Lightweight Directory Access Protocol (LDAP)

LDAP is a protocol for directory structures (eDirectory and Active Directory) to talk to each other.

LDAP Structure

There are only four basic fields in LDAP Data Interchange Format (LDIF)

• dc Domain Component (dc=gwava,dc=com)
• ou Organizational Unit (ou=provo or ou=montreal)
• cn Common Name (cn=Stephan Fassmann or cn=confRm01)
• dn Distinguishing Name (dn=stephanf)

LDAP errors

Code 49

When setting up a system with LDAP authentication you may get an error code 49. This indicates an authentications error. The particular error will help resolve the issue.

• 525 user not found
• 52e invalid credentials
• 530 not permitted to logon at this time
• 531 not permitted to logon at this workstation
• 532 password expired
• 533 account disabled
• 701 account expired
• 773 user must reset password
• 775 user account locked

Code 32

This indicates a rights error. The user does not have rights to the container you are trying to access.

This can be very difficult to resolve. AD Solution to LDAP error code 32 Issue [1]

LDAP Troubleshooting Tools

There are a few tools take can be handy in dealing with LDAP issues.

Softerra LDAP Browser is a very good tool since it is a read-only device so it can't do anything dangerous.

Apache Directory Studio This is a more powerful tool as it can write to directory structures, given proper credentials.