Skip to main content

LDAP - 389/636

LDAP (Lightweight Directory Access Protocol) is an open, vendor-neutral protocol used for accessing and managing directory services over a network. It provides a structured way to store, retrieve, and modify directory information, such as user credentials, organizational hierarchies, and access control lists.

LDAP is commonly used in enterprise environments for authentication and authorization, enabling applications and services to query user details from centralized directories like Microsoft Active Directory or OpenLDAP. It operates on a client-server model, where an LDAP client sends requests to an LDAP server to search for or modify directory entries.

The most common ports used by LDAP are 389 for standard (unencrypted) communication and 636 for LDAPS (LDAP Secure), which uses SSL/TLS encryption to protect data in transit. Additionally, if using StartTLS, LDAP can also secure communication over port 389 by upgrading a plain-text connection to an encrypted one.

Enumeration

  1. We can use nmap to find port where LDAP is running on.
  2. Below's Block
ldapsearch -H ldap://ldap.rezydev.xyz:389 -D "cn=admin,dc=rezydev,dc=xyz" -w Coolpass123@ -b "ou=users,dc=rezydev,dc=xyz" "(mail=user1@rezydev.xyz)"
# It queries the LDAP server at ldap.rezydev.xyz for the user with the email
# user1@rezydev.xyz, authenticating as cn=admin with the password Coolpass123@.