LDAP (Lightweight Directory Access Protocol) is a protocol used to access and manage directory information
A directory is a hierarchical data store that contains information about network resources such as users, groups, computers, printers, and other devices
LDAP Functionality:
LDAP Issues:
LDAP is commonly used for providing a central location for accessing and managing directory services.
LDAP Use cases:
Implementations of LDAP: OpenLDAP and Microsoft LDAP
Although LDAP and AD are related, they serve different purposes. LDAP is a protocol that specifies the method of accessing and modifying directory services, whereas AD is a directory service that stores and manages user and computer data. While LDAP can communicate with AD and other directory services, it is not a directory service itself. AD offers extra functionalities such as policy administration, single sign-on, and integration with various Microsoft products.
ldapsearch
cli tool to search for info stored in a directory using the ldap protocol
bind/authenticate as admin@example.com with the password secret123
search under the base DN (Distinguished Name)
ou=people,dc=example,dc=com
Use the filter (mail=john.doe@example.com) to find entries that have this email address.
Response:
LDAP Injection
LDAP injection is an attack that exploits web applications that use LDAP (Lightweight Directory Access Protocol) for authentication or storing user information.
eg: an app uses this LDAP query to authenticate users
