If you’ve never used, or heard of, LDAPDecoder, then you might find this tool indispensable from your toolset.

What this tool does is allow you to proxy all your LDAP connections through it and it prints, in human readable format, all the connection details, so you can really see what your ldap server is receiving and sending.

For example, lets say I want to see what a BIND request looks like. My OUD server is on demo.idm.guru on port 1389. I’m going to run LDAPDecoder locally, on my laptop, listening on port 1389 then point my LDAP browser to localhost:

java -jar LDAPDecoder.jar -h demo.idm.guru -p 1389 -L 1389 

We then do a simple bind and we see the following the in output:

Listening on for client connections
[06/Oct/2014:09:23:24.934 -0400] -- New client connection from
[06/Oct/2014:09:23:24.961 -0400] -- Read data from the client
Decoded Data from Client:
    LDAP Bind Request
        Message ID:  1
        LDAP Bind Request Protocol Op
            LDAP Version:  3
            Bind DN:  cn=Directory Manager
            Authentication Data:
                Authentication Type:  Simple
                Bind Password:  Passw0rd1!

[06/Oct/2014:09:23:24.987 -0400] -- Read data from the server
Decoded Data from Server:
    LDAP Bind Response
        Message ID:  1
        LDAP Bind Response Protocol Op
            Result Code:  0 (Success)

[06/Oct/2014:09:23:25.002 -0400] -- Read data from the client
Decoded Data from Client:
    LDAP Unbind Request
        Message ID:  2
        LDAP Unbind Request Protocol Op

[06/Oct/2014:09:23:25.004 -0400] -- Connection from closed

It also allows you to setup SSL connections if you take the time to configure it properly.

You can download LDAPDecoder here.