dc=com i can actually log in as euler. What do i have to do, to be able to log in as any of the stored users (or at least as any of one groups user)?

    I hope you can help out. Thank you.

  28. Reply
    Ravi
    September 10, 2014 at 2:19 am

    Hi,
    Can anyone please share his code.
    My connection string is not working.
    I used following :
    DirectoryEntry entry = new DirectoryEntry(“LDAP://ldap.forumsys.com”, “read-only-admin”, “password”);

    Error :
    An unhandled exception of type ‘System.DirectoryServices.DirectoryServicesCOMException’ occurred in System.DirectoryServices.dll

    • Reply
      James Wood
      October 24, 2014 at 4:02 pm

      Ravi,
      The most likely issue is that your code is not using the full DN (cn=read-only-admin,dc=example,dc=com) as the user.

    • Reply
      dilip kumar
      January 1, 2015 at 7:26 pm

      Ravi – are you able to connect directory using C# code

  29. Reply
    Periklis
    September 16, 2014 at 9:42 am

    Hey, thank you so much for this, it’s been a real pain setting up openldap every time I had to debug some LDAP-related code!

  30. Reply
    Sunny
    September 19, 2014 at 2:00 am

    Can I use this LDAP test server with wordPress Plugin?

    • Reply
      James Wood
      October 24, 2014 at 4:04 pm

      Sunny,

      As long as you are okay with all of the users having known passwords and this is a WordPress installation for internal use only, I cannot see an issue with you using this LDAP server for testing purposes.

  31. Reply
    Soumyadip
    September 19, 2014 at 10:23 am

    Is it pingable now?I just tried but request timed out.

  32. Reply
    Dragos Cojocari
    September 26, 2014 at 4:17 pm

    Thank you for providing this test server, it has been invaluable in learning and testing the basics of LDAP.

  33. Reply
    Edwin
    September 28, 2014 at 10:11 pm

    Hi, Im new to ldap and im using php to develop. i face some problem about the ldap query search for data.

    here my code …

    // Active Directory server
    $ldap_host = “ldap.forumsys.com”;

    // connect to active directory
    $ldapconn = ldap_connect($ldap_host) or die(“Could not connect to LDAP Server”);

    // Active Directory DN
    $ldaprdn = “cn=read-only-admin,dc=example,dc=com”;

    // Password
    $ldappass = “password”;

    // set connection is using protocol version 3, if not will occur warning error.
    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

    if ($ldapconn)
    {
    // binding to ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

    // verify binding
    if ($ldapbind)
    {
    echo “LDAP bind successful…”;

    // LDAP query for search
    $filter = “ou=mathematicians,dc=example,dc=com”;

    $result = ldap_search($ldapconn, $ldaprdn, $filter) or exit(“Unable to search LDAP server”);
    $entries = ldap_get_entries($ldapconn, $result);
    var_dump($entries);

    }
    else
    {
    echo “LDAP bind failed…”;
    }

    }

    the ldap bind is successful, but for ldap_search, it give me the result something like this

    array(1) { [“count”]=> int(0) }

    any idea? million thanks for help~

    • Reply
      James Wood
      October 24, 2014 at 4:43 pm

      It would appear as though you are trying to get the members of ou=mathematicians,dc=example,dc=com
      To do that you need to do the following:

      Your RDN should be: $ldaprdn = “ou=mathematicians,dc=example,dc=com”;

      You should make a new variable for the admin user: $ldapadmin = “cn=read-only-admin,dc=example,dc=com”;

      You should modify your ldap bind as follows: $ldapbind = ldap_bind($ldapconn, $ldapadmin, $ldappass);

      You should adjust your filter to be appropriate such as: $filter = “(uniqueMember=*)”;

      That will grab you all of the uniqueMember objects which will indicate what users are in the group.

      If you want all of the users, them the following changes to the above are needed

      Your RDN should be: $ldaprdn = “dc=example,dc=com”;
      You should adjust your filter to be: $filter = “(uid=*)”;

      In both of the above cases you will be returned an array structure to parse.

      Hopefully that helps you out.

  34. Reply
    MetaYii
    October 9, 2014 at 11:21 am

    Wow, thanks a lot for making the server available. I spent all night trying to run an AD LDS server, but using this was easier :)

  35. Reply
    VBR
    October 10, 2014 at 9:05 am

    Hey, i am getting the AuthenticationException.

    javax.naming.AuthenticationException: [LDAP: error code 49 – Invalid Credentials]

    Please let me know where i have the problem in my code below.

    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY, “com.sun.jndi.ldap.LdapCtxFactory”);
    env.put(Context.PROVIDER_URL, “ldap://ldap.forumsys.com:389″);

    // Authenticate as S. User and password “mysecret”
    env.put(Context.SECURITY_AUTHENTICATION, “simple”);
    env.put(Context.SECURITY_PRINCIPAL, “cn=cn=read-only-admin,dc=example,dc=com”);
    env.put(Context.SECURITY_CREDENTIALS, “password”);

    try {
    // Create initial context
    DirContext ctx = new InitialDirContext(env);

    // Close the context when we’re done
    ctx.close();
    } catch (NamingException e) {
    e.printStackTrace();
    }

    • Reply
      James Wood
      October 10, 2014 at 12:56 pm

      Your DN for the SECURITY_PRINCIPAL is incorrect. you have “cn=cn=…”. The proper line should this:

      env.put(Context.SECURITY_PRINCIPAL, “cn=read-only-admin,dc=example,dc=com”);

  36. Reply
    Nagaraja L.M
    October 13, 2014 at 12:23 pm

    what is the primary administartor name in online LDAP to configure for IBM Websphere application server for learning

    • Reply
      James Wood
      October 24, 2014 at 1:41 pm

      The primary read-only administrator account is this one:

      Bind DN: cn=read-only-admin,dc=example,dc=com
      Bind Password: password

  37. Reply
    Anonymous
    October 23, 2014 at 8:37 am

    I am getting a sync-error: LDAP sync: record ‘ou=scientists,dc=example,dc=com’ has blank mapped jid — abandoning sync

    I am trying to connect a video conferencing bridge

    Whats wrong?

  38. Reply
    Chris
    October 23, 2014 at 8:38 am

    LDAP sync: record ‘ou=scientists,dc=example,dc=com’ has blank mapped jid — abandoning sync

    Whats the problem here? I am trying to test it with a conferencing bridge…

    • Reply
      James Wood
      October 24, 2014 at 1:54 pm

      Chris,

      The issue you are seeing would seem to be caused by the fact that our LDAP server does not use the jid attribute on either users or organizational units (OU) entries.

      The other possibility is that you there is a typo and you meant to specify uid instead of jid.

      Please browse our LDAP tree using Apache Directory Studio and the bind credentials provided above to see what attributes are available to you for the users and OUs.

  39. Reply
    Guru
    October 31, 2014 at 5:54 am

    Hi
    I am receiving connection timeout error while trying to test from my local machine. Is the server up and running. ?

    // Connect to LDAP server.
    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY, “com.sun.jndi.ldap.LdapCtxFactory”);
    env.put(Context.PROVIDER_URL, “ldap://ldap.forumsys.com:389″);

    env.put(Context.SECURITY_AUTHENTICATION, “simple”);
    env.put(Context.SECURITY_PRINCIPAL, “cn=read-only-admin,dc=example,dc=com”);
    env.put(Context.SECURITY_CREDENTIALS, “password”);

    InitialDirContext ctx = null;
    try {
    ctx = new InitialDirContext(env);
    ctx.close();
    } catch (NamingException e) {
    e.printStackTrace();
    }

    Error
    javax.naming.CommunicationException: ldap.forumsys.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
    at com.sun.jndi.ldap.Connection.(Connection.java:218)
    at com.sun.jndi.ldap.LdapClient.(LdapClient.java:130)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1592)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2628)
    at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:299)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:187)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:205)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:148)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:78)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.initializeDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.internalInit(Unknown Source)
    at javax.naming.InitialContext.(Unknown Source)
    at foo.LdapTest.main(LdapTest.java:22)
    Caused by: java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:352)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:214)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:201)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:377)
    at java.net.Socket.connect(Socket.java:530)
    at java.net.Socket.connect(Socket.java:480)
    at java.net.Socket.(Socket.java:377)
    at java.net.Socket.(Socket.java:191)
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:360)
    at com.sun.jndi.ldap.Connection.(Connection.java:195)
    … 14 more

  40. Reply
    Karina
    October 31, 2014 at 9:06 am

    Hi, is there a possibility to test SSL connection?

    • Reply
      James Wood
      December 4, 2014 at 11:46 am

      Karina,

      There are no plans to enable SSL for the server at this time.

    • Reply
      Anonymous
      October 5, 2015 at 6:28 pm

      +1

  41. Reply
    James P
    November 12, 2014 at 2:38 pm

    Working C# Sample:

    string server = “ldap.forumsys.com:389″;
    string userName = “uid=tesla,dc=example,dc=com”;
    string password = “password”;

    try
    {
    using (LdapConnection connection = new LdapConnection(server))
    {
    connection.Timeout = new TimeSpan(0, 0, 10);
    connection.AuthType = AuthType.Basic;
    connection.SessionOptions.ProtocolVersion = 3; // Set protocol to LDAPv3

    var credential = new NetworkCredential(userName, password);
    connection.Bind(credential);
    }
    // If the bind succeeds, the credentials are valid
    return true;
    }
    catch (LdapException ldapEx)
    {
    // The supplied credential is invalid.
    if (ldapEx.ErrorCode.Equals(49))
    {
    return false;
    }

    throw;
    }

  42. Reply
    Abdul
    November 19, 2014 at 1:36 am

    Hello – I am not able to reach the server, is the server up?

    Thanks in advance

    • Reply
      James Wood
      December 4, 2014 at 11:45 am

      Abdul,

      The server is up now and has been up since this page was put into place.

  43. Reply
    Anonymous
    November 24, 2014 at 3:23 am

    thanks for this server =) You saved great deal of time for me
    Regards

  44. Reply
    vennkatesh
    November 25, 2014 at 6:20 am

    I want to configure the ldap authentication in my apache server.
    This is my configuration

    AuthType Basic
    AuthName “Stooges Web Site: Login with email address”
    AuthBasicProvider ldap
    AuthLDAPURL “ldap://ldap.forumsys.com:389/ou=mathematicians,dc=example,dc=com?uid?sub”
    AuthLDAPBindDN “cn=read-only-admin,dc=example,dc=com”
    AuthLDAPBindPassword password
    AuthzLDAPAuthoritative off
    require valid-user

    I protected html folder with ldap authentication.
    when i hit url :http://localhost/html, it is asking for username and password.Then i entered gauss and password.
    Pop up is keep coming. And in the log file it is saying that user gauss not found
    Is that error in my configuration. Can somebody please suggest?

    • Reply
      James Wood
      December 4, 2014 at 11:44 am

      Vennkatesh,

      The users are not directly part of the groups (OU) they are members via the uniqueMember attribute. The users themselves reside under “dc=example,dc=com”.

      For example the DN of gauss is “uid=gauss,dc=example,dc=com”. You will need to adjust the parameters on your LDAP bind to account for the use of uniqueMember as the way to tie users to groups.

  45. Reply
    Baruch
    December 3, 2014 at 11:05 am

    just found your site
    is the server down

    Thank you

    • Reply
      James Wood
      December 4, 2014 at 11:40 am

      Baruch,
      The server is not down. I am able to ping the it, as well as connect to it and review LDAP entries using Apache Directory Studio.

  46. Reply
    Shilpa
    December 12, 2014 at 2:10 am

    I need first name, last name, email, role and display name for Albert Einstein username. But, I can only get email from forumsys ldap server.

    Could you please suggest solution? Thanks in advance.

    • Reply
      James Wood
      March 30, 2015 at 1:04 pm

      Try the user “test” or “tesla” they have more than just the basic attributes. It may not cover your case, but you can temporarily use one of the additional attributes in place of the ones you need during your testing phase.

  47. Reply
    Alain
    January 8, 2015 at 10:34 am

    *Is there any free ldap server like this with more data? about a thousand

  48. Reply
    Fede
    January 14, 2015 at 2:42 pm

    Hi guys,

    I´m trying to connect to ldap server from c# console app but I got an exception “The LDAP server is unavailable”

    Is the server down?

    Thank you

    • Reply
      James Wood
      January 20, 2015 at 12:13 pm

      Fede,

      I accessed the server via Apache Directory Studio just moments ago with no issue. Please try again.

  49. Reply
    mihai
    January 15, 2015 at 10:08 am

    Hi Forumsys and happy new year!
    I’m trying to connect using php to test the connection to Active Directory unfortulatly all the time I received the same messages, even using other codes or interfaces … :

    Warning: ldap_bind(): Unable to bind to server: Can’t contact LDAP server in /home/zozo/public_html/testAD.php on line 10
    Resource id #2

    Best regards,
    Mihai

  50. Reply
    mihai
    January 15, 2015 at 10:49 am

    Hi again,
    It is ok no need to answer was the server firewalll …
    Thanks,
    MIhai

  51. Reply
    Mihai
    January 15, 2015 at 11:15 am

    Hi,
    Working after I found the Firewall was block the connection , could you pls tell me if the service is and Active Directory ?
    If isn’t AD , will this work and what I have to change on the following code to work with AD :

    Best regards,
    Mihai

    • Reply
      James Wood
      January 20, 2015 at 12:19 pm

      Mihai,

      The LDAP server is not an Active Directory server. Any code that can connect to and work with an LDAP v3 server should work just fine with our server.

  52. Reply
    Melory
    January 23, 2015 at 12:23 pm

    Great. Thank you for share.

  53. Reply
    Chan
    January 28, 2015 at 4:00 am

    Hi, Thank you for this online test LDAP. It really saves me the trouble of setting up one. I am very new to LDAP and I need to integrate it to weblogic. Most of the parameters are greek to me. Can you help me identify what values I can enter based on the settings you mentioned:

    1.) Principal: the DN of the LDAP user that weblogic server should use to connect to the ldap server. I tried to enter, ou=mathematicians,dc=example,dc=com

    2.) User Base DN: the base DN of the tree in the LDAP directory that contains users. I tried to enter, ou=mathematicians,dc=example,dc=com

    3.) user name attribute: the attribute of an LDAP user object that specifies the name of the user. I tried to enter, uid?, default is CN

    4.) User Object Class: The LDAP object class that stores users. I entered, Person

    5.) Group Base DN: the base DN of the tree in the LDAP directory that contains groups. I entered, ou=mathematicians,dc=example,dc=com

    6.) Static Group Name Attribute: The attribute of a static LDAP group object that specifies the name of the group. I entered, CN

    I checked the user and groups and it didn’t reflect or retrieve the users of the mathematicians group. I’m lost..

    Please help!!! Thanks! :)

    • Reply
      James Wood
      February 9, 2015 at 11:26 am

      1.) Principal: the DN of the LDAP user that weblogic server should use to connect to the ldap server. I tried to enter, ou=mathematicians,dc=example,dc=com

      >> You should use “cn=read-only-admin,dc=example,dc=com” with the password “password” as described above.

      2.) User Base DN: the base DN of the tree in the LDAP directory that contains users. I tried to enter, ou=mathematicians,dc=example,dc=com

      >> All of the users themselves live here “dc=example,dc=com”. Membership in groups is established using the uniqueMember attribute on the groups which ties the member DNs to the groups.

      3.) user name attribute: the attribute of an LDAP user object that specifies the name of the user. I tried to enter, uid?, default is CN

      >> “uid” is the user name attribute.

      4.) User Object Class: The LDAP object class that stores users. I entered, Person

      >> The users have the following object classes inetOrgPerson,organizationalPerson, person, top. I believe the best one to user is inetOrgPerson

      5.) Group Base DN: the base DN of the tree in the LDAP directory that contains groups. I entered, ou=mathematicians,dc=example,dc=com

      >>This should be correct.

      6.) Static Group Name Attribute: The attribute of a static LDAP group object that specifies the name of the group. I entered, CN

      >> This should also be correct

      James

  54. Reply
    Mahyar
    January 31, 2015 at 8:59 am

    Hi tanx for sharing this free test server , I Have a problem with unbound Id SDK for android and I ger
    “An error occurred while attempting to resolve address ‘ldap.forumsys.com': NetworkOnMainThreadException(trace=’onNetwork(StrictMode.java:1145) / lookupHostByName(InetAddress.java:385) / getAllByNameImpl(InetAddress.java:236) / getByName(InetAddress.java:289) / connect(LDAPConnection.java:749) / connect(LDAPConnection.java:709) / (LDAPConnection.java:533) / (LDAPConnection.java:665) / (LDAPConnection.java:562) / doInBackground(MainActivity.java:124) / onCreate(MainActivity.java:106) / performCreate(Activity.java:5231) / callActivityOnCreate(Instrumentation.java:1087) / performLaunchActivity(ActivityThread.java:2159) / handleLaunchActivity(ActivityThread.java:2245) / access$800(ActivityThread.java:135) / handleMessage(ActivityThread.java:1196) / dispatchMessage(Handler.java:102) / loop(Looper.java:136) / main(ActivityThread.java:5017) / invokeNative(Method.java) / invoke(Method.java:515) / run(ZygoteInit.java:779) / main(ZygoteInit.java:595) / main(NativeStart.java)’, revision=18779)”

    Can you please tell me why ?
    I’ve done this in AsyncTask and it is not because of not using AsyncTask
    application has proper access to internet and I’ve checked emulator’s Internet connection and it has no problem to see internet. any help would be appreciated .
    I tried to connect to server with Apache Directory Studio and it worked perfectly.

    • Reply
      James Wood
      February 9, 2015 at 11:10 am

      Mayhar,

      Your error seems like a DNS issue on your side based on the stack trace. I am able to ping the server as well as telnet to port 389 from our site as well as a remote site. You may want to temporarily use DNS lookup (nslookup or ping) on your local system and hard code the IP returned temporarily into your Android app for testing. Additionally, if your android app and development system are on the same network, and your development system can resolve the DNS name to an IP address, then you should check your DNS settings on your android device or emulator to assure they are set an correct for your network. If you need a known working DNS server, please use the public DNS servers from Google: 8.8.8.8 and 8.8.4.4.

      James

  55. Reply
    Mahyar Pasar Zangene
    February 1, 2015 at 3:29 am

    Is there any working code using unboundid sdk ? I want to connect to your ldap server with unboundid SDK and code is like :

    String userDn = “cn=read-only-admin,dc=example,dc=com”;
    LDAPConnection connection = new LDAPConnection(“ldap.forumsys.com”,389,userDn,”password”);

    and I get :

    An error occurred while attempting to resolve address ‘ldap.forumsys.com': NetworkOnMainThreadException(trace=’onNetwork(StrictMode.java:1145) / lookupHostByName(InetAddress.java:385) / getAllByNameImpl(InetAddress.java:236) / getByName(InetAddress.java:289) / connect(LDAPConnection.java:749) / connect(LDAPConnection.java:709) / (LDAPConnection.java:533) / (LDAPConnection.java:665) / (LDAPConnection.java:562) / doInBackground(MainActivity.java:124) / onCreate(MainActivity.java:106) / performCreate(Activity.java:5231) / callActivityOnCreate(Instrumentation.java:1087) / performLaunchActivity(ActivityThread.java:2159) / handleLaunchActivity(ActivityThread.java:2245) / access$800(ActivityThread.java:135) / handleMessage(ActivityThread.java:1196) / dispatchMessage(Handler.java:102) / loop(Looper.java:136) / main(ActivityThread.java:5017) / invokeNative(Method.java) / invoke(Method.java:515) / run(ZygoteInit.java:779) / main(ZygoteInit.java:595) / main(NativeStart.java)’, revision=18779)

    Any Help would be appreciated

    • Reply
      James Wood
      February 9, 2015 at 11:13 am

      Mahyar,
      See my response to the above post.

  56. Reply
    Vladimir
    February 7, 2015 at 5:24 pm

    Hi!, thank you very much for this resource, I’m developing something at work but I could not test it at home because no LDAP server, so this comes handy :)

    Just a question, in my workplace users login at LDAP by using user@email.com – is this something they have setup in the LDAP server?

    • Reply
      James Wood
      March 30, 2015 at 1:01 pm

      The login routine probably searches for a user in LDAP with a mail attribute set to the value entered during login. It then follows normal procedure for logging in (checking password, etc.,)

  57. Reply
    John Kingmsan
    February 9, 2015 at 9:51 am

    This is a very nice service that you provide. I am going to use it as part of a much larger product test suite that will only be run maybe once a month and it will only make a few requests (2-3 per month) to this LDAP server. Thanks for making this available for testing purposes.

  58. Reply
    Anonymous
    February 16, 2015 at 11:02 am

    Hi there! Just a big thanks for this service. This helps us a lot.

  59. Reply
    Anonymous
    February 27, 2015 at 4:47 pm

    This is wonderful! Thank you! I was wondering if you could add a third group with a few users and also add a user that is not in any group. Thanks for adding ‘mail’ for each user. That was perfect for what I needed …

    • Reply
      James Wood
      March 30, 2015 at 12:59 pm

      A new group called Chemists has been added with several entries.

      A new user “nogroup” has been added. This user does not belong to any groups.

  60. Reply
    Oscar
    February 28, 2015 at 2:25 am

    Hello, Can I test Login on this server? , IM trying using the tool Userbooster Light with the password “password” but I have not been able to login :(

    • Reply
      James Wood
      March 2, 2015 at 4:11 pm

      Oscar,

      Feel free to use the server for any non-load testing use. The system is a shared resource.

      Please review the login settings at the top of the page. Please try to connect wit Apache Directory Studio. As long as you can connect using that other LDAP GUI tools should work fine.

      • Reply
        Charlie Parker
        March 12, 2015 at 11:37 am

        James,

        Here is my .NET C# code:

        DirectoryEntry Entry = new DirectoryEntry(“LDAP://ldap.forumsys.com”, “cn=read-only-admin,dc=example,dc=com”, “password”);
        DirectorySearcher Search = new DirectorySearcher(Entry);
        SearchResult results = Search.FindOne();

        … I keep getting “Invalid dn syntax …. do you see any problem with the code?

        Thanks

        • Reply
          Meengal Yip
          March 12, 2015 at 3:23 pm

          @Charlie Parker, I too get this Invalid dn syntax error in my application. Tried everything but to no avail. Will someone help us: Give one working code for a C# application? Thanks.

        • Reply
          Meengal Yip
          March 12, 2015 at 4:28 pm

          In case of C#, I finally got this to work:
          DirectoryEntry entry = new DirectoryEntry(“LDAP://ldap.forumsys.com:389/dc=example,dc=com”, “”, “”, AuthenticationTypes.None);
          then, in the try {
          search.Filter = “(uid=” + “einstein” + “)”;
          search.PropertiesToLoad.Add(“cn”);
          SearchResult result = search.FindOne();

          and the result object does have ‘Albert Einstein’.

  61. Reply
    Anonymous
    March 13, 2015 at 3:06 am

    This is my code
    try
    {
    DirectoryEntry entry = new DirectoryEntry(“ldap://ldap.forumsys.com/DC=example,DC=com”, “example\\euler”, “password”);

    DirectorySearcher search = new DirectorySearcher(entry);
    SearchResult result = search.FindOne();
    // if (null == result)
    // {
    // Console.WriteLine(“null”);
    // }

    }
    catch (Exception ex)
    {
    Console.WriteLine(ex.Message);
    }

    But i’m getting the following exception. Please help me
    System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
    at System.DirectoryServices.DirectoryEntry.Bind()
    at System.DirectoryServices.DirectoryEntry.get_AdsObject()
    at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
    at System.DirectoryServices.DirectorySearcher.FindOne()
    at HelloWorld.Hello.Main() in D:\Kasthuri\workspace\HelloWorld\HelloWorld\HelloWorld\Hello.cs:line 20

    • Reply
      James Wood
      March 30, 2015 at 12:39 pm

      Per the recommendation of another Anonymous user, try this:

      DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd, AuthenticationTypes.None);

      The addition of AuthenticationTypes.None as an argument to the new DirectoryEntry may solve you problem.

  62. Reply
    Anonymous
    March 13, 2015 at 3:09 am

    HI,
    This is my code, try
    {
    DirectoryEntry entry = new DirectoryEntry(“ldap://ldap.forumsys.com/DC=example,DC=com”, “example\\euler”, “password”);

    DirectorySearcher search = new DirectorySearcher(entry);
    SearchResult result = search.FindOne();
    // if (null == result)
    // {
    // Console.WriteLine(“null”);
    // }

    }
    catch (Exception ex)
    {
    Console.WriteLine(ex.Message);
    }

    But still, i’m getting the following excpetion
    System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
    at System.DirectoryServices.DirectoryEntry.Bind()
    at System.DirectoryServices.DirectoryEntry.get_AdsObject()
    at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
    at System.DirectoryServices.DirectorySearcher.FindOne()
    at HelloWorld.Hello.Main() in D:\Kasthuri\workspace\HelloWorld\HelloWorld\HelloWorld\Hello.cs:line 20

  63. Reply
    Greg
    March 19, 2015 at 11:15 am

    Hello – do you have (or know of) an LDAPS server available for testing?

    • Reply
      James Wood
      March 30, 2015 at 12:36 pm

      LDAPS is currently not available on our LDAP server.

  64. Reply
    Jon
    March 23, 2015 at 6:21 pm

    Does anyone have sample code to query this with VB6? Specifically how do you search for a user by uid without knowing the full dn?

    I’ve found code that can run searches (using a Recordset and Connection), but it I’m wondering if it’s Active Directory specific:
    Dim con As New Connection, rs As New Recordset, Com As New Command

    con.Provider = “ADsDSOObject”
    con.Properties(“ADSI Flag”) = 0 ‘1
    con.Properties(“User ID”) = “cn=read-only-admin,dc=example,dc=com”
    con.Properties(“Password”) = “password”

    con.open “Active Directory Provider”

    Set Com.ActiveConnection = con

    Com.CommandText = “;(&(objectClass=user)(uid=einstein));distinguishedname;subtree”

    Set rs = Com.Execute

    I changed ADSI Flag to 0 from 1 and it’s able to connect now without an error, but returns 0 records.

    I’m able to retrieve the objects with the distinguished name with OpenDSObject/GetObject functions, but don’t see a way to run a query with the ASDI objects.
    Set LDAP = GetObject(“LDAP:”)
    Set root = LDAP.OpenDSObject(“LDAP://ldap.forumsys.com:389″, “cn=read-only-admin,dc=example,dc=com”, “password”, 0)
    Set ou = LDAP.OpenDSObject(“LDAP://ldap.forumsys.com:389/ou=mathematicians,dc=example,dc=com””, “cn=read-only-admin,dc=example,dc=com”, “password”, 0)
    Set user = LDAP.OpenDSObject(“LDAP://ldap.forumsys.com:389/uid=riemann,dc=example,dc=com”, “cn=read-only-admin,dc=example,dc=com”, “password”, 0)

  65. Reply
    Anonymous
    March 24, 2015 at 5:48 am

    Is server running? i am getting UnknownHostException

    • Reply
      James Wood
      March 30, 2015 at 12:32 pm

      As mentioned at the top of this page, please use Apache Directory Studio to verify the accessibility of the server, so issues in your code do not cause you to say the server is down.

      That said, the server is currently running. UnknownHostExceptions usually indicate a DNS lookup issue.

  66. Reply
    Oscar
    March 29, 2015 at 5:26 am

    Im doing a project on cake php I need to set these parameters , but I’m not getting to connect with the server :( , when it tries the user and password

    $config[‘LDAP’][‘server’] = ‘ldap://ldap.forumsys.com/ou=mathematicians';
    $config[‘LDAP’][‘port’] = ‘389’;
    $config[‘LDAP’][‘user’] = ‘gauss';
    $config[‘LDAP’][‘password’] = ‘password';
    // Base DN for searching under
    $config[‘LDAP’][‘base_dn’] = ‘dc=example,dc=com';
    // This is an LDAP filter that will be used to look up user objects by username.
    // %USERNAME% will be replaced by the username entered by the user.
    // Therefore, you can do things like proxyAddresses lookup to find
    // a user by any of their email addresses.
    $config[‘LDAP’][‘user_filter’] = “(&(objectClass=User) (sAMAccountName=%USERNAME%))”;
    $config[‘LDAP’][‘user_wide_filter’] = “(& (objectClass=User) (| (sAMAccountName=%USERNAME%*) (givenName=%USERNAME%*) (sn=%USERNAME%*) ) )”;
    // Form fields – we’re expecting a username and password,
    // but the form data might call them e.g. ‘email’ and ‘password’
    $config[‘LDAP’][‘form_fields’] = array (‘username’ => ‘username’, ‘password’ => ‘password’);
    // LDAP fields to retrieve by default
    $config[‘LDAP’][‘ldap_attribs’] = array (‘samaccountname’,’givenname’, ‘sn’, ‘mail’, ‘department’);
    // Database model for users
    $config[‘LDAP’][‘db_model’] = “User”;
    // LDAP filter to look up for group membership
    $config[‘LDAP’][‘group_filter’] = “(&(objectCategory=User) (memberOf=CN=%GROUPNAME%, OU=Common Groups,”. $config[‘LDAP’][‘base_dn’] .”))”;

    Can anyone helpe , please :)

    • Reply
      James Wood
      March 30, 2015 at 12:35 pm

      Change your LDAP parameters to use the Bind credentials to connect to the LDAP server instead of user credentials:

      $config[‘LDAP’][‘user’] = ‘cn=read-only-admin,dc=example,dc=com';
      $config[‘LDAP’][‘password’] = ‘password';

      You can then filter on usernames like gauss.

  67. Reply
    Sagar
    March 30, 2015 at 6:29 pm

    Hi I am trying to use it in Weblogic server by using “LDAPAuthenticator” as the LDAP type .
    I get the following exception:
    Caused By: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
    The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
    Can you please tell me what is the type to choose to integrate in Weblogic

    • Reply
      James Wood
      April 1, 2015 at 1:14 pm

      Our server is an OpenLDAP based server. If that or generic LDAP is a choice then that is what you should use.

  68. Reply
    Xavier Perseguers (@xperseguers)
    March 31, 2015 at 2:54 am

    There are a few typos:

    – Louis Pasteur (this is pastEUr and not pastUEr), both in cn and family name
    – IsAAc Newton and not iSSac

    Thanks for this online resource!

    • Reply
      James Wood
      October 9, 2015 at 12:16 pm

      Xavier

      Louis Pasteur was already corrected due to someone else noticing the misspelling.

      I have fixed Isaac Newton now as well.

      Thank you.

  69. Reply
    Oscar
    March 31, 2015 at 3:36 am

    Hello, thanks for your response James :) it helped me to finally connecto the server, but now , when I try to do the login , it does not find anything related to the user , I have this configuration :

    could you helpe find out what is the problem, please :)

    $config[‘LDAP’][‘server’] = ‘ldap://ldap.forumsys.com';
    $config[‘LDAP’][‘port’] = ‘389’;
    $config[‘LDAP’][‘user’] = ‘cn=read-only-admin,dc=example,dc=com';
    $config[‘LDAP’][‘password’] = ‘password';
    // Base DN for searching under
    $config[‘LDAP’][‘base_dn’] = ‘ou=mathematicians,dc=example,dc=com';
    // This is an LDAP filter that will be used to look up user objects by username.
    // %USERNAME% will be replaced by the username entered by the user.
    // Therefore, you can do things like proxyAddresses lookup to find
    // a user by any of their email addresses.
    $config[‘LDAP’][‘user_filter’] = “(&(objectClass=User) (sAMAccountName=%USERNAME%))”;
    $config[‘LDAP’][‘user_wide_filter’] = “(& (objectClass=User) (| (sAMAccountName=%USERNAME%*) (givenName=%USERNAME%*) (sn=%USERNAME%*) ) )”;
    // Form fields – we’re expecting a username and password,
    // but the form data might call them e.g. ‘email’ and ‘password’
    $config[‘LDAP’][‘form_fields’] = array (‘username’ => ‘username’, ‘password’ => ‘password’);
    // LDAP fields to retrieve by default
    $config[‘LDAP’][‘ldap_attribs’] = array (‘samaccountname’,’givenname’, ‘sn’, ‘mail’, ‘department’);
    // Database model for users
    $config[‘LDAP’][‘db_model’] = “User”;
    // LDAP filter to look up for group membership
    $config[‘LDAP’][‘group_filter’] = “(&(objectCategory=User) (memberOf=CN=%GROUPNAME%, OU=Common Groups,”. $config[‘LDAP’][‘base_dn’] .”))”;

    by the way this is the plugin I use
    https://github.com/jvalecillos/cakephp-yalp

    Thank you very much

    • Reply
      James Wood
      April 8, 2015 at 9:37 am

      The server is OpenLDAP, so your Active Directory style queries for sAMAccountName and memberOf will fail as those are not an attributes present on this LDAP server. Additionally, the users are connected to their groups using a uniqueMember attribute on the group and do not live directly under the groups (ou) as they do in some LDAP configurations.

      Hopefully that helps you out a bit.

  70. Reply
    Oscar
    April 8, 2015 at 2:21 am

    Hello, thanks for your response James :) it helped me to finally connecto the server, but now , when I try to do the login , it does not find anything related to the user , I have this configuration :

    could you helpe find out what is the problem, please :)

    $config[‘LDAP’][‘server’] = ‘ldap://ldap.forumsys.com';
    $config[‘LDAP’][‘port’] = ‘389’;
    $config[‘LDAP’][‘user’] = ‘cn=read-only-admin,dc=example,dc=com';
    $config[‘LDAP’][‘password’] = ‘password';
    // Base DN for searching under
    $config[‘LDAP’][‘base_dn’] = ‘ou=mathematicians,dc=example,dc=com';
    // This is an LDAP filter that will be used to look up user objects by username.
    // %USERNAME% will be replaced by the username entered by the user.
    // Therefore, you can do things like proxyAddresses lookup to find
    // a user by any of their email addresses.
    $config[‘LDAP’][‘user_filter’] = “(&(objectClass=User) (sAMAccountName=%USERNAME%))”;
    $config[‘LDAP’][‘user_wide_filter’] = “(& (objectClass=User) (| (sAMAccountName=%USERNAME%*) (givenName=%USERNAME%*) (sn=%USERNAME%*) ) )”;
    // Form fields – we’re expecting a username and password,
    // but the form data might call them e.g. ‘email’ and ‘password’
    $config[‘LDAP’][‘form_fields’] = array (‘username’ => ‘username’, ‘password’ => ‘password’);
    // LDAP fields to retrieve by default
    $config[‘LDAP’][‘ldap_attribs’] = array (‘samaccountname’,’givenname’, ‘sn’, ‘mail’, ‘department’);
    // Database model for users
    $config[‘LDAP’][‘db_model’] = “User”;
    // LDAP filter to look up for group membership
    $config[‘LDAP’][‘group_filter’] = “(&(objectCategory=User) (memberOf=CN=%GROUPNAME%, OU=Common Groups,”. $config[‘LDAP’][‘base_dn’] .”))”;

    by the way this is the plugin I use
    https://github.com/jvalecillos/cakephp-yalp

    Thank you very much

    • Reply
      James Wood
      May 18, 2015 at 1:10 pm

      Oscar,

      As this is an LDAP v3 server and not an Active Directory (Windows) server, the schema (names of objects) are different.

      For example, this line of your code should be changed to work with LDAP v3:
      $config[‘LDAP’][‘user_filter’] = “(&(objectClass=User) (sAMAccountName=%USERNAME%))”;

      The proper code would be more like this:
      $config[‘LDAP’][‘user_filter’] = “(&(objectClass=inetOrgPerson) (uid=%USERNAME%))”;

      -James

  71. Reply
    Sankardoss P
    April 9, 2015 at 6:52 am

    My LDAP configuration is as below, however I am not getting any response. Please advice.

  72. Reply
    Stefan Cuculeac (@essteffan)
    May 18, 2015 at 5:56 am

    Hello.
    I’m trying to test LDAP conection using a symfony2 bundle FR3DLdapBundle.
    I have the following config :
    fr3d_ldap:
    driver:
    host: ldap.forumsys.com
    port: 389 # Optional
    bindRequiresDn: true # Optional
    baseDn: cn=read-only-admin,dc=example,dc=com # Optional
    user:
    baseDn: cn=read-only-admin,dc=example,dc=com
    filter: (&(ObjectClass=User))
    attributes: # Specify ldap attributes mapping [ldap attribute, user object method]
    – { ldap_attr: mail, user_method: setEmail } # Default

    I’m using email: riemann@ldap.forumsys.com and password: password
    But i get this error :
    [2015-05-18 11:51:17] ldap_driver.DEBUG: ldap_search(cn=read-only-admin,dc=example,dc=com, (&(&(ObjectClass=User))(mail=riemann@ldap.forumsys.com)), mail) [] []
    [2015-05-18 11:51:17] security.INFO: User riemann@ldap.forumsys.com not found on ldap [] []

    What seems to be the problem?
    Thank you

    • Reply
      Stefan Cuculeac (@essteffan)
      May 18, 2015 at 10:05 am

      I’ve change ldap_search(cn=read-only-admin,dc=example,dc=com, (&(objectClass=*)(mail=riemann@ldap.forumsys.com)), mail) [] [] -> (&(objectClass=*) seems to be wrong ((&(&(ObjectClass=User))) but the problem is the same

      • Reply
        James Wood
        May 18, 2015 at 1:07 pm

        Our LDAP server is an OpenLDap server (LDAP v3), not an Active Directory based on. As such the schema used (names of objects) are different. In the particular case above, you need to use inetOrgPerson as the ObjectClass instead of User.

        • Reply
          Stefan Cuculeac (@essteffan)
          May 18, 2015 at 2:13 pm

          Wow. I can believe that i;ve mistake that. i lost a lot o time. Thank you. Where can i get AD test details? any idea?

  73. Reply
    James Wood
    May 18, 2015 at 2:47 pm

    Stefan,

    We do not provide an AD test server. There are two ways you could go if your searches do not yield much in the way of results:

    1. Install your own Windows server edition server on a VM or physical machine.
    2. Find an already created VM image you can run on a VM hosting service. May of them have a free tier as long as you do not need much horsepower or bandwidth. A credit card may be required though, in case you go over your allotted usage for the month.

  74. Reply
    Rock
    June 9, 2015 at 8:05 am

    We have got connection successfully …but i need ‘RDN’ so that i can test fetching the users record.

    • Reply
      James Wood
      July 20, 2015 at 2:48 pm

      All users are under the RDN “dc=example,dc=com”

  75. Reply
    Rock
    June 9, 2015 at 8:11 am

    I have tried RDN=ou=scientists,dc=example,dc=com and RDN=ou=mathematicians,dc=example,dc=com

    but we are getting message like :

    “There is no entry returned. Check if Filter is set correctly”

    • Reply
      James Wood
      July 20, 2015 at 2:48 pm

      All users are under the RDN “dc=example,dc=com”

  76. Reply
    Anonymous
    June 18, 2015 at 11:08 am

    Perfect. Thanks for the initiative.

  77. Reply
    lorenparker
    June 25, 2015 at 2:38 pm

    Your server was most helpful to me for a demo I did on integrating LDAP into Hortonworks-Ambari. Much thanks to you. This was ideal for my needs.

    • Reply
      James Wood
      July 20, 2015 at 2:49 pm

      You are welcome.

  78. Reply
    Sriram R
    June 27, 2015 at 4:21 pm

    Ruby Implementation:

    #dc – domain component
    #cn – common name
    #ou – org units

    require ‘net/ldap’

    class Ldap
    attr_accessor :ldap_connection, :params, :ldap_response
    def initialize(params = {})
    self.ldap_connection = connect_to_ldap_server()
    self.params = params
    end

    def connect_to_ldap_server
    ldap = Net::LDAP.new :host => “ldap.forumsys.com”,
    :port => 389,
    :base => “dc=example,dc=com”,
    :auth => {
    :method => :simple,
    :username => “”,
    :password => “”
    }
    puts ldap.inspect
    ldap
    end

    def search_ldap
    #to get all groups
    groups = Net::LDAP::Filter.eq(“objectclass”, “groupOfUniqueNames”)
    puts ldap_connection.search(:filter => groups).inspect

    #to get All Mathematicians
    mathematician_filter = Net::LDAP::Filter.eq(“ou”, “mathematicians”)
    puts ldap_connection.search(:filter => mathematician_filter).inspect

    particular_mathematician = Net::LDAP::Filter.eq(“uid”, “euclid”)
    #to get particular Mathematician
    puts ldap_connection.search(:filter => particular_mathematician).inspect

    end
    end

    obj = Ldap.new()
    obj.search_ldap

  79. Reply
    Jordan Liggitt
    July 2, 2015 at 11:11 pm

    Your server was a terrific help. Normal searches and binding are working great, but I’m getting a certificate expired error running a StartTLS flow. Do you know if the cert is actually outdated?

    • Reply
      James Wood
      July 6, 2015 at 12:11 pm

      LDAPS (SSL/TLS) is not enabled on our server. The error you are seeing is probably just a fall though case in the LDAP library you are using.

  80. Reply
    rajashekhar
    July 3, 2015 at 6:51 am

    I got yhis error in django auth ldap configuration

    search_s(‘ou=mathematicians,dc=example,dc=com’, 2, ‘(uid=%(user)s)’) returned 0 objects:
    Authentication failed for gauss

    and my code is in settings.py is

    AUTH_LDAP_SERVER_URI = “ldap://ldap.forumsys.com”
    AUTH_LDAP_BIND_DN = “cn=read-only-admin,dc=example,dc=com”
    AUTH_LDAP_BIND_PASSWORD = “password”
    AUTH_LDAP_USER_SEARCH = LDAPSearch(“ou=mathematicians,dc=example,dc=com”,
    ldap.SCOPE_SUBTREE, “(uid=%(user)s)”)

    can any one help please

    thanks in Advance

    • Reply
      James Wood
      July 6, 2015 at 12:16 pm

      Rajashekhar,

      The users are not placed under the individual OUs, they exist under the Base DN(dc=example,dc=com). They are attached to the OUs by uniqueMember attributes.

      Look at prior posts. I believe someone has been through this before.

  81. Reply
    Steve Lacey
    July 3, 2015 at 9:49 am

    Are you aware of any other servers such as this one? Yours is working great, I am just trying to build in a bit of redundancy – and I have a few scenarios to test where I combine responses from different LDAP servers into one coherent experience. I’d been using the testathon one described in blog.stuartlewis.com/2008/07/07/test-ldap-service/ (website currently offline)… but it appears to have some issues where it can reject credentials under load (behaviour yours doesn’t exhibit) which makes my tests fail in an indeterminate way.

    I’ve found a few other providers, mostly via web2ldap – but none of them appear to be used for authentication, or at the very least, don’t provide the passwords for the users (if they have them) – I am looking for other servers alike this one explicitly for testing against.

    • Reply
      James Wood
      July 6, 2015 at 12:19 pm

      Steve,

      I am not aware of any other active publicly available LDAP server instances. Worst case, you should be able to setup an instance of OpenLDAP (the basis for our server) on your own to use as a second LDAP server for testing.

  82. Reply
    Pradeep
    July 8, 2015 at 6:01 am

    Hi,

    I am unable to configure above ldap server in Jenkins. I have provide below values in manage jenkins page.

    server : ldap.forumsys.com
    root DN: ou=mathematicians,dc=example,dc=com
    user search filter: uid={0}
    Manager DN: cn=read-only-admin,dc=example,dc=com
    password : password

    And tried to login with gauss/password. Getting login error page. Could you please help me in fixing this issue

    • Reply
      James Wood
      July 20, 2015 at 2:51 pm

      Change your Root DN to: “dc=example,dc=com”

  83. Reply
    stapiar
    July 8, 2015 at 4:06 pm

    Hello
    I create my own ldap server, but fails to bind users (uid={0}) returning “Insufficient access (50)”,
    only “cn=Manager” binds.

    For example if I use ldapwhoami:

    ldapwhoami -vvv -h locahost/dc=my-domain,dc=com -p 389 -D cn=Manager,dc=my-domain,dc=com -x -w koala
    =>
    ldap_initialize( )
    dn:cn=Manager,dc=my-domain,dc=com
    Result: Success (0)

    But with my user uid=stapiar get:
    ldapwhoami -vvv -h locahost/dc=my-domain,dc=com -p 389 -D uid=stapiar,ou=Usuarios,dc=my-domain,dc=com -x -w koala
    =>
    ldap_initialize( )
    ldap_bind: Insufficient access (50)

    The data.ldif loaded was:

    dn: ou=Usuarios,dc=my-domain,dc=com
    objectclass: top
    objectclass: organizationalUnit
    ou: Usuarios

    dn: uid=stapiar,ou=Usuarios,dc=my-domain,dc=com
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    cn: stapiar
    uid: stapiar
    sn: Tapia
    userPassword: a61076bb02ce3c85a07f6b5ee155b81f2fd815b5410c472831174722a2dafab2a20aa375d1e2a13a

    I tried several configurations in /etc/openldap/slapd.conf but nothing works :S

  84. Reply
    MF
    July 15, 2015 at 9:53 pm

    Could you please add:

    telephoneNumber Mobile homePhone facsimileTelephoneNumber ipPhone pager

    or just telephoneNumber

    • Reply
      James Wood
      July 20, 2015 at 2:58 pm

      I have added telephoneNumbers to the UIDs pasteur, einstein, and boyle.

  85. Reply
    Blop
    July 18, 2015 at 2:07 am

    Thanks for your open Ldap instance !

  86. Reply
    Blop
    July 18, 2015 at 5:45 am

    One little error on your LDAP naming : Louis Pastuer is more “Pasteur” than “Pastueur” (literally Not Kill)

    • Reply
      James Wood
      July 20, 2015 at 2:53 pm

      The UID, CN, and SN for Louis Pasteur have been fixed. Thanks.

      • Reply
        Blop
        August 7, 2015 at 5:45 am

        still a little error : pastuer@ldap.forumsys.com ==> pasteur@ldap.forumsys.com

        • Reply
          James Wood
          September 21, 2015 at 11:32 am

          Fixed.

      • Reply
        Blop
        August 7, 2015 at 5:54 am

        + on “ou=chemists” uniqueMember “uid=pastueur,dc=example,dc=com” should be corrected. (uid=pasteur)

        • Reply
          James Wood
          September 21, 2015 at 11:32 am

          Fixed

  87. Reply
    Harsh S. Kulshrestha
    July 22, 2015 at 6:24 pm

    Hi,
    Thanks a lot for providing such a good resource for testing purposes, it helps a lot.
    Also, I was successfully able to authenticate against the base DN using the password, but when I try to search an ou or a uid using the passwrod (Simple authentication), it states invalid credentials. Why so?
    Here’s my code:
    String url = “ldap://ldap.forumsys.com:389/cn=read-only-admin,dc=example,dc=com”;
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, “com.sun.jndi.ldap.LdapCtxFactory”);
    env.put(Context.PROVIDER_URL, url);
    env.put(Context.SECURITY_AUTHENTICATION, “none”);
    env.put(Context.SECURITY_PRINCIPAL, “uid=riemann,ou=mathematicians,dc=example,dc=com”);
    env.put(Context.SECURITY_CREDENTIALS, “password”);

    • Reply
      James Wood
      July 24, 2015 at 1:46 pm

      Harsh,

      Here is a prior response that addresses your issue:

      —-
      The users are not placed under the individual OUs, they exist under the Base DN(dc=example,dc=com). They are attached to the OUs by uniqueMember attributes.

      More to the point, the user you are using is stored in LDAPwith this DN: “uid=riemann,dc=example,dc=com”. If you modify your code to use this DN, you should get further along.

  88. Reply
    Anonymous
    July 29, 2015 at 12:57 am

    Hi,

    i would like to integrate LDAP with my tools. Could you please provide below details.

    1. Server URL ? (ex : ldap://host-name:389/)
    2. Starting search directory ?
    3. Login distinguished name ?
    4. Login password ?
    5. is this server always running ?

    Regards,
    Hima

    • Reply
      James Wood
      July 30, 2015 at 3:53 pm

      Hima,

      This information is spelled out at the top of the page as well as in the responses, but for simplicity’s sake, I will split things out across your questions.

      =========

      1. Server URL ? (ex : ldap://host-name:389/)
      > ldap://ldap.forumsys.com:389

      2. Starting search directory ?
      > All users exist under “dc=example,dc=com”. They are tied to their individual groups by a uniqueMember attribute on the groups (ex: ou=scientists,dc=example,dc=com)

      3. Login distinguished name ?
      > cn=read-only-admin,dc=example,dc=com

      4. Login password ?
      > password

      5. is this server always running ?
      > Yes.

  89. Reply
    Anonymous
    July 29, 2015 at 1:54 am

    Hi,

    What is the RDN , Queryfield & filter for the users.

    Regards,
    Hima

    • Reply
      James Wood
      July 30, 2015 at 3:54 pm

      Hima,

      The RDN is “dc=example,dc=com”. I am not sure what you mean by queryfield and filter, but the users are identified by a “uid” attribute.

  90. Reply
    Anonymous
    July 31, 2015 at 2:57 am

    Hi James, Thank you for your information.

    Here i’m integrating LDAP with ServiceNow. Below is the Error.

    In RDN i have specified “ou=Users” but im getting error is :

    “Invalid RDN specified, ‘ou=Users’ does not exist within ‘dc=example,dc=com'”
    “Specify a relative distinguished name for starting search directory ”

    any help will be appreciated.

    Regards,
    Hima.

    • Reply
      James Wood
      September 21, 2015 at 11:57 am

      ou=Users does not exist in this LDAP server as it is OpenLDAP and not Active Directory. All users currently live under the main “dc=example, dc=com” DN.

  91. Reply
    Anonymous
    July 31, 2015 at 6:43 am

    Hi James,

    Now Successfully integrated LDAP with ServiceNow. But I can’t able to login by using these users. i hope the password for all users is “password”.

    Regards,
    Hima.

    • Reply
      James Wood
      September 21, 2015 at 12:05 pm

      As stated at the top of the page, all user passwords are “password”.

  92. Reply
    Bruce
    August 7, 2015 at 7:37 am

    Hi James

    How can i test connecting to you LDAP server using Redhat Linux 7. Im preparing for my exam Rehat EX200-7 and EX300-7. I use the command “authconfig-tui” to fill the details successfully. But get no results when i run this command “getent passwd “, for example ” #getent passwd tesla “

    • Reply
      James Wood
      September 21, 2015 at 12:25 pm

      Bruce,

      This is probably the same issue I commented on later on in the comment stream. The read-only-admin user does not have access to user passswords (userPassword) field. You therefore cannot read the user passwords in anyway other than trying to bind as the user. I have not tried the “getent passwd” command under an LDAP context, so don’t quote me on my response.

  93. Reply
    Phil
    August 11, 2015 at 6:41 pm

    Hi,

    I am trying to setup an old CMS with LDAP authentication. For testing purposes I am using your LDAP server.

    Could you tell how to setup the server in the CMS?
    Below are the available fields in the system.

    Host: ldap.forumsys.com
    Port: 389
    LDAP V3: yes?
    Negotiate TLS: No?
    Follow referrals: No?
    Authorisation Method: Bind and Search | Bind directly as User
    Base DN: ou=mathematicians,dc=example,dc=com
    Search String: uid=[search]
    User’s DN: ?

    Connect username: cn=read-only-admin,dc=example,dc=com
    Connect password: password

    Map: Full Name: fullName
    Map: E-mail: mail
    Map: User ID: uid

    Thank you!

    • Reply
      James Wood
      September 21, 2015 at 12:10 pm

      Phil,

      Try these settings

      Host: ldap.forumsys.com
      Port: 389
      LDAP V3: Yes
      Negotiate TLS: No
      Follow referrals: No
      Authorisation Method: Bind and Search (not sure on this setting, but this seems reasonable)
      Base DN: dc=example,dc=com
      Search String: uid=[search]
      User’s DN: Nos sure what to put here, but here is an example user DN:: uid=nobel,dc=example,dc=com

      Connect username: cn=read-only-admin,dc=example,dc=com
      Connect password: password

      Map: Full Name: cn
      Map: E-mail: mail
      Map: User ID: uid

  94. Reply
    Laurent Mazuel
    August 20, 2015 at 11:00 am

    Thank you!! Helped me a lot to understand how to code that.

  95. Reply
    Anonymous
    August 22, 2015 at 1:07 pm

    I am trying doing a basic search of uid and userPassword to verify username/password given exists on the the LDAP server – I can search for uid just fine, however, adding userPassword to the search filter returns nothing. Is searching by userPassword restricted? If so, how would one go about filtering this way?

    (&(uid=boyle)(userPass=password))

    Thanks!

    • Reply
      James Wood
      September 21, 2015 at 12:15 pm

      Searching by userPassword is restricted on the user read-only-admin.

      You will have to attempt to bind with the username and password to see if they will work. The restriction on access to userPassword access will not, to my knowledge, allow you to search using that field. On a system where you have full administrator access you would most likely be able to search using the userPassword field.

  96. Reply
    Reagan
    September 22, 2015 at 7:52 am

    Hi James,

    Thank you for this awesome tool!

    Im able to connect and validate a user(uid=einstein,dc=example,dc=com) using LdapConnection.bind(credentials) in c#;

    Can I retrieve the Group name eg. Scientist after the validation?
    Do i need to use the DirectorySearcher and filter
    eg.
    _path = “Ldap://ldap.forumsys.com:389/ou=scientists,dc=example,dc=com”;
    DirectorySearcher search = new DirectorySearcher(_path);
    search.Filter = “(cn=” + username + “)”;
    search.PropertiesToLoad.Add(“memberOf”);
    SearchResult result = search.FindOne();

    Thank you in advance

    • Reply
      James Wood
      September 23, 2015 at 10:15 am

      Reagan,

      Membership is established on the groups (AKA organizationalUnits or OU) and not on the users as it might be in active directory. The groups (example: ou=mathemeticians) have an attribute called uniqueMember, which points to the DN of the users in that group. The users themselves have no pointers to the groups they belong to.

      Hopefully, that helps clarify the setup.

      Please feel free to use Apache Directory Studio to explore the structure of the LDAP configuration.

  97. Reply
    Mary
    September 23, 2015 at 11:46 am

    Hello James,

    thank you for this service!
    I’m trying to connect to your server via ldapsearch on Linux:

    $ ldapsearch -w password -h ldap.forumsys.com:389 -D “uid=einstein,dc=example,dc=com” -b “dc=example,dc=com” -d 9
    ldap_create
    ldap_url_parse_ext(ldap://ldap.forumsys.com:389)
    ldap_sasl_bind
    ldap_send_initial_request
    ldap_new_connection 1 1 0
    ldap_int_open_connection
    ldap_connect_to_host: TCP ldap.forumsys.com:389
    ldap_new_socket: 3
    ldap_prepare_socket: 3
    ldap_connect_to_host: Trying 23.20.46.132:389
    ldap_pvt_connect: fd: 3 tm: -1 async: 0
    ldap_close_socket: 3
    ldap_err2string
    ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

    Any idea what went wrong here?

    Thanks in advance,
    Mary

    • Reply
      James Wood
      October 8, 2015 at 4:10 pm

      Mary,

      I am able to run the query you ran with no issues. There could have been a network or firewall issue between your location and the server, but the server itself has been up for since February 2014 with no downtime.

  98. Reply
    Anonymous
    September 24, 2015 at 8:59 pm

    Hi James,

    Appreciate this, a very useful tool.

    I was trying to connect from a sonicWALL to your ldap server, but it returns only one user ‘Tesla’.
    And when I do the authentication test, it is successful only for Tesla, not for any other users!

    Any thoughts?

    Krish

    • Reply
      James Wood
      October 8, 2015 at 4:13 pm

      Krish,

      I am not familiar with the LDAP setup on SonicWall, but I assume the issue is due to the bind user you setup or how SonicWall does its binding to check passwords.

  99. Reply
    Alfian
    September 29, 2015 at 6:35 am

    Can you help me?

    I am trying to test my NAS with your ldap test server for authentication.
    I don’t know what is wrong, everytime I connecting my NAS to this test server, my client can’t connect to my NAS.
    I am using freenas 9.3 and this is my configuration in my NAS to connect to this test server

    Hostname: 23.20.46.132
    Base DN: dc=forumsys,dc=com
    Bind DN: cn=read-only-admin,dc=example,dc=com
    Bind password: password

    can you help me fixing this? I really need it for my presentation.

    • Reply
      James Wood
      October 8, 2015 at 4:16 pm

      Alfian,

      I highly recommend using DNS names over IP addresses. The main issue is that your Base DN is incorrect. Modifications to your settings below:

      Hostname: ldap.forumsys.com
      Base DN: dc=example,dc=com

  100. Reply
    Yoesoff
    October 1, 2015 at 2:35 am

    thanks you very much for your kindness.

  101. Reply
    Yoesoff
    October 1, 2015 at 2:48 am

    Hi I got this from apache directory studio :
    ….
    Error while opening connection
    – Cannot connect to the server: Hostname ‘ldap.forumsys.com ‘ could not be resolved.
    org.apache.directory.ldap.client.api.exception.InvalidConnectionException: Cannot connect to the server: Hostname ‘ldap.forumsys.com ‘ could not be resolved.
    at org.apache.directory.ldap.client.api.LdapNetworkConnection.connect(LdapNetworkConnection.java:653)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$1.run(DirectoryApiConnectionWrapper.java:230)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1173)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doConnect(DirectoryApiConnectionWrapper.java:259)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.connect(DirectoryApiConnectionWrapper.java:170)
    at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:111)
    at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
    at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
    Caused by: java.nio.channels.UnresolvedAddressException
    at sun.nio.ch.Net.checkAddress(Net.java:101)
    at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:622)
    at org.apache.mina.transport.socket.nio.NioSocketConnector.connect(NioSocketConnector.java:185)
    at org.apache.mina.transport.socket.nio.NioSocketConnector.connect(NioSocketConnector.java:47)
    at org.apache.mina.core.polling.AbstractPollingIoConnector.connect0(AbstractPollingIoConnector.java:339)
    at org.apache.mina.core.service.AbstractIoConnector.connect(AbstractIoConnector.java:270)
    at org.apache.mina.core.service.AbstractIoConnector.connect(AbstractIoConnector.java:189)
    at org.apache.directory.ldap.client.api.LdapNetworkConnection.connect(LdapNetworkConnection.java:559)
    … 7 more

    Cannot connect to the server: Hostname ‘ldap.forumsys.com ‘ could not be resolved.

    Any sollution ?

    • Reply
      James Wood
      October 8, 2015 at 4:19 pm

      Yoesoff,
      Your error looks to be a DNS resolution issue. It appears you resolved it in a later comment. If your DNS is not working properly, please try a public DNS server such as those from Google: 8.8.8.8 and 8.8.4.4

  102. Reply
    rpelisse
    October 1, 2015 at 8:33 am

    Has anybody use the service recently ? It’s seems that no server is running behind 389 anymore :(

    # nmap ldap.forumsys.com

    Starting Nmap 6.47 ( http://nmap.org ) at 2015-10-01 14:31 CEST
    Nmap scan report for ldap.forumsys.com (23.20.46.132)
    Host is up (0.025s latency).
    rDNS record for 23.20.46.132: ec2-23-20-46-132.compute-1.amazonaws.com
    Not shown: 989 closed ports
    PORT STATE SERVICE
    25/tcp filtered smtp
    80/tcp filtered http
    110/tcp filtered pop3
    143/tcp filtered imap
    443/tcp filtered https
    465/tcp filtered smtps
    587/tcp filtered submission
    993/tcp filtered imaps
    995/tcp filtered pop3s
    3128/tcp open squid-http
    8080/tcp filtered http-proxy

    Would be awesome to restart it if possible !

    • Reply
      James Wood
      October 9, 2015 at 12:09 pm

      rpelisse,

      The service is indeed up and has been since the server was placed on line. I just did my own nmap (v6.47 as well) and the only port I found open was the LDAP port on 389. There may be a firewall or network proxy between you and the server that is limiting what can be scanned with nmap is some way.

      • Reply
        surjit
        November 16, 2015 at 4:54 am

        Hi James,

        I am also facing the same problem as mentioned in above post. Below is trace of my nmap query. I have disabled firewall for the sake of any issue from my machine.

        [root@apexOffshore oracle]# nmap ldap.forumsys.com

        Starting Nmap 6.40 ( http://nmap.org ) at 2015-11-16 01:47 PST
        Nmap scan report for ldap.forumsys.com (23.20.46.132)
        Host is up (0.060s latency).
        rDNS record for 23.20.46.132: ec2-23-20-46-132.compute-1.amazonaws.com
        Not shown: 995 filtered ports
        PORT STATE SERVICE
        80/tcp open http
        113/tcp closed ident
        443/tcp open https
        8008/tcp open http
        8010/tcp open xmpp

        Thanks,
        Surjit.

        • Reply
          James Wood
          November 20, 2015 at 3:33 pm

          surjit,

          Port 389 is indeed up. It may not be scanned by your nmap setup. Your scan showed up ports that I know for certain are not open (HTTP, etc).

          I ran an nmap and these are my results (as expected):

          Starting Nmap 6.47 ( http://nmap.org ) at 2015-11-20 15:35 EST
          Nmap scan report for ldap.forumsys.com (23.20.46.132)
          Host is up (0.0033s latency).
          rDNS record for 23.20.46.132: ec2-23-20-46-132.compute-1.amazonaws.com
          Not shown: 999 filtered ports
          PORT STATE SERVICE
          389/tcp open ldap

          Nmap done: 1 IP address (1 host up) scanned in 13.47 seconds

  103. Reply
    Yuri de Souza Vidal
    October 2, 2015 at 11:33 am

    Hey Guys, I tried make a test with this LDAP server using this example code ( https://goo.gl/C9Lhx1 ), but a recive this Eclipse console error “javax.naming.InvalidNameException: [LDAP: error code 34 – invalid DN]”. Here is my edit code ( http://pastebin.com/sQFPAz9J ). Can anyone give me a explanation, solution, light or a north? Thank’s!

    • Reply
      James Wood
      October 8, 2015 at 10:16 pm

      Yuri,

      The setup you are using is for Active Directory, while this server uses OpenLDAP.

      In your code, try changing this:
      String searchFilter = “(&(objectClass=user)(sAMAccountName=” + user + “))”;
      to
      String searchFilter = “(&(objectClass=user)(uid=” + user + “))”;

      That should at least get you going in the right direction.

  104. Reply
    elz
    October 6, 2015 at 11:35 pm

    where can I get the certificate for your LDAP test server? cuz it seems my NAS server need it to test the authentication?

    • Reply
      James Wood
      October 8, 2015 at 4:04 pm

      elz,

      LDAPS is not enabled on this server and thus it does not have an SSL certificate.

  105. Reply
    Niall Rochford
    October 7, 2015 at 4:19 pm

    Hello. Do you not have an “/ou=People”? I thought that was standard for Active directory. I have an app that uses that and it fails if it can’t find ou=People. Thanks Niall

    • Reply
      James Wood
      October 8, 2015 at 4:02 pm

      Niall,

      The LDAP server is an OpenLDAP server and not an Active Directory server. Thus we do not have any OUs beyond the ones mentioned at the top of this page. Use Apache Directory Studio for a better view of what is available in this LDAP server.

      • Reply
        Niall Rochford
        October 9, 2015 at 12:02 pm

        Thanks James. Do you know of a similar testing server (as yours) where I can test on Active Directory?

        • Reply
          James Wood
          October 9, 2015 at 12:27 pm

          Niall,

          I do not know of any publicly available Active Directory servers. You would either have to set one up on your own on a Windows Server release or if ADAM (Active Directory Application Mode) is available for your machine, you could try running that, though it probably has some caveats/limitations.

          You might be able to find an instance of Windows with AD you can bring up on a cloud service like Amazon Web Services, but there may be a cost associated with doing that.

  106. Reply
    Yoesoff
    October 8, 2015 at 10:47 am

    hi,
    everything just work right now, would you please tell me how to search user by specified OU ?
    Thanks

    • Reply
      James Wood
      October 9, 2015 at 1:14 pm

      Yoesoff,

      To search for a user under a specific OU, you need to look for that user in the set of uniqueMember attributes attached to the OU. The users themselves have no reference to the groups they belong to.

      Example entry:

      uniqueMember: uid=euclid,dc=example,dc=com

  107. Reply
    Anonymous
    October 9, 2015 at 8:16 am

    HI,
    does these uid still exist? I am getting credential error when passing ou=* and uid=euclid.
    thanks
    SK

    • Reply
      James Wood
      October 9, 2015 at 12:10 pm

      SK,

      All UIDs still exist. No entries have been removed from the system.

  108. Reply
    sk
    October 12, 2015 at 6:13 am

    Thanks James…and i hope password for them are same i.e. “password”……i am wondering then how come i am getting invalid credential error..

    My authentication logic is :
    first Search using filter criteria i.e. (uid=einstein) if matched then bind with password

    SK

    • Reply
      James Wood
      November 20, 2015 at 3:42 pm

      SK,

      When you search for “uid=euclid” should have a search base of “dc=example, dc=com”.

      All passwords are indeed password.

  109. Reply
    Yoesoff
    October 15, 2015 at 5:14 am

    Hi, I have another question.
    How to search/filter one user by Email ?
    is it possible ?

    as we know the users have email like below :

    ou=mathematicians,dc=example,dc=com
    riemann@ldap.forumsys.com
    dn: ‘uid=riemann,dc=example,dc=com’
    gauss@ldap.forumsys.com
    dn: ‘uid=gauss,dc=example,dc=com’
    euler@ldap.forumsys.com
    dn: ‘uid=euler,dc=example,dc=com’
    euclid@ldap.forumsys.com
    dn: ‘uid=euclid,dc=example,dc=com’

    ou=scientists,dc=example,dc=com
    einstein@ldap.forumsys.com
    dn: ‘uid=einstein,dc=example,dc=com’
    newton@ldap.forumsys.com
    dn: ‘uid=newton,dc=example,dc=com’
    galieleo@ldap.forumsys.com
    dn: ‘uid=galieleo,dc=example,dc=com’
    tesla@ldap.forumsys.com
    dn: ‘uid=tesla,dc=example,dc=com’

    • Reply
      James Wood
      November 20, 2015 at 3:50 pm

      Yoeseff,

      You will have to search through the users using the mail attribute. As far code for that I do not have anything and suggest you search for the code to do what you require.

  110. Reply
    Anonymous
    October 15, 2015 at 6:40 pm

    Very helpful. We now have a test case that uses your service. Thanks!

  111. Reply
    MArk B.
    October 23, 2015 at 7:17 pm

    I’ve inherited some existing C# code that attempts to retrieve user information from an LDAP server. It’s in production and working as is but I need to make some changes.. Long story short, I can’t test against our production LDAP servers and am attempting to use this one for test/dev. Connection information is kept in an XML config file. The below entry is the one I’m attempting use to do that:

    I’m not getting anything back. The trapped exception is: {“A protocol error occurred.”}

    These are the three commands where the action happens. It’s failing on the third.

    LdapConnection conn = getLdapConnection(server);

    SearchRequest search = new SearchRequest(server.Path, searchFilter, System.DirectoryServices.Protocols.SearchScope.Subtree, null);
    SearchResponse searchResponse = (SearchResponse)conn.SendRequest(search);

    The value of the searchFilter is “(uid=tesla)” with the quotes.

    I’ve tried the path value as an empty string “” and “ou=scientists,dc=example,dc=com” with the same results.

    I’m in Visual Studio 2013 using the WCF Test Client to pass in the search values.

    I’m pretty sure I’m not configuring something correctly. Can you see any problems with this?

    Thanks.

    • Reply
      James Wood
      November 20, 2015 at 4:01 pm

      Mark,

      Try making your path (Base DN) this value: “dc=forumsys,dc=com”. The OpenLDAP server as configured, has the users libing under the Base DN, and their membership in groups (ou=scientists,dc=forumsys.dc=com) is established bu the uniqueMember attribute on the ou. This in tern points to the DN of the user (uid=tesla,dc=forumsys.dc=com).

  112. Reply
    MArk B.
    October 23, 2015 at 7:19 pm

    Seems my XML entry was cut out. I hope this posts with it.

    ldapserver identifier=”TEST” servername=”ldap.forumsys.com” port=”389″ binddn=”cn=read-only-admin,dc=example,dc=com” bindpw=”password” secure=”false” path=”ou=scientists”

  113. Reply
    Anonymous
    October 26, 2015 at 7:15 pm

    Hey James,

    I was able to connect the server using Apache Directory Studio. But I can’t anymore, is the server down?

    Thanks you for making this server available for testing!

    • Reply
      James Wood
      November 20, 2015 at 4:03 pm

      The server has been up continuously since it was launched on February 19, 2014.

  114. Reply
    Anonymous
    October 27, 2015 at 4:21 am

    Good service……

  115. Reply
    Anonymous
    November 1, 2015 at 8:31 am

    Thank’you so much, worked perfectly for testing ruby’s net-ldap gem, you saved my (sun)day.

  116. Reply
    lephleg
    November 2, 2015 at 6:22 am

    Hello there,

    I’m trying to test LDAP authentication on a self-hosted instance of RAZUNA Digital Asset Management (http://wiki.razuna.com/pages/viewpage.action?pageId=40140823) and I’m using your directory. (Thanks a lot for this server btw!)

    I can get the list of users with the following settings:

    Server: ldap.forumsys.com
    Port: 389
    User Name: cn=read-only-admin,dc=example,dc=com
    Password: password
    Is Secure: No
    Filter: (&(objectClass=person))
    Start: dc=example,dc=com
    Server Type: LDAP
    LDAP User DN Sample: uid=euclid,dc=example,dc=com

    And I can import all of them. But when I try to login to the system with lets say the following credentials

    username: euclid
    password: password

    I get an error 34 regarding the DN:

    Error was: javax.naming.InvalidNameException: [LDAP: error code 34 – invalid DN]

    I double checked the DN using Apache Directory Studio and seems correct. Could you assist me troubleshoot this?

    Thanks for your time!

    • Reply
      James Wood
      November 20, 2015 at 4:15 pm

      lephleg,

      Based on the error, it sounds like Razuna is not building the correct DN to validate the user and password.

      As all of the other setting look right, I would look at the filter setting perhaps and try inetOrgPerson.

      That being said, I have never used Razuna.

  117. Reply
    Krishna
    November 13, 2015 at 4:48 am

    Hi,

    When I was trying to telnet the server I’m getting the following error

    $ telnet ldap.forumsys.com 389
    Trying 23.20.46.132…
    telnet: Unable to connect to remote host: Connection refused

    • Reply
      James Wood
      November 20, 2015 at 4:05 pm

      Krishna,

      I am able to connect fine with Apache Directory studio. Perhaps you are having a firewall or networking issue.

      $ telnet ldap.forumsys.com 389
      Trying 23.20.46.132…
      Connected to ec2-23-20-46-132.compute-1.amazonaws.com.
      Escape character is ‘^]’.

Leave a Comment