Simple all-in-one LDAP server (wrapped ApacheDS).
You don't need any configuration files to get it working. Just launch the JAR and that's it.
Server data are not persisted, they just live in memory.
Download latest tag from GitHub releases
If you search a lightweight Docker container with LDAP server for your testing, you can use kwart/ldap-server
.
docker pull kwart/ldap-server
docker run -it --rm kwart/ldap-server
You can simply build the software yourself.
You should have git installed
git clone git://github.com/kwart/ldap-server.git
or you can download current sources as a zip file
You need to have Maven installed
mvn clean package
java -jar ldap-server.jar [data.ldif]
$ java -jar target/ldap-server.jar --help
The ldap-server is a simple LDAP server implementation based on ApacheDS. It
creates one user partition with root 'dc=ldap,dc=example'.
Usage: java -jar ldap-server.jar [options] [LDIFs to import]
Options:
--admin-password, -ap
changes password for account 'uid=admin,ou=system' (default password is
'secret')
--allow-anonymous, -a
allows anonymous bind to the server
Default: false
--bind, -b
takes [bindAddress] as a parameter and binds the LDAP server on the
address
Default: 0.0.0.0
--help, -h
shows this help and exits
Default: false
--port, -p
takes [portNumber] as a parameter and binds the LDAP server on that port
Default: 10389
--ssl-enabled-ciphersuite, -scs
takes [sslCipherSuite] as argument and enables it for 'ldaps'. Can be
used multiple times.
--ssl-enabled-protocol, -sep
takes [sslProtocolName] as argument and enables it for 'ldaps'. Can be
used multiple times. If the argument is not provided following are used:
TLSv1, TLSv1.1, TLSv1.2
--ssl-keystore-file, -skf
takes keystore [filePath] as argument. The keystore should contain
privateKey to be used by LDAPs
--ssl-keystore-password, -skp
takes keystore [password] as argument
--ssl-need-client-auth, -snc
enables SSL 'needClientAuth' flag
Default: false
--ssl-port, -sp
adds SSL transport layer (i.e. 'ldaps' protocol). It takes [portNumber]
as a parameter and binds the LDAPs server on the port
--ssl-want-client-auth, -swc
enables SSL 'wantClientAuth' flag
Default: false
Examples:
$ java -jar ldap-server.jar users.ldif
Starts LDAP server on port 10389 (all interfaces) and imports users.ldif
$ java -jar ldap-server.jar -sp 10636 users.ldif
Starts LDAP server on port 10389 and LDAPs on port 10636 and imports the LDIF
$ java -jar ldap-server.jar -b 127.0.0.1 -p 389
Starts LDAP server on address 127.0.0.1:389 and imports default data (one user
entry 'uid=jduke,ou=Users,dc=ldap,dc=example'
If you want to enable SSL/TLS ('ldaps') and use your own certificate, the generate (or import) the private key into a JKS keystore and provide path to it as argument.
# generate a keypair
keytool -validity 365 -genkey -alias myserver -keyalg RSA -keystore /tmp/ldaps.keystore -storepass 123456 -keypass 123456 -dname cn=myserver.mycompany.com
# use the generated keypair (-skf) with given password (-skp)
# We also enable detail SSL debug information by setting javax.net.debug system property.
java -Djavax.net.debug=all -jar target/ldap-server.jar -sp 1038389 -skf /tmp/ldaps.keystore -skp 123456
version: 1
dn: dc=ldap,dc=example
dc: ldap
objectClass: top
objectClass: domain
dn: ou=Users,dc=ldap,dc=example
objectClass: organizationalUnit
objectClass: top
ou: Users
dn: uid=jduke,ou=Users,dc=ldap,dc=example
objectClass: top
objectClass: person
objectClass: inetOrgPerson
cn: Java Duke
sn: duke
uid: jduke
userPassword: theduke
dn: ou=Roles,dc=ldap,dc=example
objectclass: top
objectclass: organizationalUnit
ou: Roles
dn: cn=Admin,ou=Roles,dc=ldap,dc=example
objectClass: top
objectClass: groupOfNames
cn: Admin
member: uid=jduke,ou=Users,dc=ldap,dc=example
Deploy snapshots
mvn clean install deploy
Release
mvn -Prelease release:prepare
mvn -Prelease release:perform
The ldapsearch
Linux tool is used in the following examples:
$ # Anonymous LDAP search
$ # the 172.17.0.2 is the IP address of the kwart/ldap-server docker container
$ ldapsearch -x -b "dc=ldap,dc=example" -LL -H ldap://172.17.0.2 | head -n 13
version: 1
dn: ou=Roles,dc=ldap,dc=example
ou: Roles
objectclass: top
objectclass: organizationalUnit
dn: cn=Admin,ou=Roles,dc=ldap,dc=example
cn: Admin
objectclass: top
objectclass: groupOfNames
member: uid=jduke,ou=Users,dc=ldap,dc=example
$ # LDAP search with a user authentication:
$ ldapsearch -x -b "dc=ldap,dc=example" -LL -H ldap://172.17.0.2 -D "uid=jduke,ou=Users,dc=ldap,dc=example" -w theduke | tail -n 10
dn: dc=ldap,dc=example
dc: ldap
objectclass: top
objectclass: domain
dn: ou=Users,dc=ldap,dc=example
ou: Users
objectclass: top
objectclass: organizationalUnit