# ldap-server **Repository Path**: dialogs/ldap-server ## Basic Information - **Project Name**: ldap-server - **Description**: Simple in-memory LDAP server for testing purposes - single JAR based on ApacheDS - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 1 - **Created**: 2025-12-25 - **Last Updated**: 2025-12-25 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # ldap-server Simple all-in-one LDAP server (wrapped [ApacheDS](http://directory.apache.org/apacheds/)). You don't need any configuration files to get it working. Just launch the JAR and that's it. Server data are not persisted, they just live in memory. ## Download Download latest tag from [GitHub releases](https://github.com/kwart/ldap-server/releases) ### Docker container If you search a lightweight Docker container with LDAP server for your testing, you can use `kwart/ldap-server`. ```bash docker pull kwart/ldap-server docker run -it --rm kwart/ldap-server ``` ## Development You can simply build the software yourself. ### How to get the sources You should have [git](http://git-scm.com/) installed ``` git clone git://github.com/kwart/ldap-server.git ``` or you can download [current sources as a zip file](https://github.com/kwart/ldap-server/archive/master.zip) ### How to build it You need to have [Maven](http://maven.apache.org/) installed ```bash mvn clean package ``` ### How to run it ```bash java -jar ldap-server.jar [data.ldif] ``` #### Help ``` $ java -jar target/ldap-server.jar --help The ldap-server is a simple LDAP server implementation based on ApacheDS. It creates one user partition with root 'dc=ldap,dc=example'. Usage: java -jar ldap-server.jar [options] [LDIFs to import] Options: --admin-password, -ap changes password for account 'uid=admin,ou=system' (default password is 'secret') --allow-anonymous, -a allows anonymous bind to the server Default: false --bind, -b takes [bindAddress] as a parameter and binds the LDAP server on the address Default: 0.0.0.0 --help, -h shows this help and exits Default: false --port, -p takes [portNumber] as a parameter and binds the LDAP server on that port Default: 10389 --ssl-enabled-ciphersuite, -scs takes [sslCipherSuite] as argument and enables it for 'ldaps'. Can be used multiple times. --ssl-enabled-protocol, -sep takes [sslProtocolName] as argument and enables it for 'ldaps'. Can be used multiple times. If the argument is not provided following are used: TLSv1, TLSv1.1, TLSv1.2 --ssl-keystore-file, -skf takes keystore [filePath] as argument. The keystore should contain privateKey to be used by LDAPs --ssl-keystore-password, -skp takes keystore [password] as argument --ssl-need-client-auth, -snc enables SSL 'needClientAuth' flag Default: false --ssl-port, -sp adds SSL transport layer (i.e. 'ldaps' protocol). It takes [portNumber] as a parameter and binds the LDAPs server on the port --ssl-want-client-auth, -swc enables SSL 'wantClientAuth' flag Default: false Examples: $ java -jar ldap-server.jar users.ldif Starts LDAP server on port 10389 (all interfaces) and imports users.ldif $ java -jar ldap-server.jar -sp 10636 users.ldif Starts LDAP server on port 10389 and LDAPs on port 10636 and imports the LDIF $ java -jar ldap-server.jar -b 127.0.0.1 -p 389 Starts LDAP server on address 127.0.0.1:389 and imports default data (one user entry 'uid=jduke,ou=Users,dc=ldap,dc=example' ``` #### SSL/TLS If you want to enable SSL/TLS ('ldaps') and use your own certificate, the generate (or import) the private key into a JKS keystore and provide path to it as argument. ```bash # generate a keypair keytool -validity 365 -genkey -alias myserver -keyalg RSA -keystore /tmp/ldaps.keystore -storepass 123456 -keypass 123456 -dname cn=myserver.mycompany.com # use the generated keypair (-skf) with given password (-skp) # We also enable detail SSL debug information by setting javax.net.debug system property. java -Djavax.net.debug=all -jar target/ldap-server.jar -sp 1038389 -skf /tmp/ldaps.keystore -skp 123456 ``` ## Default LDIF ``` version: 1 dn: dc=ldap,dc=example dc: ldap objectClass: top objectClass: domain dn: ou=Users,dc=ldap,dc=example objectClass: organizationalUnit objectClass: top ou: Users dn: uid=jduke,ou=Users,dc=ldap,dc=example objectClass: top objectClass: person objectClass: inetOrgPerson cn: Java Duke sn: duke uid: jduke userPassword: theduke dn: ou=Roles,dc=ldap,dc=example objectclass: top objectclass: organizationalUnit ou: Roles dn: cn=Admin,ou=Roles,dc=ldap,dc=example objectClass: top objectClass: groupOfNames cn: Admin member: uid=jduke,ou=Users,dc=ldap,dc=example ``` ## Deploy/Release Deploy snapshots ``` mvn clean install deploy ``` Release ``` mvn -Prelease release:prepare mvn -Prelease release:perform ``` ## Sample usage (LDAP search) The `ldapsearch` Linux tool is used in the following examples: ```bash $ # Anonymous LDAP search $ # the 172.17.0.2 is the IP address of the kwart/ldap-server docker container $ ldapsearch -x -b "dc=ldap,dc=example" -LL -H ldap://172.17.0.2 | head -n 13 version: 1 dn: ou=Roles,dc=ldap,dc=example ou: Roles objectclass: top objectclass: organizationalUnit dn: cn=Admin,ou=Roles,dc=ldap,dc=example cn: Admin objectclass: top objectclass: groupOfNames member: uid=jduke,ou=Users,dc=ldap,dc=example $ # LDAP search with a user authentication: $ ldapsearch -x -b "dc=ldap,dc=example" -LL -H ldap://172.17.0.2 -D "uid=jduke,ou=Users,dc=ldap,dc=example" -w theduke | tail -n 10 dn: dc=ldap,dc=example dc: ldap objectclass: top objectclass: domain dn: ou=Users,dc=ldap,dc=example ou: Users objectclass: top objectclass: organizationalUnit ``` ## License * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)