LDAP Explorer

LDAP client for VS Code.

Features

• Browse the tree - Explore how the DIT is structured and discover LDAP entries in an intuitive interface
• List attributes - Find out about LDAP attributes without writing search filters
• Search and filter - Conveniently search for LDAP entries directly from VS Code
• Export LDAP entries as CSV - Share and analyze LDAP results using a standard CSV format
• Manage bookmarks - Bookmark LDAP entries you often need to check or located in awkward places
• Support for multiple connections - Manage multiple LDAP connections, such as a test and a production connections
• Support for environment variables - Easy integration with containers and increased security: you don't have to store your bind credentials unencrypted in VS Code settings

Demo

See this animation for a demo.

Installation

• Open VS Code
• Open the extension view by hitting Ctrl+Shift+X (or Cmd+Shift+X) and install LDAP Explorer
• Alternatively, hit Ctrl+P (or Cmd+P) and type ext install fengtan.ldap-explorer

Usage

Connecting to an LDAP server

1. Open the LDAP Explorer view from the activity bar
2. Under panel Connections, click the button Add new connection
3. Fill in the connection settings (leave Bind DN and Bind Password empty to bind as anonymous)
4. Under panel Connections, click on the connection to activate it
5. Now you may browse the tree, manage bookmarks and run search queries from the Tree, Bookmarks and Search panels, respectively

TLS

A fieldset TLS options shows up if:

• The connection's protocol is set to ldaps ; or
• The connection's protocol is set to ldap and the checkbox StartTLS is checked

If your server's certificate is self-signed then you may want to list your root Certificate Authority in the view Trusted CA Certificates.

If your server is multi-homed then you may want to set the connection's Server Name Indication (SNI) field to the host being connected to (it should be a host name, not an IP address). Leave this field empty if the certificate matches the host name. The opensslutils extension comes with a handy command to inspect the contents of a certificate, for instance if you need to confirm that the certificate's Common Name (CN) matches the host name.

As a last resort uncheck Verify certificate to skip any certificate verification (not recommended).

CSV export

When listing LDAP entries, a button labeled Export CSV is provided at the bottom of the page and allows to export the contents as CSV:

Commands

This extension contributes the following commands:

• LDAP Explorer: Add new Connection
• LDAP Explorer: Edit Connection
• LDAP Explorer: Delete Connection
• LDAP Explorer: Set active Connection - An active connection is required for the Tree, Bookmarks and Search views to be functional
• LDAP Explorer: Set no active Connection - Clears currently active connection, if any
• LDAP Explorer: Refresh - Refreshes the Trusted CA Certificates, Connections, Tree and Bookmarks views
• LDAP Explorer: Show Attributes - Lists attributes of a given LDAP entry
• LDAP Explorer: Reveal in Tree - Shows a given LDAP entry in the Tree view
• LDAP Explorer: Add to Bookmarks - The LDAP entry will be added to the Bookmarks view
• LDAP Explorer: Remove from Bookmarks - The LDAP entry will be removed from the Bookmarks view
• LDAP Explorer: Add new CA certificate
• LDAP Explorer: Edit CA certificate
• LDAP Explorer: Delete CA certificate

Configuration

This extension contributes the following settings:

• ldap-explorer.show-tree-item-icons (false)

If set to true, LDAP entries in the Tree view will be rendered with an icon based on their entity type:

• dc, c, o or ou: organization icon
• cn: person icon
• otherwise: primitive square icon

ldap-explorer.show-tree-item-icons: false	ldap-explorer.show-tree-item-icons: true

• ldap-explorer.connections ([])

List of LDAP connections. Example:

{
  "ldap-explorer.connections": [
    {
      "name": "ACME prod",
      "protocol": "ldap",
      "starttls": "false",
      "verifycert": "true",
      "sni": "",
      "host": "acme.example.net",
      "port": "389",
      "binddn": "cn=admin,dc=example,dc=org",
      "bindpwd": "foobar",
      "basedn": "dc=example,dc=org",
      "limit": "0",
      "paged": "true",
      "timeout": "5000",
      "bookmarks": [
        "cn=readers,ou=users,dc=example,dc=org"
      ]
    }
  ]
}

• ldap-explorer.cacerts ([])

List of trusted root certificates. Example:

{
  "ldap-explorer.cacerts": [
    "/etc/ca-certificates/myRootCA.crt"
  ]
}

Known limitations

No support for

• LDAP aliases - not supported by ldapjs
• SASL / GSSAPI binding - not supported by ldapjs

Recommended extensions

• LDIF syntax if you work with LDIF files
• opensslutils if you need to troubleshoot TLS connections (LDAPS or StartTLS)

Alternative tools

• Apache Directory Studio is a fully-featured LDAP client based on Eclipse RCP

• JXplorer is a cross-platform LDAP browser and editor with many features
• ldapsearch is a command-line tool for *nix systems

• dsquery is a command-line tool for Windows

• LEX is a Windows-only desktop client that requires a paying license (a free trial is offered)
• Many others

Contributing

See CONTRIBUTING.md.

Changelog

See CHANGELOG.md.

Credits

This extension is powered by ldapjs.

Main icon by Freepik from Flaticon is licensed by CC 3.0 BY.