You have to enter here the network name or address of the LDAP server you want to connect to. If you enter a server name here and the connection fails, you can check with the PING utility if your name can be resolved into a valid IP address.
You have to enter the communication port which is used for the LDAP connection.
If you are not sure if your server listens on the particular port, or if you reach this port through firewalls, you can check this easily by using a simple TELNET client. Although no real telnet connection can be established, a telnet client should indicate that the server is answering if you try to connect it on a particular port, for example like this:
C:\>telnet server 389
On a standard windows telnet, the screen should be cleared and turn black if the server answered on this port. If the command just times out, then you didn't reach the server.
Another easy trick to check if the server is basically reachable is to use the RootDSE button (read the following annotations to get more information about this).
This button can only be used if you entered a server name and communication port before. Then you can examine the RootDSE entry values, which are showed in an attribute window:
This function can help you find LDAP servers in your environment if you don't know the server's name or address. It only works for two kinds of LDAP directories and only under certain conditions:
If you want to use LDAP over SSL / LDAPS, you have to activate this option. In this case, all the LDAP communication between your machine and the LDAP server is encrypted with Secure Socket Layer (SSL) techniques.
Other details to the LDAP communication over SSL connections can be found in the topic LDAPS / LDAP over SSL, especially about the certificates which are used in the SSL communication.
You can enter the credentials for the LDAP connection here. The process of logon to an server is called 'bind' in LDAP terminology. So we have to make a bind operation before we can access the directory content.
LDAP bind operations can be performed without credentials, this is called an anonymous bind. Depending on the servers configuration, it could be allowed to access the directory without any user id and password. This is important for directories which operates as public 'yellow pages' or address books for email systems. You can read interesting details about this in the SelfADSI Tutorial topic LDAP Bind as Anonymous.
If you activate this option, you use your current Windows credentials for the LDAP bind authentication. So you don't have to enter any user names and passwords. Please note that the Windows credentials can probably used only in Active Directory environments. Other LDAP server will in all likelihood NOT accept your current credentials.
If you activate this option, the connection will be established as an anonymous user. LDAP bind operations can be performed without credentials, this is called an anonymous bind.
Depending on the servers configuration, it could be allowed to access the directory without any user id and password. This is important for directories which operates as public 'yellow pages' or address books for email systems. You can read interesting details about this in the SelfADSI Tutorial topic LDAP Bind as Anonymous.
You have to enter the distinguished name of the LDAP container which provides the hierarchical base for the browsing tree in the LEX main window. Typically you will browse an entire LDAP hierarchy, a so called 'directory namespace'. An LDAP server can hold one or several name spaces which. So what you need then is the distinguished name of the namespace's root container.
A distinguished name (DN) has always a syntax which is similar to these:
There is a detailed description about distinguished names in the SelfADSI Tutorial.
Normally LDAP announce the namespaces they hold for everyone in the RootDSE entry. If you use this button, LEX tries to read this entry from the server and detect all the possible distinguished names which can fit as the LDAP Base DN for the connection. If some values are found, the Fetch Base DN dialog appears with a list where you can pick the desired DN from:
Please note that not only the published namespaces from the RootDSE are visible in the list, but also other important LDAP bases, for example the Configuration and Schema partition DNs in Active Directory environments, or the SubSchema entry where all the directory schema information is bundled into one singe object.