๐๐๐๐ก๐ง๐ข๐ช๐ฎ๐๐ฌ ๐๐ง๐ ๐๐จ๐จ๐ฅ๐ฌ ๐ข๐ง ๐๐๐๐ ๐๐ฑ๐ฉ๐ฅ๐จ๐ซ๐๐ญ๐ข๐จ๐ง
LDAP (Lightweight Directory Access Protocol) exploration involves finding and querying data about organizations and individuals. Here are some techniques and tools for effective LDAP exploration:
a) LDAP Basics:
Understand the fundamentals of LDAP, including its protocol and purpose in accessing directory information.
b) LDAP Querying:
Learn how to construct LDAP queries to retrieve specific information from directories, such as users, groups, and computers.
c) LDAP Tools:
Utilize specialized tools for LDAP exploration and management. Some recommended tools include Apache Directory Studio and other LDAP measurement and performance tools.
d) Security Considerations:
Be aware of LDAP cybersecurity risks and prevention techniques. Understand the risks associated with LDAP and implement security measures to protect directory information.
e) Active Directory Exploration:
If working within a Windows environment, focus on LDAP reconnaissance techniques for Active Directory, such as LDAP reconnaissance for discovering users, groups, and computers.
By combining these techniques and utilizing recommended tools, you can efficiently explore LDAP directories, ensuring accurate and secure access to directory information.
Sources:
LDAP Authentication From the Command Line in Linux
1. Authentication Using ldapsearch Command
We can use the ldapsearch command to perform LDAP authentication. In essence, we can use three different authentication schemes:
- anonymous bind
- simple plaintext-based authentication
- Simple Authentication and Security Layer (SASL)
Notably, SASL is a more complex approach.
Letโs see each one of them.
1.2 Using Anonymous Bind
Anonymous bind is the most basic method of client authentication. Itโs used when thereโs no need for authentication, i.e., for certain public areas of the LDAP directory. In such cases, a user requires no identity or password for the given operations against the LDAP server.
Letโs process a search against our server using the ldapsearch command. Basically, the ldapsearch command looks for the entries in the LDAP database and returns the results.
Now, letโs use the -x option with the ldapsearch command for an anonymous bind:
$ ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn dn: dc=example,dc=com
dn: cn=admin,dc=example,d...
dn: ou=People,dc=example...
...
"); background-repeat: no-repeat; background-position: center center; background-color: rgb(163, 139, 225);">Copy"); background-repeat: no-repeat; background-position: center center; background-color: rgb(163, 139, 225);">Copy
Since weโve not given any Bind DN using the -D option, no password is needed. Consequently, we have an anonymous bind.
1.3 Using Simple Bind
In simple authentication or simple bind, the DN of the account entry verifies that account for authentication. Along with that, it uses a password to confirm who we are.
Hereโs the syntax for a simple bind or plain text authentication command:
$ ldapsearch -x -H ldap://ldap-server-hostname_or_IP -D "cn=username,ou=users,dc=example,dc=com" -W -b "dc=example,dc=com""); background-repeat: no-repeat; background-position: center center; background-color: rgb(163, 139, 225);">Copy
We can put the values in the above expression as per our requirements:
- ldap-server-hostname โ LDAP serverโs hostname or IP address
- -D โ user we want to authenticate with
- -b โ DN of the search base
Now, letโs see this command in action by trying to authenticate our admin user:
$ ldapsearch -x -D "cn=admin,dc=example,dc=com" -W -H ldap://192.168.62.163 -b "ou=People,dc=example,dc=com"
...
id: baeldung
cn: Baeldung Linux
displayName: Baeldung Linux
uidNumber: 10000
gidNumber: 5000
loginShell: /bin/bash
..."); background-repeat: no-repeat; background-position: center center; background-color: rgb(163, 139, 225);">Copy
Importantly, the -x option means we use simple authentication. The -W option asks for the password of the user at runtime.
Since weโre working at the local server end, we can avoid using the LDAP serverโs hostname or IP address. Thus, we can simply use the ldap:/// notation in this context.
1.4 Using SASL
SASL allows LDAP to work with any accepted authentication method between the LDAP client and server:
$ sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b "dc=example,dc=com" dn
dn: dc=example,dc=com
dn: cn=admin,dc=example,dc=com
dn: ou=People,dc=example,dc=com
dn: ou=Groups,dc=example,dc=com
..."); background-repeat: no-repeat; background-position: center center; background-color: rgb(163, 139, 225);">Copy
Since weโre working on a local server, we can again leave out the server domain name or IP address. However, the ldapi scheme needs a local connection.
The -Q option enables the SASL quiet mode, while the -LLL option just formats the output style. In addition, the -Y option sets the SASL mechanism for authentication, EXTERNAL in this example.
2. Authentication Using ldapwhoami Command
Another way to perform LDAP authentication from the command line in Linux is via the ldapwhoami command. Basically, it has pretty much the same command structure as the ldapsearch command. Also, we can again use anonymous bind, simple bind, and SASL authentication here.
2.1 Using Anonymous Bind
First, letโs see how we can use ldapwhoami command with anonymous bind:
$ ldapwhoami -x -H ldap:///
anonymous"); background-repeat: no-repeat; background-position: center center; background-color: rgb(163, 139, 225);">Copy
Again, the -x option indicates an anonymous bind. Further, providing no bind DN via the -D option confirms it as such.
2.2 Using Simple Bind
Letโs use ldapwhoami to authenticate our admin user using simple bind:
$ ldapwhoami -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -W
Enter LDAP Password:
dn:cn=admin,dc=example,dc=com"); background-repeat: no-repeat; background-position: center center; background-color: rgb(163, 139, 225);">Copy
On successful authentication, we see the DN of the user as the output. Otherwise, we see an error message.
Notably, the options in the above command are the same as the ones used in the ldapsearch case.
2.3 Using SASL Authentication
SASL authentication can also work in a similar way to simple bind with ldapwhoami. Again, in this case, weโre dealing with a local server. Thus, we donโt need to put in the serverโs IP here:
$ ldapwhoami -Y EXTERNAL -H ldapi:/// -Q
dn:gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth