Troubleshooting LDAP

Celoxis LDAP authentication has been by hundreds of companies in various environments. If your LDAP based authenticaton is not working, it is most likely because of a misconfiguration which can be easily remedied using the LDAP Quest program.

About LDAP Quest

Celoxis LDAP Quest is a java program to debug connection and authentication issues with an LDAP server. First, it connects to an LDAP server and authenticates using the specified admin DN and password. If successful, tries to connect as the specified combination of end-user and password.

Downloading LDAP Quest

Download ldap-quest.zip from here

Using LDAP Quest

  1. Unzip the ldap-quest.zip file. It should create a folder ldap-quest that contains the LDAPQuest.class file.
  2. Open a terminal window and cd to the ldap-quest folder. You must now be in the same directory that contains the LDAPQuest.class file.
  3. Then type: java LDAPQuest <ldap-url> <admin-DN> <admin-password> <ldap-search-attr> <base-dn> <celoxis-username> <password>
    • If you are using Microsoft ADS, the ldap-search-attr must always be sAMAccountName
    • If any of the program arguments (e.g. password), contains a space or special characters, enclose it within single quotes.
Examples

$ java LDAPQuest ldap://ldap.celoxis.com cn=Administrator,cn=users,dc=celoxis,dc=com kaboom1 sAMAccountName cn=users,dc=celoxis,dc=com Joe joeIsKing1
1) Trying to connect to LDAP and bind as Admin...
----------------------------------------------------------------------------------------
SUCCESS: Admin authenticated successfully.

2) Trying to authenticate end user...
----------------------------------------------------------------------------------------
Searching for Joe in cn=users,dc=celoxis,dc=com
FOUND DN: CN=Joe,CN=Users,DC=celoxis,DC=com

3) Connecting as CN=Joe,CN=Users,DC=celoxis,DC=com with specified password...
----------------------------------------------------------------------------------------
SUCCESS: Joe authenticated successfully.

$ java LDAPQuest ldap://ldap.celoxis.com 'cn=Marcia Overstrand,cn=users,dc=celoxis,dc=com' kaboom1 sAMAccountName ou=Sales,dc=celoxis,dc=com Joe joeIsKing1
1) Trying to connect to LDAP and bind as Admin...
----------------------------------------------------------------------------------------
SUCCESS: Admin authenticated successfully.
2) Trying to authenticate end user...
----------------------------------------------------------------------------------------
Searching for Joe in ou=Sales,dc=celoxis,dc=com
FOUND DN: CN=Joe,OU=Sales,DC=celoxis,DC=com
3) Connecting as CN=Joe,OU=Sales,DC=celoxis,DC=com with specified password...
----------------------------------------------------------------------------------------
SUCCESS: Joe authenticated successfully.

$ java LDAPQuest ldap://ldap.forumsys.com cn=read-only-admin,dc=example,dc=com password uid dc=example,dc=com euler password
1) Trying to connect to LDAP and bind as Admin...
-------------------------------------------------------------------------------
SUCCESS: Admin authenticated successfully.

2) Trying to authenticate end user...
-------------------------------------------------------------------------------
Searching for euler in dc=example,dc=com
FOUND DN: uid=euler,dc=example,dc=com

3) Connecting as uid=euler,dc=example,dc=com with specified password...
-------------------------------------------------------------------------------
SUCCESS: euler authenticated successfully.