- Browse the tree - Explore how the DIT is structured and discover LDAP entries in an intuitive interface
- List attributes - Find out about LDAP attributes without writing search filters
- Search and filter - Conveniently search for LDAP entries directly from VS Code
- Export LDAP entries as CSV - Share and analyze LDAP results using a standard CSV format
- Manage bookmarks - Bookmark LDAP entries you often need to check or located in awkward places
- Support for multiple connections - Manage multiple LDAP connections, such as a test and a production connections
- Support for environment variables - Easy integration with containers
- Secure credentials - Bind passwords may be stored encrypted in secret storage, or not stored at all and requested at connection time
See this animation for a demo.
- Open VS Code
- Open the extension view by hitting
Ctrl+Shift+X(orCmd+Shift+X) and install LDAP Explorer - Alternatively, hit
Ctrl+P(orCmd+P) and typeext install fengtan.ldap-explorer
- Open the LDAP Explorer view from the activity bar
- Under panel Connections, click the button Add new connection
- Fill in the connection settings (leave Bind DN and Bind Password empty to bind as anonymous)
- Under panel Connections, click on the connection to activate it
- Now you may browse the tree, manage bookmarks and run search queries from the Tree, Bookmarks and Search panels, respectively
A fieldset TLS options shows up if:
- The connection's protocol is set to ldaps ; or
- The connection's protocol is set to ldap and the checkbox StartTLS is checked
If your server's certificate is self-signed then you may want to list your root Certificate Authority in the view Trusted CA Certificates.
If your server is multi-homed then you may want to set the connection's Server Name Indication (SNI) field to the host being connected to (it should be a host name, not an IP address). Leave this field empty if the certificate matches the host name. The opensslutils extension comes with a handy command to inspect the contents of a certificate, for instance if you need to confirm that the certificate's Common Name (CN) matches the host name.
As a last resort uncheck Verify certificate to skip any certificate verification (not recommended).
When listing LDAP entries, a button labeled Export CSV is provided at the bottom of the page and allows to export the contents as CSV:
This extension contributes the following commands:
- LDAP Explorer: Add new Connection
- LDAP Explorer: Edit Connection
- LDAP Explorer: Delete Connection
- LDAP Explorer: Set active Connection - An active connection is required for the Tree, Bookmarks and Search views to be functional
- LDAP Explorer: Set no active Connection - Clears currently active connection, if any
- LDAP Explorer: Refresh - Refreshes the Trusted CA Certificates, Connections, Tree and Bookmarks views
- LDAP Explorer: Show Attributes - Lists attributes of a given LDAP entry
- LDAP Explorer: Reveal in Tree - Shows a given LDAP entry in the Tree view
- LDAP Explorer: Add to Bookmarks - The LDAP entry will be added to the Bookmarks view
- LDAP Explorer: Remove from Bookmarks - The LDAP entry will be removed from the Bookmarks view
- LDAP Explorer: Add new CA certificate
- LDAP Explorer: Edit CA certificate
- LDAP Explorer: Delete CA certificate
This extension contributes the following settings:
- ldap-explorer.binary-attributes (
["caCertificate", "jpegPhoto", "krbExtraData", "msExchArchiveGUID", "msExchBlockedSendersHash", "msExchMailboxGuid", "msExchSafeSendersHash", "networkAddress", "objectGUID", "objectSid", "userCertificate", "userSMIMECertificate"])
Name of binary attributes (case insentitive). They will be represented as Base64 strings.
- ldap-explorer.binary-decode (
true)
If true then the objectGUID and objectSid binary attributes will be decoded and represented as text values regardless of whether they are listed in ldap-explorer.binary-attributes.
objectGUIDwill be represented as UUID text.objectSidwill be represented as Microsoft Active Directory security identifier (SID) text.
- ldap-explorer.cacerts (
[])
List of trusted root certificates. Example:
{
"ldap-explorer.cacerts": [
"/etc/ca-certificates/myRootCA.crt"
]
}- ldap-explorer.connections (
[])
List of LDAP connections. Example:
{
"ldap-explorer.connections": [
{
"name": "ACME prod",
"protocol": "ldap",
"starttls": "false",
"verifycert": "true",
"sni": "",
"host": "acme.example.net",
"port": "389",
"binddn": "cn=admin,dc=example,dc=org",
"pwdmode": "settings",
"bindpwd": "foobar", // Only applicable if "pwdmode" is "settings"
"basedn": "dc=example,dc=org",
"limit": "0",
"paged": "true",
"connectTimeout": "5000",
"timeout": "5000",
"bookmarks": [
"cn=readers,ou=users,dc=example,dc=org"
]
}
]
}Supported values for pwdmode:
secretwill read the bind password from secret storage (encrypted)askwill ask for the bind password at connection timesettingswill read the bind password as plaint text from settings (connection attributebindpwd)
- ldap-explorer.show-tree-item-icons (
false)
If set to true, LDAP entries in the Tree view will be rendered with an icon based on their entity type:
dc,c,oorou: organization iconcn: person icon- otherwise: primitive square icon
ldap-explorer.show-tree-item-icons: false |
ldap-explorer.show-tree-item-icons: true |
|---|---|
 |
 |
- ldap-explorer.sort-attributes (
false)
If set to false, LDAP attributes will be displayed in the order received from the LDAP server.
If set to true, they will be ordered alphabetically by name.
No support for
- LDAP aliases - not supported by ldapjs
- SASL / GSSAPI binding - not supported by ldapjs
- LDIF syntax if you work with LDIF files
- opensslutils if you need to troubleshoot TLS connections (LDAPS or StartTLS)
- Apache Directory Studio is a fully-featured LDAP client based on Eclipse RCP
- JXplorer is a cross-platform LDAP browser and editor with many features
- ldapsearch is a command-line tool for *nix systems
- dsquery is a command-line tool for Windows
- LEX is a Windows-only desktop client that requires a paying license (a free trial is offered)
- Many others
See CONTRIBUTING.md.
See CHANGELOG.md.
This extension is powered by ldapjs.
Main icon by Freepik from Flaticon is licensed by CC 3.0 BY.