ldap-server

Simple all-in-one LDAP server (wrapped ApacheDS).

You don't need any configuration files to get it working. Just launch the JAR and that's it.

Server data are not persisted, they just live in memory.

Download

Download latest tag from GitHub releases

Docker container

If you search a lightweight Docker container with LDAP server for your testing, you can use kwart/ldap-server.

docker pull kwart/ldap-server
docker run -it --rm kwart/ldap-server

Development

You can simply build the software yourself.

How to get the sources

You should have git installed

git clone git://github.com/kwart/ldap-server.git

or you can download current sources as a zip file

How to build it

You need to have Maven installed

mvn clean package

How to run it

java -jar ldap-server.jar [data.ldif]

Help

$ java -jar target/ldap-server.jar --help
The ldap-server is a simple LDAP server implementation based on ApacheDS. It
creates one user partition with root 'dc=ldap,dc=example'.

Usage: java -jar ldap-server.jar [options] [LDIFs to import]
  Options:
    --admin-password, -ap
       changes password for account 'uid=admin,ou=system' (default password is
       'secret')
    --allow-anonymous, -a
       allows anonymous bind to the server
       Default: false
    --bind, -b
       takes [bindAddress] as a parameter and binds the LDAP server on the
       address
       Default: 0.0.0.0
    --help, -h
       shows this help and exits
       Default: false
    --port, -p
       takes [portNumber] as a parameter and binds the LDAP server on that port
       Default: 10389
    --ssl-enabled-ciphersuite, -scs
       takes [sslCipherSuite] as argument and enables it for 'ldaps'. Can be
       used multiple times.
    --ssl-enabled-protocol, -sep
       takes [sslProtocolName] as argument and enables it for 'ldaps'. Can be
       used multiple times. If the argument is not provided following are used:
       TLSv1, TLSv1.1, TLSv1.2
    --ssl-keystore-file, -skf
       takes keystore [filePath] as argument. The keystore should contain
       privateKey to be used by LDAPs
    --ssl-keystore-password, -skp
       takes keystore [password] as argument
    --ssl-need-client-auth, -snc
       enables SSL 'needClientAuth' flag
       Default: false
    --ssl-port, -sp
       adds SSL transport layer (i.e. 'ldaps' protocol). It takes [portNumber]
       as a parameter and binds the LDAPs server on the port
    --ssl-want-client-auth, -swc
       enables SSL 'wantClientAuth' flag
       Default: false

Examples:

$ java -jar ldap-server.jar users.ldif
Starts LDAP server on port 10389 (all interfaces) and imports users.ldif

$ java -jar ldap-server.jar -sp 10636 users.ldif
Starts LDAP server on port 10389 and LDAPs on port 10636 and imports the LDIF

$ java -jar ldap-server.jar -b 127.0.0.1 -p 389
Starts LDAP server on address 127.0.0.1:389 and imports default data (one user
entry 'uid=jduke,ou=Users,dc=ldap,dc=example'

SSL/TLS

If you want to enable SSL/TLS ('ldaps') and use your own certificate, the generate (or import) the private key into a JKS keystore and provide path to it as argument.

# generate a keypair
keytool -validity 365 -genkey -alias myserver -keyalg RSA -keystore /tmp/ldaps.keystore -storepass 123456 -keypass 123456 -dname cn=myserver.mycompany.com

# use the generated keypair (-skf) with given password (-skp)
# We also enable detail SSL debug information by setting javax.net.debug system property.
java -Djavax.net.debug=all -jar target/ldap-server.jar -sp 1038389 -skf /tmp/ldaps.keystore -skp 123456

Default LDIF

version: 1

dn: dc=ldap,dc=example
dc: ldap
objectClass: top
objectClass: domain

dn: ou=Users,dc=ldap,dc=example
objectClass: organizationalUnit
objectClass: top
ou: Users

dn: uid=jduke,ou=Users,dc=ldap,dc=example
objectClass: top
objectClass: person
objectClass: inetOrgPerson
cn: Java Duke
sn: duke
uid: jduke
userPassword: theduke

dn: ou=Roles,dc=ldap,dc=example
objectclass: top
objectclass: organizationalUnit
ou: Roles

dn: cn=Admin,ou=Roles,dc=ldap,dc=example
objectClass: top
objectClass: groupOfNames
cn: Admin
member: uid=jduke,ou=Users,dc=ldap,dc=example

Deploy/Release

Deploy snapshots

mvn clean install deploy

Release

mvn -Prelease release:prepare
mvn -Prelease release:perform

Sample usage (LDAP search)

The ldapsearch Linux tool is used in the following examples:

$ # Anonymous LDAP search
$ # the 172.17.0.2 is the IP address of the kwart/ldap-server docker container
$  ldapsearch -x -b "dc=ldap,dc=example" -LL -H ldap://172.17.0.2 | head -n 13 
version: 1

dn: ou=Roles,dc=ldap,dc=example
ou: Roles
objectclass: top
objectclass: organizationalUnit

dn: cn=Admin,ou=Roles,dc=ldap,dc=example
cn: Admin
objectclass: top
objectclass: groupOfNames
member: uid=jduke,ou=Users,dc=ldap,dc=example

$ # LDAP search with a user authentication:
$ ldapsearch -x -b "dc=ldap,dc=example" -LL -H ldap://172.17.0.2 -D "uid=jduke,ou=Users,dc=ldap,dc=example" -w theduke | tail -n 10
dn: dc=ldap,dc=example
dc: ldap
objectclass: top
objectclass: domain

dn: ou=Users,dc=ldap,dc=example
ou: Users
objectclass: top
objectclass: organizationalUnit

License

• Apache License, Version 2.0