23

I'm a developer for a product that integrates with LDAP for authentication. I need to set up a directory that I can test against.

I'm not an expert with LDAP. To help ease the learning curve it'd be useful to have a real-world example directory.

Are there any resources that'll help me set up an demo directory, ready-to-go? A VMware appliance for example?

Chopper3
  • 100,240
  • 9
  • 106
  • 238
chroder
  • 634
  • 2
  • 7
  • 16

4 Answers4

12

OpenDS is very easy to get running - just download the ZIP file and run the installer or use the Java web-start. The installer can populate the directory with test entries too if you want to see some example data.

Edit (2020): OpenDJ is the successor to OpenDS after Oracle closed it down, but I haven't tested it to see if it has the same easy installation with sample data. Give it a try.

I'd strongly recommend Apache Directory Studio as a good client to use to get familiar with how to browse, edit and manage data via LDAP.

Dominic Cleal
  • 3,120
  • 17
  • 16
9

Install Ubuntu Server Edition 8.10, boot it up and install OpenLDAP.

$ sudo apt-get install slapd ldap-utils

You can probably just accept the defaults if this is just for testing, therefore your domain will be dc=example,dc=com. In the install wizard it should ask you to setup your ldap admin user, this user's DN should be *cn=admin,dc=example,dc=com`.

Then you'll need to add two organizational units, one for People, one for Groups. Create the file myldap.ldif and place into it this:

dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups

If LDAP is running, shut it down with /etc/init.d/slapd stop.

Use ldapadd to add the LDIF file to our LDAP database:

$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f myldap.ldif

It will ask you for your password that you set during the install.

Fire LDAP back up with /etc/init.d/slapd start and then install Webmin:

$ sudo aptitude install perl libnet-ssleay-perl openssl \
                        libauthen-pam-perl libpam-runtime \
                        libio-pty-perl libmd5-perl
$ wget http://garr.dl.sourceforge.net/sourceforge/webadmin/webmin_1.441_all.deb
$ sudo dpkg -i webmin_1.441_all.deb

You can now navigate to your LDAP server's IP at port 10000 using URL https://your-server-ip:10000/. Note you will be required to enter the root password for the computer at this login screen.

From here we need to configure Webmin to interact with our LDAP environment. Expand "System" and then select "LDAP Users and Groups." Click "Module Config" at the top of the page and find the following option and enter this custom data:

Base for users  ou=People,dc=example,dc=com
Base for groups     ou=Groups,dc=example,dc=com

Click save at the bottom. You will be returned to the previous screen where you can now add LDAP users and groups. This is now a functioning LDAP server. You can query it from the command using ldapsearch:

Whole database:

$ ldapsearch -x -h <your-server-ip> -b "dc=example,dc=com"

User search:

$ ldapsearch -x -h <your-server-ip> -b "dc=example,dc=com" '(uid=blah)'

I did most of this from memory so you'll have to forgive me if I missed a couple steps. Enjoy.

Alois Mahdal
  • 263
  • 1
  • 4
  • 17
Jordan Eunson
  • 1,312
  • 9
  • 15
  • 1
    This answer looks pretty good still, in 2022. I recently installed on Ubuntu 20.04 for testing, and the steps I followed look the same as these, although instead of Webmin I chose to use ldap* commands and Apache Directory Studio. I recommend sticking with example.com if it is only for testing/learning, as I had issues when I tried another domain. – Liam Jan 28 '22 at 17:37
3

I don't think any LDAP server is gonna be easy until you brush up on your LDAP a little; most of the concepts are shared across them.

For Windows it might be worth your while looking at Active Directory Application Mode, which gives you fairly basic (but comprehensive enough for development requirements) LDAP functionality without all of the Domain/DNS/etc baggage that comes with full AD.

Maximus Minimus
  • 8,937
  • 1
  • 22
  • 36
1

ForumSys provides a free LDAP test server for this very purpose! Just connect to it with your favorite language to test your auth code, no need for any set up, check it out: https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/