This tutorial shows you how to use Apache Directory Studio to browse LDAP. Only system administrators will have access to the credentials required to get through a part of this tutorial. This tutorial also assumes you have SSH all set up.
Getting the software
First, you'll need to grab Apache Directory Studio from Apache Directory website. It's available for Linux, Windows, and macOS, so don't worry. This tutorial uses macOS Sierra but it should be fairly straightforward for other platforms.
Once you've got that installed (if you're a macOS user, you may run across this issue), run the software.
Finding the main interface
Right now you should be presented with the below welcome screen.
Hit the close button next to the Welcome tab (highlighted above) to get access to the main interface.
Adding a connection
Go to File -> New, and then navigate to the LDAP Connection wizard. It should be filed under LDAP Browser.
Navigating to LDAP Connection will bring us to the below screen:
Setting the Network Parameters
Set the name to Tardis localhost:1389. You may be wondering, why are we writing localhost? Isn't the LDAP server on Tardis?
Yes, the LDAP server is on Tardis, but it is behind the firewall. We'll be using SSH port forwarding to get a connection through to the LDAP VM on the Tardis network. Run this command to start SSH port forwarding.
ssh -NL 1389:ldap:389 ssh.tardis.ed.ac.uk
- -N: This means we do not want execute a remote command. This is useful for just forwarding ports, since we don't want to also access the machine using regular SSH.
- -L 1389:ldap:389: This means we want all traffic on the port 1389 of localhost to go to the ldap:389 address on the remote server.
The reason we use 1389 locally instead of 389, is that all ports under 1024 require sudo to be used.
Once you run the command, depending on how you have things set up, you will be prompted for a password. You'll then receive the welcome message, and then nothing will happen. This is good.
On the wizard, for the Hostname, type in localhost. For the Port, type in 1389. This is what your screen should look like:
Leave the other options as default, and press Next.
This screen requires us to provide the details for Simple Authentication. We'll be grabbing these details from the LDAP config file. Open up SSH, and read the
/etc/tardis/ldap.conf file. You will need root privileges to do this, use
The file has the structure of key/value pairs, as well as categories. It should look a little bit like this:
[server] ... binddn=some=stuff,exists=here bindpw=and,the,secure,password,here ...
[server]is the server category
binddnhas the value
bindpwhas the value
The ellipsis just represents that there may be other key/value pairs in the file. On the wizard fill in Bind DN or user field with the
binddn value, and fill the password field with
bindpw value. Smack Check Authentication and make sure everything works fine.
Press Finish, and you should be in!
All of that was just a one time setup. In the future, when you start Apache Directory Studio, you just need to run
ssh -NL 1389:ldap:389 ssh.tardis.ed.ac.uk, and then select the connection in the bottom-left hand side of the main window.
Tips & Tricks
- Clear groups cache using sudo nscd --invalidate=group