IBM Support

Using LdapQuery to debug LDAP connection problems in WebSphere Application Server

Troubleshooting


Problem

How to use LdapQuery web application to debug LDAP configuration problems with IBM® WebSphere® Application Server

Resolving The Problem


Use the ldapQuery web application utility to search the LDAP server.
This will allow you to quickly determine if the search is returning what you expect.
Once you have successfully queried the LDAP server, you may use the settings in IBM® WebSphere® Application Serve to enable security to the server.

Useful when:

  • Configuring security using an LDAP server for the first time
  • Currently using one LDAP server but want to test connections to another
  • Planning to change from stand-alone LDAP to federated LDAP servers
  • Screen Shot


The following video explains how to install and do a basic search

*Required fields.

*HostHost name of LDAP server.
Can be short name, long name, or IP address.
*PortPort 389 is the default LDAP port for non-SSL,
Port 636 is usually the default when using SSL but may be different than default
*Filter The search object you are looking for
*Base Distinguished Name
(BaseDN)
Query starting location in your LDAP tree
Bind Distinguished Name
(BindDN)
Fully qualified DN which has the authority to “bind” to your LDAP server and preform the requested queries.
Some LDAP servers allow for "anonymous" queries so no bind DN and bind password may be required
Bind PasswordBind DN’s password.
ReferralIndicates whether the search should follow referrals if user is not on current server. Default is ignore.
Result LimitHow many result sets are returned from the server. Default is 20.

SSL/Hide (display/hide additional fields)
**Required if SSL is enable
Enable SSLAllows connections to the LDAP server using SSL
Keystore FileFully qualified path to the keystore file on the application server host machine.
This is only used when the LDAP server is setup to use mutual authentication. Mutual authentication is rarely ever done.
Keystore must contain a private certificate where the LDAP server has the public certificate.
Keystore Password Password to access the keystore file
Keystore Type File type
**Truststore FileFully qualified path to the truststore file on the application server host machine.
This is only used when the LDAP server is setup to use mutual authentication. Mutual authentication is rarely ever done.
Truststore must contain a private certificate where the LDAP server has the public certificate.
**Truststore Password Password to access the truststore file
**Truststore Type File type


Download and deploy the EAR on one of your application servers.
Once deployed to you server, you can access using this URL. Make sure the port matches the one used by your server.
(e.g. if your server is using port 9080 then URL would be )

LDAPQuery.earLDAPQuery.ear
Updated: (09/04/2013)

For a command line tool
See: Using ldapsearch to debug LDAP configuration problems

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5;8.5;8.0;7.0","Edition":"Base;Developer;Enterprise;Liberty;Network Deployment","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
15 June 2018

UID

swg21648889