More user attributes

[jmmcatee]

Can we have a flag to pull the full list of LDAP attributes for users? I find myself wanting more information, but not sure it is worth trying to narrow that down. Thoughts?

[edepree]

I have been using the following resource for looking up LDAP user attributes. Would you like to include all of these items as part of that flag?

[jmmcatee]

I do not think we need all of them, but we need someone to spend the time going through all of them and figuring out how to display the ones we need I guess.

On Mon, Dec 14, 2015 at 7:32 AM, Eric DePree [email protected] wrote:

I have been using the following resource for looking up LDAP user attributes http://www.kouti.com/tables/userattributes.htm. Would you like to include all of these items as part of that flag?

— Reply to this email directly or view it on GitHub https://github.com/CroweCybersecurity/ad-ldap-enum/issues/7#issuecomment-164437895 .

[edepree]

I have an implementation strategy in my head to do this request, we just need to find the time (or someone) to research what attributes should be included as part of "all".

[Zamanry]

Revisiting this years later with the tool having been rewritten in ldap3, I agree. I want to add two new features to help some scenarios I've seen:

1. Add a string/list parameter to retrieve additional specific attributes (e.g., GoogleOTP)
2. Add a parameter to output all attribute names for an AD object. That way we can search for any interesting attributes (e.g., GoogleOTP, etc.) and then manually request them using Feature 1. I am hesitant to allow outputting of all attributes for an AD object, by any kind of default. You can use Feature 1 with all the attributes if you really want them.