Today I would like to give us a nice walk-through of how to setup LDAP on a Nessus scanner. Currently as far as I know LDAP is supported but not SAML for Nessus scanners. SAML is supported in other products built by Tenable but not on a base scanner.
LDAP is a windows specific login form that uses Active Directory and is great for enterprise environments. More info here on LDAP : https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/lightweight-directory-access-protocol-ldap-api
Now Tenable itself does have some good documentation on LDAP setup here: https://docs.tenable.com/nessus/Content/ConfigureAnLDAPServer.htm,
I would like however to add a bit of detail on some smaller steps that may still seem confusing when first attempting to use it.
Host: In this case we use the IP address of the LDAP server, basically pointing us in the correct direction to obtain the credential.
Port: LDAP is known to use two different ports usually 389 (unencrypted) and 686 LDAPS (encrypted). This will always depend on your environment.
Now onto Base DN: This is short hand for Base Distinguished Name, and what we are really providing for the LDAP query here is the starting point where we want the query to begin it’s user search.
we see in our example above cn=users, dc=example,dc=com. What do these mean?
CN: Common Name, this usually takes the form of the user’s email address in the active directory environment.
DC = Domain Component, this is usually the secondary domain being used by the company you work from (ie:medium.com) it would be just (medium) followed by it’s top-level domain (.com).
So let’s say you were looking to query users on your LDAP server and you worked at medium. it would be; cn=users,dc=medium,dc=com
(Note: if you are looking for a Bind DN you can use a command like the following)
C:\Users\Administrator>dsquery user -name <Users Name> *Once you have the user and you enter it into LDAP you can click the test LDAP option. You should see a success if you have entered the information properly.
Advanced Settings
The only part of the advanced settings I wanted to touch on here would be the Username Attribute
Username Attribute: we have an example here showing sAMAccountName, so what does this mean and why the weird uppercase?
This is a hold over from older version of active directory basically, it meant to use the domain/user syntax. The SAM account name, also known as a pre-Windows 2000 logon name, is part of an account when created in AD and can be found for any account with a simple PowerShell query.
Get-ADUser -Filter * | Select GivenName, SAMAccountNameand then we can list the larger object information with the following query
Get-ADUser -Identity "SamAccountNameprovidedfromlastcommand"That is all for LDAP in Nessus, it is pretty straightforward once you set this up a few times. Feel free to send any questions my way!
