Quick Start Guide: Setting Up a Test LDAP Server for Development Authentication


25 views

When developing applications with LDAP integration, hitting production directories isn't feasible. Common pain points include:

  • Permission restrictions on corporate directories
  • Risk of modifying production data
  • Performance concerns during development

The quickest way is using OpenLDAP via Docker:

docker run -p 389:389 -p 636:636 \
--name ldap-service \
--hostname ldap-service \
--env LDAP_ORGANISATION="MyCompany" \
--env LDAP_DOMAIN="mycompany.com" \
--env LDAP_ADMIN_PASSWORD="adminpassword" \
--detach osixia/openldap:latest

For realistic testing, import this sample LDIF file:

dn: ou=users,dc=mycompany,dc=com
objectClass: organizationalUnit
ou: users

dn: cn=admin,ou=users,dc=mycompany,dc=com
objectClass: person
cn: admin
sn: Administrator
userPassword: {SSHA}hashedpassword

Use ldapsearch to test connectivity:

ldapsearch -x -H ldap://localhost -b dc=mycompany,dc=com -D "cn=admin,dc=mycompany,dc=com" -w adminpassword

For non-Docker environments:

  • Apache Directory Studio: Includes embedded LDAP server
  • 389 Directory Server: Enterprise-ready solution
  • Windows AD LDS: Microsoft's lightweight directory

Python example using python-ldap:

import ldap

def ldap_auth(username, password):
    try:
        l = ldap.initialize('ldap://localhost')
        l.simple_bind_s(
            f'cn={username},ou=users,dc=mycompany,dc=com',
            password
        )
        return True
    except ldap.INVALID_CREDENTIALS:
        return False

As developers integrating LDAP authentication, we often face a paradox: we need real-world directory structures to test against, but configuring OpenLDAP or Active Directory from scratch consumes precious development time. Here's how to bypass the setup headaches.

The container approach gives you a fully configured LDAP instance in seconds. Try this docker-compose.yml for an OpenLDAP server with sample data:

version: '3'
services:
  ldap-service:
    image: osixia/openldap:latest
    environment:
      LDAP_ORGANISATION: "DevTest Inc"
      LDAP_DOMAIN: "devtest.local"
      LDAP_ADMIN_PASSWORD: "admin"
    ports:
      - "389:389"
      - "636:636"
    volumes:
      - ./sample_data.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-sample-data.ldif

The mounted sample_data.ldif creates realistic organizational units and test users:

dn: ou=people,dc=devtest,dc=local
objectClass: organizationalUnit
ou: people

dn: uid=jsmith,ou=people,dc=devtest,dc=local
objectClass: inetOrgPerson
uid: jsmith
cn: John Smith
sn: Smith
userPassword: {SSHA}hashedpassword123

For those needing Windows environments:

  • Microsoft Evaluation AD: Free 180-day trial ISO from Microsoft
  • JumpCloud LDAP: Cloud-hosted free tier (10 users)
  • OpenLDAP VMware Appliance: Prebuilt OVA from Bitnami

Here's Python code to verify your LDAP connection using python-ldap:

import ldap

def ldap_auth(username, password):
    try:
        l = ldap.initialize('ldap://localhost')
        l.simple_bind_s(
            f'uid={username},ou=people,dc=devtest,dc=local',
            password
        )
        return True
    except ldap.INVALID_CREDENTIALS:
        return False

When integrating with your app, these environment variables help:

LDAP_URL=ldap://localhost:389
LDAP_BASE_DN=dc=devtest,dc=local
LDAP_BIND_DN=cn=admin,dc=devtest,dc=local
LDAP_BIND_PASSWORD=admin
LDAP_USER_SEARCH=ou=people,dc=devtest,dc=local

If connections fail:

  • Check firewall rules (ports 389/636)
  • Verify TLS certificates when using ldaps://
  • Use ldapsearch -x -H ldap://localhost -b dc=devtest,dc=local to test basic connectivity