Verify the connection to the Okta LDAP Interface, <subdomain>.ldap.okta.com, using SSL over port 636 and ensure proper authentication for read-only admin accounts by executing an ldapsearch command via a Mac or Linux terminal.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Directories
- LDAP Interface
NOTE: Okta Support cannot assist with the configuration or customization of any third-party application attempting to connect to the Okta LDAP Interface. Contact the application vendor directly for assistance connecting any application to the Okta LDAP Interface.
How is a connection to the Okta LDAP Interface verified?
Validate a connection to the Okta LDAP Interface using SSL over port 636 by executing the ldapsearch command via a Mac or Linux terminal and formatting the Multi-Factor Authentication (MFA) credentials appropriately.
- Open a Mac or Linux terminal.
- Execute the following
ldapsearchcommand, replacing<subdomain>with the Okta subdomain,<user@domain.com>with the full Okta user login of the LDAP Interface read-only admin account, andfirstNamewith the name of a user known to be active in Okta while keeping the wildcard (*) character:
ldapsearch -H ldaps://<subdomain>.ldap.okta.com:636 -D "uid=<user@domain.com>,ou=users,dc=<subdomain>,dc=okta,dc=com" -W -b dc=<subdomain>,dc=okta,dc=com uid="firstName*"
- Enter the LDAP password when prompted. If the read-only admin Okta account used to bind to the Okta LDAP Interface requires MFA, separate the password and the MFA code with a comma. For Okta Verify Push, add a comma and the word
push.
Example:
Enter LDAP Password: mypassword,123456
Enter LDAP Password: mypassword,push
NOTE: Do not use Duo as an MFA factor as the LDAP Interface currently does not support it. For more information, review Okta LDAP Interface Support for Duo Security as an MFA Factor.
Related References
