LDAP Playground

The main idea of this playground is to provide an easy to use LDAP - Lightweight Directory Access Protocol server to simply play around with the technology.

The Apache Directory™ Project - We strive to increase LDAP awareness, comfort and adoption to bring forth what we call the Modern LDAP Renaissance.


This playground requires a ready to use Docker Compose environment.

For the impatient...

Grab your copy of the playground datenkollektiv/ldap-playground... run up.sh to build and up the environment.

Note: You'll need to prepare a keystore. Check the chapter Prepare a keystore below in case you need some guidance.

Your LDAP server is ready to go - check out the local server at ldap://localhost:389.

Deep dive

The main components you'll probably want to adapt and fine-tune your personal LDAP playground are:

  • The Docker Compose configuration docker-compose.yaml and
  • the sample data initial-import.ldif

Prepare a keystore

The setup requires a keystore to be present in docker/etc for TLS.

Note: use changeit as password or update APACHEDS_TLS_KS_PWD in docker-compose.yaml accordingly.

The keystore should be named apacheds.jks and can be generated like follows (You'll need the Java keytool):

keytool -genkeypair -alias apacheds -keyalg RSA -validity 7 -keystore apacheds.jks

Copy the generated keystore into the directory docker/etc

The configuration knobs

If unchanged the LDAP server will be available via ldap:// or simply ldap:// and ldaps:// from the Docker host. Check the port mappings in the docker-compose.yaml in case you don't want to use the default ports.

The initial data will be inserted from docker/data/initial-import.ldif. So this is the natural place in case you want to fiddle with the initial data set.

First contact

Note: You can verify the installation from the host system with ldapsearch -H ldap:// -x -s base -b "" -LLL "+"

CLI example with ldapmodify

ldapmodify -H ldap:// -D "uid=admin,ou=system" -w apacheds -a -f ldif-examples/users.ldif

Note: The preconfigured admin password is apacheds and can be changed in the docker-compose.yaml if need be.

CLI example with ldapsearch

Connect as uid=admin,ou=system and query the LDAP tree ou=users,dc=example,dc=com.

ldapsearch -H ldap:// -D "uid=admin,ou=system" -w apacheds -b "ou=users,dc=example,dc=com"
# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Connect with Apache Directory Studio™

Apache Directory Studio™ - The Eclipse-based LDAP browser and directory client

Download Apache Directory Studio from Apache Directory - Downloads

Create (and check) the connection as shown in the screenshots below.

New LDAP Connection - Network Parameter

New LDAP Connection - Network Parameter

New LDAP Connection - Authentication

New LDAP Connection - Authenticaton

If you made it so far - take the next step and clone the playground datenkollektiv/ldap-playground to get your hands dirty...

Acknowledgment - The docker-compose setup is heavily based on the Docker image provided by TremoloSecurity/apacheds

Photo by Patchanu Noree on Burst