Simple strategies to test your Java applications with LDAP

LDAP is commonly used in Security realms as a source of authentication and authorization information. This tutorial will teach you two simple strategies for starting an LDAP Server in minutes in order to secure your Enterprise applications.

Option 1: Use an Embedded LDAP Server

The first example is using an embedded ApacheDS LDAP server with preconfigured LDIF file with some example LDAP data (username, firstName, lastName, email), but also some custom attributes ( postal code, street).

In order to start the ApacheDS based LDAP server you just need the pom.xml file which contains a reference to the keycloak-util-embedded-ldap package:

<dependency>
    <groupId>org.keycloak</groupId>
    <artifactId>keycloak-util-embedded-ldap</artifactId>
    <scope>test</scope>
</dependency>

Then, specify in your exec-maven-plugin which Java class to start and include in its System Properties the ldif file to be loaded:

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>exec-maven-plugin</artifactId>
    <configuration>
        <mainClass>org.keycloak.util.ldap.LDAPEmbeddedServer</mainClass>
        <classpathScope>test</classpathScope>
        <systemProperties>
            <systemProperty>
                <key>ldap.ldif</key>
                <value>ldap-example-users.ldif</value>
            </systemProperty>
        </systemProperties>
    </configuration>
</plugin>

That beiing said, you can start the LDAP server as follows:

mvn exec:java -Pldap

Here is the expected output:

Java LDAP tutorial

You can find the pom.xml file and the ldif file in our Github repository: https://github.com/fmarchioni/mastertheboss/tree/master/ldap/embedded

Option 2: Use Docker to start LDAP

The second example we will show in this tutorial uses docker and OpenLDAP. The most common implementation of OpenLDAP is the osixia/openldap. You can start is as follows:

$ docker run --env LDAP_ORGANISATION="keycloak" --env LDAP_DOMAIN="keycloak.org" --env LDAP_ADMIN_PASSWORD="admin" osixia/openldap

Then, provided that you have installed LDAP Client tools, load the LDIF file using the ldapadd command. For example, in order to use the same example from keycloak:

$ ldapadd -f ldap-example-users.ldif -x -h 172.17.0.2 -p 389 -D "cn=admin,dc=keycloak,dc=org" -w "admin" -c

adding new entry "dc=keycloak,dc=org"
ldap_add: Already exists (68)
adding new entry "ou=People,dc=keycloak,dc=org"
adding new entry "ou=RealmRoles,dc=keycloak,dc=org"
adding new entry "ou=FinanceRoles,dc=keycloak,dc=org"
adding new entry "uid=jbrown,ou=People,dc=keycloak,dc=org"
adding new entry "uid=bwilson,ou=People,dc=keycloak,dc=org"
adding new entry "cn=ldap-user,ou=RealmRoles,dc=keycloak,dc=org"
adding new entry "cn=ldap-admin,ou=RealmRoles,dc=keycloak,dc=org"
adding new entry "cn=accountant,ou=FinanceRoles,dc=keycloak,dc=org"

You might have noticed that, the OpenLDAP docker imaged already created an entry for “dc=keycloak,dc=org”, therefore the first line of the ldif file was skipped in this case. Besides that, we have loaded the same structure with Users and Roles:

Java LDAP tutorial

Option 3: Use a free Online LDAP Server

There are several online free LDAP servers which can be used in read-only mode to test your applications. My favuorite one is available at: https://www.forumsys.com

You can use the following settings to connect to the online server:

ldap.urls= ldap://ldap.forumsys.com:389/
ldap.base.dn= dc=example,dc=com
ldap.username= cn=read-only-admin,dc=example,dc=com
ldap.password= password
ldap.user.dn.pattern = uid={0}

Here is a snapshot from the list of users:

LDAP-Users

You can connect to individual Users (uid) or the two Groups (ou) that include:

ou=mathematicians,dc=example,dc=com

  • riemann
  • gauss
  • euler
  • euclid

ou=scientists,dc=example,dc=com

  • einstein
  • newton
  • galieleo
  • tesla

All user passwords are “password”.

That’s all. In this tutorial we have covered two strategies to start quickly an LDAP server for testing/developing applications using LDAP as repository

Found the article helpful? if so please follow us on Socials