I wrote a tool for testing LDAP bind,serach with IBM IDS, MS AD.
It is useful for troubleshooting (with turning JSSE tracing on) and helped one of my coworker to slove his AD problem which turns out to be a SSL cert problem.
Things that are interesting:
1. I used a local trust store instead of messing up the JRE's cacerts.
2. LDAPS uses 636 as default port.
3. I use Jython for gluing java code (JNDI/LDAP bind, search). My view of using jython is use as much Java library (JNDI provider in this case) as possible. The reason is simple, our applications are written in Java and I want to mimic the behavior of the applications as a LDAP client. Then Why use Jython? it is darn fast for me to change the code hence timer saver. So I can enjoy more life besides coding:-).