Browse LDAP

From Tardis
Jump to: navigation, search

This tutorial shows you how to use Apache Directory Studio to browse LDAP. Only system administrators will have access to the credentials required to get through a part of this tutorial. This tutorial also assumes you have SSH all set up.

Getting the software

First, you'll need to grab Apache Directory Studio from Apache Directory website. It's available for Linux, Windows, and macOS, so don't worry. This tutorial uses macOS Sierra but it should be fairly straightforward for other platforms.

Once you've got that installed (if you're a macOS user, you may run across this issue), run the software.

Finding the main interface

Right now you should be presented with the below welcome screen.

LDAP Welcome Screen

Hit the close button next to the Welcome tab (highlighted above) to get access to the main interface.

LDAP Main Interface

Adding a connection

Go to File -> New, and then navigate to the LDAP Connection wizard. It should be filed under LDAP Browser.

Select LDAP Wizard

Navigating to LDAP Connection will bring us to the below screen:

New LDAP Connection

Setting the Network Parameters

Set the name to Tardis localhost:1389. You may be wondering, why are we writing localhost? Isn't the LDAP server on Tardis?

Yes, the LDAP server is on Tardis, but it is behind the firewall. We'll be using SSH port forwarding to get a connection through to the LDAP VM on the Tardis network. Run this command to start SSH port forwarding.

ssh -NL 1389:ldap:389 ssh.tardis.ed.ac.uk

  • -N: This means we do not want execute a remote command. This is useful for just forwarding ports, since we don't want to also access the machine using regular SSH.
  • -L 1389:ldap:389: This means we want all traffic on the port 1389 of localhost to go to the ldap:389 address on the remote server.

The reason we use 1389 locally instead of 389, is that all ports under 1024 require sudo to be used.

Once you run the command, depending on how you have things set up, you will be prompted for a password. You'll then receive the welcome message, and then nothing will happen. This is good.

On the wizard, for the Hostname, type in localhost. For the Port, type in 1389. This is what your screen should look like:

New LDAP Connection Filled

Leave the other options as default, and press Next.

Authentication

This screen requires us to provide the details for Simple Authentication. We'll be grabbing these details from the LDAP config file. Open up SSH, and read the /etc/tardis/ldap.conf file. You will need root privileges to do this, use sudo cat.

The file has the structure of key/value pairs, as well as categories. It should look a little bit like this:

[server]
...
binddn=some=stuff,exists=here
bindpw=and,the,secure,password,here
...
  • [server] is the server category
  • binddn has the value some=stuff,exists=here
  • bindpw has the value and,the,secure,password,here

The ellipsis just represents that there may be other key/value pairs in the file. On the wizard fill in Bind DN or user field with the binddn value, and fill the password field with bindpw value. Smack Check Authentication and make sure everything works fine.

LDAP Authentication

Press Finish, and you should be in!

Browsing LDAP

Connecting again

All of that was just a one time setup. In the future, when you start Apache Directory Studio, you just need to run ssh -NL 1389:ldap:389 ssh.tardis.ed.ac.uk, and then select the connection in the bottom-left hand side of the main window.

LDAP Connecting Again