Testing LDAP interface with ldapsearch

I am trying to test the LDAP interface: https://help.okta.com/en/prod/Content/Topics/Directory/LDAP_Using_the_LDAP_Interface.htm?Highlight=ldap

I see is it still an “Early Access feature” so I created an Okta Developer account to test it but I was not successful.

Is this feature enable on Okta Developer accounts?

On our primary account, I am getting the following error:

ldap_bind: Insufficient access (50)
additional info: You do not have permission to access the feature you are requesting

On the dev account, I am getting

ldap_start_tls: Can’t contact LDAP server (-1)
ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

I am using ldapsearch to test. My command looks like

ldapsearch -h dev-838xxx.oktapreview.com -p 389 -D "uid=xxx@example.com,dc=dev-838xxx,dc=oktapreview,dc=com" -w “Password1” -Z -x

I was able to get this to work after asking Okta support to enable the feature for our account as it is still in early access preview right now. Also, I forgot the .ldap in the hostname above.

ldapsearch -V -h abcd.ldap.okta.com -p 389 -D "uid=myemailhere,dc=abcd,dc=okta,dc=com" -b "cn=somegroup ,ou=groups,dc=abcd,dc=okta,dc=com" -W -Z

It is pretty as it asked approval from my phone before returning the LDAP search result.

Hello there,

Is there any way to tie into LDAP for a single sign on for Windows NT servers so campuses don’t have to create a separate ID?

My client wants us to implement SSOgen SPGateway with LDAP for EBS 12.2


  2. Oracle EBS LDAP SSO Integration

  3. Oracle EBS – Shibboleth SAML IDP SSO Integration

  4. SAP WebGUI SSO – Single Sign On Implementation

Any recommendations please?
Thank you,
– Mike.

In the examples below, replace ORG and UID with your actual values.

LDAPS (on port 636)
ldapsearch -H ldaps://ORG.ldap.okta.com -b "dc=ORG,dc=okta,dc=com" -D "uid=UID,dc=ORG,dc=okta,dc=com" -W -x -LLL "(sn=doe)" dn

LDAP (on port 389 with StartTLS -Z)
ldapsearch -H ldap://ORG.ldap.okta.com -b "dc=ORG,dc=okta,dc=com" -D "uid=UID,dc=ORG,dc=okta,dc=com" -W -x -LLL -Z "(sn=doe)" dn