Test Open LDAP Connectivity with Powershell

WHAT: I have been asked to write a script in Powershell which test the connectivity to an OpenLDAP Server with minimum rights. Only rights the user will have is to connect to the LDAP Server, no search or other permissions are granted.

HOW: As I highly believe in automation and script whatever I can and needs to be done more than three times. So I wrote a little piece of script which does achieve the following.

RESEARCH: I have came across various methods that I can achieve the Open LDAP connectivity.

Connecting to LDAP is very easy with .Net applications for Active Directory (AD) and Active Directory Lightweight Directory Services (ADLDS). But when you start working with Open LDAP, you will face various challenges to achieve the same. Open LDAP introduces new challenges and make it complex than few lines of code.

I tried to use the same classes that normally are used with AD, such as System.DirectoryServices namespace. But I found the results were not the same when testing with few different open LDAP products.

I kept on researching and finally came across a post from Mike Burr regarding System.DirectoryServices.Protocols namespace. Using this method, provides you the ability to interact with LDAP directories at a lower level than the classes provided by the System.DirectoryServices namespace, but at a higher level than having to write your own LDAPv3 library from scratch.

I have then modified the script to be reusable and easier to use with little configuration within code itself as per below.

SCRIPT:

====================================================================

Script accepts four mandatory parameters, as ServerName, LdapPort, UserName and Password.

NOTE: Script only works with HTTP. It does not work with HTTPS or SSL port.

Here is the script


#**********************************************************************
# Test-LDAPConnectivity.ps1
# This script is designed to Test the connectivity to LDAP, wether it is Open LDAP or Active Directory
# Author: Mike Burr
# Modified On: 29-SEP-2016
# Modifed By: Harmik Singh Batth
# Version: 1.0
# Change History:
#
#
#**********************************************************************

Function Test-LdapConnectivity
{
param(
[String]$ServerName = “”,
[UInt16]$Port = 389,
[String]$UserName = “”,
[String]$Password = “”
)
#Main script
Clear-host

#Check if all arguments are passedd
if (!$serverName -or !$Port -or !$UserName -or !$Password)
{
Write-Host “USAGE: Test-LDAPConnectivity.ps1 ServerName Port UserName Password”
write-host “Paramaters not defined properly, script will exit now”
break
}

if (!$serverName) {write-host “Please define Server Name”}
if (!$Port) {write-host “Please define Port”}
if (!$UserName) {write-host “Please define Username”}
if (!$Password) {write-host “Please define Password”}

#Load the assemblies
[System.Reflection.Assembly]::LoadWithPartialName(“System.DirectoryServices.Protocols”)
[System.Reflection.Assembly]::LoadWithPartialName(“System.Net”)

#Connects to Server on the standard port
$dn = “$ServerName”+”:”+”$Port”
$c = New-Object System.DirectoryServices.Protocols.LdapConnection “$dn”
$c.SessionOptions.SecureSocketLayer = $false;
$c.SessionOptions.ProtocolVersion = 3

# Pick Authentication type:
# Anonymous, Basic, Digest, DPA (Distributed Password Authentication),
# External, Kerberos, Msn, Negotiate, Ntlm, Sicily
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic

$credentials = new-object “System.Net.NetworkCredential” -ArgumentList $UserName,$Password

# Bind with the network credentials. Depending on the type of server,
# the username will take different forms. Authentication type is controlled
# above with the AuthType
Try
{

$c.Bind($credentials);
Write-Verbose “Successfully bound to LDAP!” -Verbose
return $true
}
catch
{
Write-host $_.Exception.Message

return $false
}

}

————————————————————————-

USAGE:

#e.g.
#Test-LDAPConnectivity.ps1 (Read-host “Enter Server Name”) (Read-host “Enter LDAP Port”) (Read-host “Enter LDAP Admin username”) (Read-host “Enter Password” -AsSecureString)


 

If you are using the following method, it will ask for details to be entered:

Test-LDAPConnectivity.ps1 (Read-host “Enter Server Name”) (Read-host “Enter LDAP Port”) (Read-host “Enter LDAP Admin username”) (Read-host “Enter Password” -AsSecureString)

test-ldapconnecivity-parameters

Or you can specify the parameters like this:
Test-LdapConnectivity.ps1 “ServerName” “LDAP Port” “cn=admin,dc=ldap,dc=au” “pp”

Script has been tested with OpenLDAP V3.

NOTE: Script is only tested in Test Environment and does not take any responsibility for production environment.

————————————————————————–

CONCLUSION:

To conclude, this script will connect to Open LDAP to test the connectivity. Also would like to say that please feel free to comment if you do find it useful or not. I believe feedback is important whether or not it is positive or negative.

Please feel free to comment on script or the blog, I will try my best to answer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s