I am wondering whether is it possible or not to establish a connection to a LDAP server via telnet (or some other program) and start making requests and receiving responses as I would normally do with HTTP. In fact, the question is more generic and is related to my misunderstanding of network connections and communications protocols. Let me tell you the idea I have in my mind about this topic:

All application protocols define communication protocols (that is, messages that the server is going to understand and act upon its delivery). If I know how the application protocol works, I can establish a connection to the server (daemon controlling that protocol server-side) and start communicating with the server. For example with HTTP I can establish a connection to an HTTP SERVER via telnet and start talking with him with this requests for example:

GET /users/pepito HTTP/1.1
Host: stackoverflow
Content-Type: text/html

I am expecting this procedure to happen with ANY APPLICATION PROTOCOL. Is this concept right??

I have glimpsed the LDAP Protocol Specification RFC but I did not understand the format of the messages. I mean, I was expecting to read something like HTTP Protocol Specification; but it was like too generic. Can you give me an example of how LDAP search could be made?

The LDAP RFC specifies that LDAP messages are ASN1 encoded. This means the messages are binary data in a special format, instead of text, following a special format. This makes it very hard to write ladap-queries by hand with telnet.

You can, somewhat, with a little help from some command-line friends :-)

Here's a hexdump of a simple LDAP query -- it does the equivalent of ldapsearch -x -b "" -s base objectclass=top:

30 0c 02 01 01 60 07 02 01 03 04 00 80 00
30 2c 02 01 02 63 27 04 00 0a 01 00 0a 01 00 02 01 00 02 01 1e 01 01 00 a3 12 04 0b 6f 62 6a 65 63 74 63 6c 61 73 73 04 03 74 6f 70 30 00

Save this to a file called ldap.hexdump, and then you can use nc:

xxd -r -p ldap.hexdump | nc ldapserver 389

If you want to see the output parsed, you can use unber:

xxd -r -p ldap.hexdump | nc ldapserver 389 | unber -m -

Where this might come in handy is if you can't use ldapsearch for some reason and want to use nc or openssl to test out whether an LDAP server is responding properly. It assumes that the server accepts anonymous binds to query the empty base DN (root DSE).