December 14, 2021 How to Do an LDAP TestOpen Source AutomationPerformance TestingBy Anastasia GolovkovaLDAP is a useful protocol for services that utilize a large number of system requests based on attributes (name: value), and is oriented primarily on reading. For example: the address book, e-mail address list, and mail server configuration. But how do we test these systems?This blog will give a step-by-step tutorial on how to create simple LDAP tests to make sure you are effectively validating your LDAP systems. Table of Contents:What is LDAP?Running an LDAP Test with Apache JMeter™LDAP Test Request TypesWhat is LDAP?LDAP (Lightweight Directory Access Protocol) is a lightweight protocol for accessing directory services. LDAP defines the methods by which to access the catalog data, and defines and describes how data is presented in the directory service (Data Model or Information Model).Plus, LDAP determines how the data is loaded (imported) and unloaded (exported) from the directory service. To import and export, LDAP uses LDIF — LDAP Data Interchange Format.LDAP does not define how data is stored and manipulated. According to the standard, the store and access methods are a black box for which back-end modules (data manipulation mechanisms) are usually responsible for a particular implementation of LDAP. Usually they use some form of a transactional database.Let’s get to know some basics terms:The LDAP directory is a data tree in the form of records that are hierarchical in nature, called the Directory Information Tree (DIT).The entry consists of a set of attributes.The attribute has a type (name / description) and one or more values.Each attribute must be defined in at least one object class (objectClass).Attributes and object classes are defined in schemas (the object class is actually treated as a special attribute type).Every entry has a unique ID, called Distinguished Name (DN / dn). DN includes a Relative Distinguished Name (RDN) and the parent entry's DN.The DN of a record is not an attribute. It is not part of the actual recording.CN = common name; DC = domain component; SN = SurNameLook at the example below. Here we can see an entry that consists of eight different attributesdn: cn=Blaze Meter,dc=example,dc=com cn: Blaze Meter givenName: Blaze sn: Meter telephoneNumber: +4 985 888 333 33 mail: firstname.lastname@example.org manager: cn=John Black, dc=example, dc=com objectClass: person objectClass: customerThe above entry is a basic example of LDIF format. Any information that you put into your DIT should be in this format.Running an LDAP Test with Apache JMeter™To test LDAP we need to use Apache JMeter™’s LDAP Sampler. Before describing our test implementation we should mention our working environment:Ubuntu 16.04 x64JMeter™ v.3.1OpenLDAP v.2.4.44We’ve already created an LDAP Server test.com:Server name is “LDAP Server”Distinguished name: dc=test,dc=comWorking on port : 389User: admin, password: 1234Let’s create and run a JMeter test via LDAP server:1. First of all we need to create a Thread Group. Right Click -> Add-> Thread GroupHere we defined “Number of Threads = 50” and “Loop Count = 5”. This allows us to simulate 50 different requests for 5 times. I named the Thread Group “LDAP Example”.2. Now let’s create an LDAP Request.Right click on “LDAP Example” → Add → Sampler → LDAP Extended Request3. You can see nine radio buttons. Each of them defines different kinds of requests.Usually we do not need to create requests for each kind of test configuration. Rather, we should choose depending on our project and its requirements. But now let’s look at all of them.LDAP Test Request TypesThread BindThis request establishes a connection between our JMeter™ and the LDAP Server. Before starting any work with LDAP, we must connect our JMeter™ to the server.Add a new LDAP Extended Request Sampler. Choose the “Thread Bind” option from the menu. Edit the following properties:Name: Thread BindTest: Thread BindServername: test.comPort: 389DN: dc=test,dc=comUsername: cn=admin,dc=test,dc=comPassword: 1234Search RequestThis request allows us to search for any information within all server entries, according to different fields. This is very useful when we have a large number of entries. By using this request we verify searches for all entries with “objectClass=*”. That means “with any objectClass”.Add a new LDAP Extended Request Sampler. Choose the “Search Test” option from the menu. Edit the following properties:Name: Search RequestTest: Search TestSearch base: cn=TestGroup,cn=Groups, dn=test, dn=comSearch Filter: (objectClass=*)Scope: Perform subtree searchAttributes: uniquememberCompare TestA compare request may be used to determine whether a specified entry has a particular attribute value. The elements contained in a compare request include:The entry DN for which the determination is to be made.The attribute description (the attribute type name and zero or more attribute options) of the attribute for which to make the determination.The assertion value for which to make the determination.In this LDAP test we are going to compare if the “Blaze Meter” entry has an email attribute equal to “email@example.com”.Add a new LDAP Extended Request Sampler. Choose the “Compare” option from the menu. Edit the following properties:Name: CompareTest: CompareEntry DN: cn=Blaze Meter, ou=usersCompare Filter: firstname.lastname@example.orgAdd TestAn Add request can be used for the creation of any new entry in the DIT. This request includes the DN of the entry that we are creating and the attributes that must be included in this entry. The set of attributes must include the objectClass attribute to specify the object classes to include in the entry, and any attributes required by those object classes and any associated DIT content rule.In this LDAP test, we are adding a new entry, “More Blaze Meter”. This will test the extended request parametrized with different fields:objectClass = personpassword = passwordetc.Add a new LDAP Extended Request Sampler. Choose the “Add test” option from the menu. Edit the following properties:Name: AddTest: Add testEntry DN: cn=More Blaze Meter, ou=usersAdd test: Here we should add different attributes with their valuesModify TestA modify request can be used to change the contents of an existing entry in the LDAP server. This request can include changes that affect multiple attributes (if those attributes are all in the same entry), and all of those changes will be processed atomically, so they will either all succeed or will all fail as a unit.In this scenario, we test that we can modify the values of some attributes from the “More Blaze Meter” entry.Add a new LDAP Extended Request Sampler. Choose the “Modification test” option from the menu. Edit the following properties:Name: ModifyTest: Modification testEntry DN: cn=More Blaze Meter, ou=usersModification test: Here we should mention all attributes that we want to add, replace or delete.RenameA rename request allows us to change the DN of any existing entry.In this scenario we test that we can change a distinguished entry name “More Blaze Meter” to “Little More Blaze Meter”Add a new LDAP Extended Request Sampler. Choose the “Rename entry” option from the menu. Edit the following properties:Name: RenameTest: Rename entryOld entry name: cn=More Blaze Meter, ou=usersNew distinguished name: cn=Little More Blaze Meter, ou=usersDeleteA delete request provides us an opportunity to delete any existing entry by its DN.Our scenario will verify that we can delete the entry with DN equals to “Little More Blaze Meter”.Add a new LDAP Extended Request Sampler. Choose the “Deletion test” option from the menu. Edit the following properties:Name: DeleteTest: Deletion testDelete: cn=Little More Blaze Meter, ou=usersSingle bind/unbindThis bind is used for user authentication verification. An LDAP client performs a bind with a given distinguished name and a password for an authenticated user. This Single bind/unbind operation is for this purpose. It builds its own separate connection to the LDAP server, performs a bind operation, and ends the connection again (by sending an unbind).In this LDAP test, we check if the connection to the test.com server was established, and then if it was successfully closed.Add a new LDAP Extended Request Sampler. Choose the “Single bind/unbind” option from the menu. Edit the following properties:Name: Single bind/unbindTest: Single bind/unbindServername: test.comPort: 389DN: dc=test,dc=comUsername: cn=admin,dc=test,dc=comPassword: 1234Thread UnbindThis request is a signal to our server that we are going to close our connection.In this example, we verify if our connection to the server was successfully closed.Add a new LDAP Extended Request Sampler. Choose the “Thread Unbind” option from the menu. Edit the following properties:Name: Thread UnbindTest: Thread Unbind4. Finally we should add a listener to view the results.Add → Listener → View Results TreeAnd now our LDAP test looks like this:Now, when running an LDAP test we are able to see information about all our requests.For example, this is the information about the Thread Bind request:Bottom LineCongratulations! Here we are - able to create simple tests for LDAP systems.You can also take your JMX file and test it with BlazeMeter to achieve cloud coverage and more thorough analysis options. to try out BlazeMeter, request a demo or put your URL or jmx file in the box:START TESTING NOW This blog was originally published on April 12, 2017, and has since been updated for accuracy and relevance.