How to test your LDAP settings in 10 minutes or less

Version 6

    We're going to show you how to test your Jive LDAP integration settings in 10 minutes or less. We recommend validating your LDAP integration settings before using them in your Jive instance. This will prevent the synchronization of unwanted data. It also provides a baseline configuration which you can reference while navigating the Jive LDAP setup process.


    For a quick reference on Jive System Properties related to LDAP and common troubleshooting notes, please see this document: Guide to Troubleshooting LDAP/Active Directory Integration.


    Step 1: Get the right tool for the job


    We recommend Apache Directory Studio (download | docs) for its ease of use and rich set of functionality. It's free to download and installs in mere minutes. As a prerequisite, you will also need the Java Runtime Environment (JRE) installed (download).


    Step 2: Establish a connection


    Once you have Directory Studio installed, start it up, then go to LDAP > New Connection:




    The Hostname and Port here map to the values you'll use when establishing your Jive LDAP connection. They map to the system properties and ldap.port in Jive.


    The next screen asks for the credentials for the service account you'll use to bind and query LDAP:




    Use the DN of the user that you'll use for the ldap.adminDN property.


    Once you've authenticated, go to the next screen and ensure that "Follow Referrals automatically" and the "Paged Search" controls are selected. These mimic the default settings of Jive's LDAP integration. If any adjustments to these settings are necessary, we can detect them during this testing phase.


    Click Finish to complete the New Connection setup process.


    Step 3: Test your LDAP searches


    Performing LDAP searches on your newly created Connection is a simple feat. Click on the flashlight icon and select "LDAP Search". Be sure to select your newly created Connection, then enter search criteria to test your user and group search filters:




    For the Search Base, use the base DN you intend to use to connect to Jive (ldap.baseDN). Specify a search filter (ldap.searchFilter) you'll use to retrieve users. Set Returning Attributes to * to retrieve all information for all user records. Click OK and see your results!



    If you receive unexpected results, try adjusting the filters to match your needs. Active Directory in particular tends to have a large number of non-human principals return in LDAP results, so filtering on a clause such as (objectClass=Person) is recommended. You can also use this search functionality to test your group search filter ldap.groupSearchFilter.


    And that's it! Use these settings as a reference during your initial LDAP configuration and keep them on hand to make adjustments along the way.




    1. You may notice that Jive specifies the default search filter for Active Directory as sAMAccountName={0}, but the {0} notation won't retrieve any results in Directory Studio. This is because the {0} is a notation we use for our own purposes while * is the standard LDAP wildcard character. We recommend keeping the sAMAccountName={0} notation in the Jive search filter even though you will need to change it to return results in your testing.


    2. An excellent guide to writing search filters can be found here. A few sample filters you may want to experiment with when testing your configuration:


    Find all groups:



    Filter out all users who are disabled in Active Directory:



    Find all users who belong to a particular group:



    Find all users in the Awesome department: