Lightweight Directory Access Protocol (LDAP)

LDAP is a protocol for directory structures (eDirectory and Active Directory) to talk to each other.

LDAP Structure

There are only four basic fields in LDAP Data Interchange Format (LDIF)

• dc Domain Component (dc=gwava,dc=com)
• ou Organizational Unit (ou=provo or ou=montreal)
• cn Common Name (cn=Stephan Fassmann or cn=confRm01)
• dn Distinguishing Name (dn=stephanf)

LDAP Authentication errors

When setting up a system with LDAP authentication you may get an error code 49. The indicates an authentications error. The particular error will help resolve the issue.

• 525 user not found
• 52e invalid credentials
• 530 not permitted to logon at this time
• 531 not permitted to logon at this workstation
• 532 password expired
• 533 account disabled
• 701 account expired
• 773 user must reset password
• 775 user account locked

LDAP Troubleshooting Tools

There are a few tools take can be handy in dealing with LDAP issues.

Softerra LDAP Browser is a very good tool since it is a read-only device so it can't do anything dangerous.

Apache Directory Studio This is a more powerful tool as it can write to directory structures, given proper credentials.