As developers we sometimes need querying LDAP. Do you know useful tools for this task?
edit: I don't mean in code, I mean utility/tool (command-line or gui, mostly gui) for just to look/confirm data, or if possible to alter...
Asked
Active
Viewed 7.3k times
27
-
Something for Stack Overflow? – Mark Henderson Jun 22 '09 at 21:20
-
More info please. Do you mean in a program via code (in which case, yeah, SO is better) or just via a utility? Which OS? Command-line or GUI? Just to look/confirm, or do something with the results? – Maximus Minimus Jun 22 '09 at 22:05
18 Answers
27
It's not exactly lightweight, but it is an excellent tool for doing ad hoc inspection and modifications to an LDAP database
Dave Cheney
- 18,307
- 7
- 48
- 56
-
Note it's a java tool (based on Eclipse), so it's available where java is available, and not on just 1 OS – chburd Jun 23 '09 at 08:26
-
2As the poster suggests, it is anything but lightweight! Eclipse is a largish framework, just for an LDAP tool. Having said that, it is a very nice LDAP tool. – geoffc Jun 23 '09 at 11:40
16
ldapsearch is pretty lightweight... Part of the standard bits that come with openLDAP. What platform, etc?
ldapsearch -h ldapserver -b ou=people,dc=example,dc=com -D uid=root,dc=example,dc=com -x -W "(|(uid=foo)(cn=*bar*))"
I'd suggest setting up an alias or script that prefills in the boring bits that are always the same. My example assumes authentication. read the manpage.
freiheit
- 14,334
- 1
- 46
- 69
-
1You could also add a lot of the boring bits that's the same to your ${HOME}/.ldaprc (man ldap.conf should get you started) – Kjetil Joergensen Jun 22 '09 at 21:41
-
-
1@RobW: ldapsearch doesn't have any way of updating an LDAP directory, but other tools from the same standard OpenLDAP toolset can. ldapadd, ldapdelete and ldapmodify. – freiheit Jul 09 '10 at 20:18
15
For Windows there's LDP. I use it all the time. It's part of the Windows Support Tools.
Update: For Win7 and Win10 install RSAT (Remote Server Administration Tools). Install through Control Panel | Programs and Features | Turn Windows features on or off and selecting the desired tools underneath Remote Server Administration Tools.
squillman
- 37,618
- 10
- 90
- 145
-
-
@MarkLopez Thanks. I just removed the link. I don't remember but I think it was just a link on how to use it which just can be Googled at this point. – squillman May 28 '19 at 12:52
-
-
@JérômeMEVEL No. It's for _support_ of Windows Server. The tools can be used on Windows desktop editions. I've used it for years and years. I currently have it installed and running in Win 10. – squillman Jan 28 '22 at 14:01
-
@squillman the only way I found to get it is by installing [RSAT](https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/remote-server-administration-tools#download-locations-for-rsat). Could you tell me where is your `ldp.exe` located? Mine is weirdly in the `C:\Windows\WinSxS\amd64_microsoft-windows-d..n-tools-command-ldp_31bf3856ad364e35_10.0.18362.2037_none_5cfd03f0630a574a` directory but when I launch it I get an error. That would be nice if you could update your answer with latest information and link. Thanks – Jérôme MEVEL Jan 28 '22 at 15:20
-
@JérômeMEVEL ldp.exe is in C:\windows\system32 (%windir%\system32). I've updated my answer with new instructions, but it is the link to which you refer. – squillman Jan 28 '22 at 15:53
-
The folder you refer to is the Windows component store and not the primary location for files within it. It's a system folder that provides several functions. I would not expect that folder to be the sole location for ldp.exe. – squillman Jan 28 '22 at 16:03
-
For some reason I didn't get the `ldp.exe` file after installing RSAT but I finally got it by activating the `Active Directory Lightweight Directory Services` Windows feature. Thanks for your answer – Jérôme MEVEL Jan 28 '22 at 16:05
8
ldapvi - it returns the results of the search into $EDITOR, where you can change all of them at once, then just save and it handles the details. Much better than faffing around with LDIF. As for a more heavyweight LDAP browser, I second Apache Directory Studio.
TRS-80
- 2,564
- 17
- 15
5
I've used Softerra LDAP Browser (http://www.ldapadministrator.com/) before in the past. It's reasonably lightweight (GUI based, but pretty nice for perusing LDAP - made my life easier on multiple occasions!). Windows only though unfortunately.
They also offer a commercial version called LDAP Administrator, but I've no experience with that product. I certainly recommend the freeware version though!
CapBBeard
- 948
- 2
- 9
- 13
-
i specially like the SQL LDAP Query option available in Softerra LDAP Browser. – th1rdey3 Jan 22 '13 at 05:24
4
As has already been suggested, Apache Directory Studio is a great desktop application, I really do love it a lot. Usually though I just want something, as you said, lightweight and preferably command line. Just recently I stumbled across Shelldap.
When you launch shelldap it operates like a pseudo shell where your working directories are actually the branches of your LDAP tree. It responds to operations like:
- cd ou=People
- cat uid=tbielawa
- edit cn=www001
I really like it. Like with the ldapsearch and ldapmodify tools included in the standard client packages it supports config files to remember your server, ou, bind dn, passwords, etc.
Shelldap is...
...available via the FreeBSD ports system, OS X via macports, Debian/Ubuntu
via apt, and NetBSD's pkgsrc.
Check out their website: http://projects.martini.nu/shelldap
Tim Bielawa
- 656
- 4
- 6
-
It also supports things like `grep gecos="Timothy*"` for searching. Etc.... – Tim Bielawa Mar 10 '11 at 00:51
-
Can't be installed via brew; needs mercurial (hg) to clone. Too many barriers ;) – Martin Cleaver Oct 05 '17 at 14:24
3
If you are looking for tools which give you deep insight of ldap directory the two good ones are JXplorer or LDAP Admin Tool.
2
On *nix I've used luma a bit for poking around with a gui-tool and then there's, well, ldapsearch (from OpenLDAP). ldapsearch, while perhaps taking some getting used to, works very well once you get your head around the manual-page and options.
Kjetil Joergensen
- 5,854
- 1
- 26
- 20
2
If you're only concerned about Windows and Active Directory, adsiedit.msc is hard to beat. It lets you get right in under the bonnet with absolutely everything. Better hope you don't have admin rights when you're using it though! Can be very dangerous...
Maximus Minimus
- 8,937
- 1
- 22
- 36
1
Ldap Admin is free Win32 administration tool for LDAP directory management. Is pretty lightweight and useful for simple query operations. For more complex scenearios I prefer Apache Directory Studio.
JuanZe
- 109
- 6
1
Forgive me, I'm a newbie here. I wanted to "reply" to geoffc's post but couldn't figure out how.
I also use LDAP Browser/Editor and it's currently available for download at http://www.novell.com/communities/node/8652/gawors-excellent-ldap-browsereditor-v282
Daniel Serodio
- 249
- 3
- 10
-
I use this one to hit an instance of Tivoli Directory. Works fine, no problems. – mfinni Sep 30 '10 at 16:36
1
LBE, LDAP Browser/Editor would fit your bill. Less than a meg or so, and fast! Very useful.
Alas, the author, Gowar seems to have disappeared and all references to download it seem to be dead. I still have and use a copy, and would love to find a 'live' source to tell others to get it from.
Found a location to get a copy.
geoffc
- 2,135
- 5
- 25
- 37
0
If you are a developer you could feel confortable using some ldap libraries for scripting languages.
I use ruby. You can use irb from the command line for fast queries like this:
$ irb
>> require 'ldap'
=> true
>> ldap.search(BASE_DN, LDAP::LDAP_SCOPE_SUBTREE, filter) do |result|
?> ... do something with result array ...
?> end
The advantage over ldapsearch is that you can do better post-processing of the ldap results while still being a fast, lightweight solution.
chmeee
- 7,270
- 3
- 29
- 43
0
There's ud. Should be part of the OpenLDAP distribution when I last looked at it a decade ago.
Jauder Ho
- 5,337
- 2
- 18
- 17