Testing LDAP interface with ldapsearch


#1

I am trying to test the LDAP interface: https://help.okta.com/en/prod/Content/Topics/Directory/LDAP_Using_the_LDAP_Interface.htm?Highlight=ldap
https://www.okta.com/blog/2018/09/move-ldap-authentication-to-the-cloud-with-oktas-ldap-interface/

I see is it still an “Early Access feature” so I created an Okta Developer account to test it but I was not successful.

Is this feature enable on Okta Developer accounts?

On our primary account, I am getting the following error:

ldap_bind: Insufficient access (50)
additional info: You do not have permission to access the feature you are requesting

On the dev account, I am getting

ldap_start_tls: Can’t contact LDAP server (-1)
ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

I am using ldapsearch to test. My command looks like

ldapsearch -h dev-838xxx.oktapreview.com -p 389 -D "uid=xxx@example.com,dc=dev-838xxx,dc=oktapreview,dc=com" -w “Password1” -Z -x


#2

I was able to get this to work after asking Okta support to enable the feature for our account as it is still in early access preview right now. Also, I forgot the .ldap in the hostname above.

ldapsearch -V -h abcd.ldap.okta.com -p 389 -D "uid=myemailhere,dc=abcd,dc=okta,dc=com" -b "cn=somegroup ,ou=groups,dc=abcd,dc=okta,dc=com" -W -Z

It is pretty as it asked approval from my phone before returning the LDAP search result.