Printout Header
LEX RSS Feed

LEX Online Manual Content

The First LDAP Connection

To connect to an LDAP server, you have to do some configuration for the connection first - all the according options are shown in the LDAP Connections dialog:

LDAP connection dialog

All the configuration you need for connecting to an LDAP server is done in the panel area on the right side of this dialog. You don't have to care about the additional tabs Advanced, Attribute Filter and Columns. you won't need in in your first connection configuration. The following list shows you the mandatory initial settings for a LDAP connection on the Server tab:

LDAP server address:

LDAP server address dialog

The Server field can be an IP address or a network name of an LDAP server. If you are not sure about the TCP Port number of the server you want to connect to, choose the standard port 389. If your server allows only connections which are protected by SSL (Secure Socket Layer) encryption, then you have to activate the according checkbox.

LEX can try to detect some LDAP servers for you (Option Detect). The automatic detection mechanism finds NetWare eDirectory Servers when they are configured as LDAP servers and when your workstation is somehow connected to them with an Novell Client for Windows. The automatic detection mechanism also finds Active Directory Domain Controllers when your workstation is member in an AD domain, or when there is any DNS information available about AD specific SRV records in any DNS zone which is known to your workstation (use IPCONFIG /ALL to see what DNS domains are searched by your workstation). After all, you can enter any domain name in the Server field and the detection mechanism tries to retrieve some DC information in the given domain name. Sometimes the AD DC detection over DNS doesn't retrieve any information, depending on how the according DNS servers are requestable for service records (SRV).

The RootDSE button shows you the RootDSE entry if some address is given in the Server field and if the server is reachable on the given LDAP Port. In the RootDSE entry, every LDAP server announces some information about itself.

User / Password:

LDAP credentials dialog

You have to authenticate somehow to the LDAP server. This authentication process is called 'bind' operation in the world of LDAP. So you have several different choices here:

  • You could try a connect as an anonymous user (activate the Anonymous bind checkbox). Please note that in many directory environments an anonymous user cannot read anything in the directory but the RootDSE entry (the basic information provided by the LDAP server about his configuration).
  • You can use your current credentials (activate the Use current credentials checkbox). These credentials are typically your Windows credentials (either domain based or the local credentials). You can use this credentials with every server which accept this kind of Windows username/password combinations - for example for connecting to an Active Directory Domain Controller when your workstation is part of the same AD forest as the DC. In most cases, the current credentials doesn't work with OpenLDAP-, eDirectory-, DirX-, iPlanet- or any other generic LDAP servers.
  • You could enter a username/password combination which is accepted by the according LDAP server. Note that in many cases, the username has to be given as an LDAP Distinguished name, for example as 'cn=user,ou=container1,ou=container2,o=organization,c=country' or something similar to this.

LDAP Base DN:

LDAP base DN dialog

This is the LDAP base from which LEX displays the LDAP hierarchy of the chosen server. You can enter any kind of container object which you want to be the top level of the LDAP structure you plan to access with LEX. The LDAP base has to be an LDAP distinguished name, like 'ou=container1,ou=container2,o=organization,c=country '. If you want to see an entire namespace in an LDAP server, just enter the top level hierarchy, for an Active Directory domain named 'ldapexplorer.com' this would look like 'dn=ldapexplorer,dc=com'. Many LDAP server provide public information about the namespaces they hold in their database(s), you can fetch this distinguished names with the option Fetch.


If you have entered all the relevant information to open your first connection to an LDAP server with the Explore option, you could choose to save this connection profile, so that you can launch this LDAP connection very quickly the next time you use LEX. Just choose Save for this and choose a name for the connection configuration - when you want to use this connection in the future, you just have to double-click the appropriate entry in the list on the left side:

Saved LDAP connection profiles

If you choose to save the connection profile together with the user password, please note that the connection information is stored on your hard disk as a Rijndael encrypted file (AES Advanced Encryption Standard) in your Profile and Filter Storage Path. So if a user password is contained in the profile, it is very well protected against disclosure.

Another effect of saving the connection profile: Next time you start LEX, the last used connection profile connects automatically. This behavior is set by default and can be changed with Tools - Options - General.