Canberra, Australia
To be provided
To be provided

Test Open LDAP Connectivity with Powershell

Harmik Batth Tech Blog

Test Open LDAP Connectivity with Powershell

WHAT: I have been asked to write a script in Powershell which test the connectivity to an OpenLDAP Server with minimum rights. Only rights the user will have is to connect to the LDAP Server, no search or other permissions are granted.

HOW: As I highly believe in automation and script whatever I can and needs to be done more than three times. So I wrote a little piece of script which does achieve the following.

RESEARCH: I have came across various methods that I can achieve the Open LDAP connectivity.

Connecting to LDAP is very easy with .Net applications for Active Directory (AD) and Active Directory Lightweight Directory Services (ADLDS). But when you start working with Open LDAP, you will face various challenges to achieve the same. Open LDAP introduces new challenges and make it complex than few lines of code.

I tried to use the same classes that normally are used with AD, such as System.DirectoryServices namespace. But I found the results were not the same when testing with few different open LDAP products.

I kept on researching and finally came across a post from Mike Burr regarding System.DirectoryServices.Protocols namespace. Using this method, provides you the ability to interact with LDAP directories at a lower level than the classes provided by the System.DirectoryServices namespace, but at a higher level than having to write your own LDAPv3 library from scratch.

I have then modified the script to be reusable and easier to use with little configuration within code itself as per below.



Script accepts four mandatory parameters, as ServerName, LdapPort, UserName and Password.

NOTE: Script only works with HTTP. It does not work with HTTPS or SSL port.

Here is the script

# Test-LDAPConnectivity.ps1
# This script is designed to Test the connectivity to LDAP, wether it is Open LDAP or Active Directory
# Author: Mike Burr
# Modified On: 29-SEP-2016
# Modifed By: Harmik Singh Batth
# Version: 1.0
# Change History:

Function Test-LdapConnectivity
[String]$ServerName = “”,
[UInt16]$Port = 389,
[String]$UserName = “”,
[String]$Password = “”
#Main script

#Check if all arguments are passedd
if (!$serverName -or !$Port -or !$UserName -or !$Password)
Write-Host “USAGE: Test-LDAPConnectivity.ps1 ServerName Port UserName Password”
write-host “Paramaters not defined properly, script will exit now”

if (!$serverName) {write-host “Please define Server Name”}
if (!$Port) {write-host “Please define Port”}
if (!$UserName) {write-host “Please define Username”}
if (!$Password) {write-host “Please define Password”}

#Load the assemblies

#Connects to Server on the standard port
$dn = “$ServerName”+”:”+”$Port”
$c = New-Object System.DirectoryServices.Protocols.LdapConnection “$dn”
$c.SessionOptions.SecureSocketLayer = $false;
$c.SessionOptions.ProtocolVersion = 3

# Pick Authentication type:
# Anonymous, Basic, Digest, DPA (Distributed Password Authentication),
# External, Kerberos, Msn, Negotiate, Ntlm, Sicily
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic

$credentials = new-object “System.Net.NetworkCredential” -ArgumentList $UserName,$Password

# Bind with the network credentials. Depending on the type of server,
# the username will take different forms. Authentication type is controlled
# above with the AuthType

Write-Verbose “Successfully bound to LDAP!” -Verbose
return $true
Write-host $_.Exception.Message

return $false




#Test-LDAPConnectivity.ps1 (Read-host “Enter Server Name”) (Read-host “Enter LDAP Port”) (Read-host “Enter LDAP Admin username”) (Read-host “Enter Password” -AsSecureString)


If you are using the following method, it will ask for details to be entered:

Test-LDAPConnectivity.ps1 (Read-host “Enter Server Name”) (Read-host “Enter LDAP Port”) (Read-host “Enter LDAP Admin username”) (Read-host “Enter Password” -AsSecureString)


Or you can specify the parameters like this:
Test-LdapConnectivity.ps1 “ServerName” “LDAP Port” “cn=admin,dc=ldap,dc=au” “pp”

Script has been tested with OpenLDAP V3.

NOTE: Script is only tested in Test Environment and does not take any responsibility for production environment.



To conclude, this script will connect to Open LDAP to test the connectivity. Also would like to say that please feel free to comment if you do find it useful or not. I believe feedback is important whether or not it is positive or negative.

Please feel free to comment on script or the blog, I will try my best to answer.


Comments: 5

  1. slawa says:

    Have you an idea how it should looks for port 636 with ignore root cert from server ?

  2. Carola says:

    I need to create a loop to test ldap continuosly
    Can you help me?
    And also I have no feedback when I test the script even if I try with wrong credential…
    What I have to add to the script to have a feedback on screen?
    Thank u in advance

  3. John Ossmann says:

    Lines 73 (the line with —————————-) and 75 USAGE need to be commented out or they produce errors.

    Additionally as Carola commented on January 29, 2019 I also get no output when I run the script and input the info.

Add your comment