Updated: 2018-12-15


Distinguished Name (DN):full path, similar to /home/username/test.txt Relative Distinguished Name (RDN): relative path, similar to test.txt

dc: Domain Component cn: Common Name sn: Surname ou: Organizational Unit c: Country st: State L: Locality mail: Email

StartTLS: establishes Transport Layer Security (the descendant of SSL) on the connection Bind (authenticate): authenticates the client to the server. Search and Compare:


Use Linux Command Line(ldapsearch)

Install if not available

$ sudo apt-get install ldap-utils


$ which ldapsearch

Anonymous search. Provide hostname, port and base DN.

$ ldapsearch -h ldaphostname -p 389 -x -b "dc=foo,dc=bar,dc=com"
  • -h
  • -p
  • -x Perform a simple_authentication
  • -b

May receive the following information

# extended LDIF
# LDAPv3
# base <dc=foo,dc=bar,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# search result
search: 2
result: 1 Operations error
text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this ope
 ration a successful bind must be completed on the connection., data 0, v1db1

# numResponses: 1

which means a bind is required


$ ldapsearch -h ldaphostname -p 389 -x -b "dc=foo,dc=bar,dc=com"
    -D "your userid" -w "your password"
  • -D
  • -w
  • -W will prompt to ask your password

Where in my case is the email address.

Gotcha: if there is !(exclamation mark) in your password, use ' instead of ", otherwise it will run the previous command. A simple illustration:

$ echo Hello!
$ echo "Hello!"
bash: !": event not found
$ echo 'Hello!'

Use Python API (Python-LDAP)


$ sudo apt-get install python-ldap