Here are instructions on how to validate a connection to the Okta LDAP interface, [subdomain].ldap.okta.com, using SSL over port 636.
- Directories
- LDAP Interface
- LDAP Search
NOTE: Okta Support cannot assist with the configuration or customizations of any 3rd party application attempting to connect to the Okta LDAP Interface. Please contact the vendor that provides the application for assistance with that type of configuration.
Follow the steps or the video below.
- Validate a connection to the Okta LDAP Interface using SSL over port 636 using the command
ldapsearchvia a Mac or Linux terminal. - Replace each instance of
[subdomain]with the Okta Subdomain. - Replace
[user@domain.com]with the full Okta User Login of the LDAP Interface read-only Admin account. - Change "firstName" to the name of a user known to be active in Okta. Keep the Wildcard (*) character.
ldapsearch -H ldaps://[subdomain].ldap.okta.com:636 -D "uid=[user@domain.com],ou=users,dc=[subdomain],dc=okta,dc=com" -W -b dc=[subdomain],dc=okta,dc=com uid="firstName*"
If the Read-only Admin Okta account used to bind to the Okta LDAP Interface is set up to use MFA, separate the password and the MFA code with a comma. For Push MFA, add a comma and the word 'push':
Example:
Enter LDAP Password: mypassword,123456
Enter LDAP Password: mypassword,push
Do not use DUO as an MFA Factor because the LDAP Interface currently does not support it. For more information, please refer to the Does DUO Security Work as an MFA Factor for LDAP Interface documentation.
