Is it possible to send LDAP "requests" via telnet?

You can, somewhat, with a little help from some command-line friends :-)

Here's a hexdump of a simple LDAP query -- it does the equivalent of ldapsearch -x -b "" -s base objectclass=top:

30 0c 02 01 01 60 07 02 01 03 04 00 80 00
30 2c 02 01 02 63 27 04 00 0a 01 00 0a 01 00 02 01 00 02 01 1e 01 01 00 a3 12 04 0b 6f 62 6a 65 63 74 63 6c 61 73 73 04 03 74 6f 70 30 00

Save this to a file called ldap.hexdump, and then you can use nc:

xxd -r -p ldap.hexdump | nc ldapserver 389

If you want to see the output parsed, you can use unber:

xxd -r -p ldap.hexdump | nc ldapserver 389 | unber -m -

Where this might come in handy is if you can't use ldapsearch for some reason and want to use nc or openssl to test out whether an LDAP server is responding properly. It assumes that the server accepts anonymous binds to query the empty base DN (root DSE).

The LDAP RFC specifies that LDAP messages are ASN1 encoded. This means the messages are binary data in a special format, instead of text, following a special format. This makes it very hard to write ladap-queries by hand with telnet.