Useful resources for learning more about and using LDAP whether you are a developer, pentester, network defender or something else cool!
-
Contribute: https://gitlab.com/brie/awesome-ldap
My objective is to make this a useful resource for people with varying levels of experience with LDAP. Do not hesitate to suggest good quality introductory material.
The best write-ups and references for our friend:
ldapsearch!
- OpenDJ
- OpenLDAP
- 389 Directory
- ReOpenLDAP - A production-ready replacement for OpenLDAP
- FreeIPA - An integrated security information management solution that includes 389 Directory Server
- Gluu
- Keycloak - Open Source Identity and Access Management
- osixia/openldap - One of the most recommended OpenLDAP containers
- osixia/phpldapadmin - A great companion to the container above! This guide walks you through configuring them together. It uses Ubuntu 16.04 so use for legacy purposes.
- LDAP in containers blog post from
https://therubyist.org.
- OpenLDAP Helm Chart - using the osixia/docker-openldap container
- Create An OpenLDAP server with Bitnami Containers on Kubernetes
- Installing OpenLDAP on Kubernetes with Helm -
- Azure Active Directory
- JumpCloud
- Google Cloud supports LDAP with Cloud Identity and G Suite
- LogonBox
- Apache Directory Studio
- Client APIs - List of LDAP libraries for languages from Ada to Swift on
ldap.com - lb - LDAP benchmarking tool
- ldapfs - LDAP browsing via FUSE filesystem mount
- LDAP Tool Box project
- OpenLDAP Helper Scripts
- phpLDAPadmin - Web-based LDAP browser to manage your LDAP server
- PHPLdapTools
- Lex - The LDAP Explorer - Windows only
- Dump LAPS passwords with ldapsearch
- Fun with LDAP, Kerberos (and MSRPC) in AD Environments
- LDAP Injection Prevention Cheat Sheet
- LDAP Injection & Blind LDAP Injection in Web Applications
- Testing for LDAP Injection (OTG-INPVAL-006)
- Understanding and Exploiting Web-based LDAP
- windapsearch - A tool that aims to automate some of the most useful LDAP queries a pentester would want to perform in an AD environment.
- Searching LDAP using Nmap's ldap-search.nse script - Several practical applications
LDIF is the LDAP Data Interchange Format. LDIF files are flat text files.
- dbgen.pl - Perl
- LDIF Parser and Generator - Python
- LDIFDE - Export / Import data from Active Directory - LDIFDE commands
- schema2ldif: Tool for converting OpenLDAP-style schemas to the LDIF format - Perl
- RFC 2849 - The LDAP Data Interchange Format (LDIF) - Technical Specification
- RFC 4510 - Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
- RFC 4515 - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters
These are some of the best available glossaries and other resources for learning more about LDAP terminology.
- Glossary of LDAP and Directory Terminology
- LDAP - Object Classes and Attributes
- LDAP attributes and associated fields
- Understanding LDAP Design and Implementation - Free PDF from IBM
- OpenLDAP Issue Tracking System
- openldap.org mailing lists - If you are reading this, you may wish to subscribe to
openldap-technical. - /r/ldap - The LDAP subreddit
- JumpCloud has some LDAP Authentication Examples in a variety of languages
LDAP servers available for testing...
- Online LDAP Test Server - Creds for a read-only bind DN.
- Public LDAP Servers
- The LDAP Scripting Tutorial
- Use LDAP search rules to synchronize data
- Build an OpenLDAP Docker Image That’s Populated With Users
- Creating Active Directory Accounts: Using LDIF files and OpenLDAP tools
- Hacking into an LDAP or Active Directory service - "note: this isn't pentesting but just gentle digging"
- 2020 LDAP channel binding and LDAP signing requirements for Windows
- Interacting with an LDAP server using Ruby - This is a little dated but would be great in conjunction with the containers noted above.
- Full Ruby LDAP docs