Skip to content

Testing LDAPS Servers⚓︎

Cert Verification⚓︎

Various tests can be performed an LDAPS server to verify it is configured properly and with valid certs.

To validate the cert validity you can use the following:

Bash
1
yes n | openssl s_client -connect ldaps.company.com:636

You will want to verify the expiration date and that the Subject Common Name matches the DNS entry clients will be using.

Query Verification⚓︎

To test LDAPS and perform queries using ldapsearch from the openldap package. Use the following for a basic connectivity test:

Bash
1
2
3
4
5
6
# Change the '-D' value to be your user for authentication to LDAP
# Confirm '-H' is the correct FQDN that clients will be using
ldapsearch -H ldaps://ldaps.company.com -D "cn=my_user,ou=user,ou=person,dc=company,dc=com" -b "cn=my_user,ou=user,ou=person,dc=company,dc=com" -W

# If for any reason the above fails it may be worth adding '-d 5' to enable debugging
ldapsearch -H ldaps://ldaps.company.com -D "cn=my_user,ou=user,ou=person,dc=company,dc=com" -b "cn=my_user,ou=user,ou=person,dc=company,dc=com" -W -d 5

Resources⚓︎

F5 LDAPS iApp Deployment Guide Using ldapsearch on linoxide.com