Getting started with LDAP Setup using Apache Directory Studio

To start work with the Ldap, we need Apache Directory Studio. You can download it from the below link
Install the Windows 32-bit installer
After installing the studio, you could find the LDAP Servers in the left extreme corner of the workspace.

Figure 1: Left Pane with LDAP Servers and Connections.

Click on the New Server icon/ CTRL + E to create the Directory Server
Choose the ApacheDS2.0 Server, provide the server name and click Finish.

Figure 2: Creating the new LDAP Server

To know the details of the server right click on the server then click Open Configuration, it will give you the information like Ports, Partitions, Password Policies and many more.

Figure 3: LDAP Server Configuration

Now we must create new connection once the server has been server has started,

To create a new connection, right click on the server and then Create a Connection button.

Figure 4: Creating the new connection to Store entries

You will get the prompt once you clicked, now you can check on the Connections Tab.

Figure 5: Confirmation of auto creation based on DS

Figure 6: Connection will be golden colour when it connected to the server

The LDAP Browser view is on the top left. The category DIT shows the hierarchical content of the directory. You may expand and collapse the tree.

Figure 7: Browser view and Entity view

When selecting an entry its attributes and values will be displayed in an Entry editor.
In the above example we have the default Domain Component(dc) and Organization Unit(ou). We can create our own dc / add the users and groups under existing component. In this document we will adding the new users and groups using the existing dc.
The next few steps describes how to create the user and group in the LDAP.

Right Click on the dc=example, dc=com node and select New  New Entry. The New Entry wizard will appear.
In the Entry Creation Method pane, select the Create entry from scratch radio button. Click Next.

Figure 8: Creating new Entry Wizard

In the Object Classes pane, select organisationalUnit from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next
In the Distinguished Name pane, complete the RDN field, putting ou in front and User after the equals sign. Click Next and then click Finish.
Same step for the group creation.
In the Distinguished Name pane, complete the RDN field, putting ou in front and Group after the equals sign. Click Next and then click Finish.

Figure 9: Distinguished Name Step of New Entry Wizard

After creating the User and Group, in the Ldap Browser you could see the it been added to the tree

Figure 10: DIT after Creating  User, and Group Nodes

Now it’s time to add some person to the users and add then get them under some group

Right-click on the ou=User node and select New|New Entry. The New Entry wizard appears
In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.
In the Object Classes pane, select inetOrgPerson from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.
Here in this example we are going to follow based on CN as primary entry. (If you want mail/uid you can choose on you own).
Note: CN and SN is the mandatory attribute.

Figure 11. Distingusihed Name Step of New Entry Wizard

We have created the user without password. To add the user password, click on the icon. The New Attribute pane will be opened.
You need to select the attribute from the drop-down list. Select the userPassword and then click next.
Then the next tab is the Options, you can choose the language tags for the attribute, for this example choosing the lang as EN left drop and in the US in the right pane and click Finish. (This is optional not mandatory; System default will be chosen).

Figure 12: Option of New Attribute Wizard

Once you click Finish, the Password Editor will be prompt. You have input the password and choose the hashing methods and click Ok.

Figure 13: Password Editor of New Attribute Wizard

Now we have created the user entry, then group need to be created and add this user to that group.

Right-click on the ou=Group node and select New|New Entry. The New Entry wizard appears.
In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.
In the Object Classes pane, select groupOfNames from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.
In the Distinguished Name pane, complete the RDN field, putting cn in front and dummy after the equals sign. Click Next.
You are now prompted to provide a value for the mandatory member attribute, through the DN Editor dialog. In the text field, enter the last part of the DN for the member user, cn=username. Click Ok then click Finish.

Figure 14: DN Editor of New Attribute Wizard

Great! Now we have added the user and the group in the ldap. Check the ldap browser, you could see the complete tree of entries

Figure 15:  Complete Tree of User Entries and Group Entries

For testing the ldap, in the ldap browser you could find the Searches. Right click then choose New Searches. The new Search wizard will be opened.

Figure 16:  Search Wizard to test the connection

 Give the any name to the search which will be saved for the future references and choose the connection where you need to check your users created
 Choose the search base on which partition and then click Search.
 It will list you all the information under ou.

Figure 17: Results of the search in the Ldap Browser

Some of the examples

Find all groups:
(objectClass=Group)

Filter out all users who are disabled in Active Directory:
(&(sAMAccountName={0})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Find all users who belong to a particular group:
(&(sAMAccountName=*)(objectClass=Person)(memberOf=CN=Username,OU= User, =example,DC=com))