Awesome LDAP

Useful resources for learning more about and using LDAP whether you are a developer, pentester, network defender or something else cool!

• View: https://brie.gitlab.io/awesome-ldap/

• Contribute: https://gitlab.com/brie/awesome-ldap

My objective is to make this a useful resource for people with varying levels of experience with LDAP. Do not hesitate to suggest good quality introductory material.

Implementations

• OpenDJ
• OpenLDAP
• 389 Directory
• ReOpenLDAP - A production-ready replacement for OpenLDAP

Suites

• FreeIPA - An integrated security information management solution that includes 389 Directory Server
• Gluu
• Keycloak - Open Source Identity and Access Management

Containers

• osixia/openldap - One of the most recommended OpenLDAP containers
• osixia/phpldapadmin - A great companion to the container above! This guide walks you through configuring them together.
• LDAP in containers blog post from https://therubyist.org.

LDAP Clients, Tools and Utilities

• Apache Directory Studio
• Client APIs - List of LDAP libraries for languages from Ada to Swift on ldap.com
• lb - LDAP benchmarking tool
• ldapfs - LDAP browsing via FUSE filesystem mount
• LDAP Tool Box project
• OpenLDAP Helper Scripts
• phpLDAPadmin - Web-based LDAP browser to manage your LDAP server

LDAP + Pentesting

• Dump LAPS passwords with ldapsearch
• Fun with LDAP, Kerberos (and MSRPC) in AD Environments
• LDAP Injection Prevention Cheat Sheet
• LDAP Injection & Blind LDAP Injection in Web Applications
• Testing for LDAP Injection (OTG-INPVAL-006)
• Understanding and Exploiting Web-based LDAP
• windapsearch - A tool that aims to automate some of the most useful LDAP queries a pentester would want to perform in an AD environment.

NSE Scripts

• ldap-search
• ldap-rootdse

Using NSE Scripts

• Searching LDAP using Nmap's ldap-search.nse script - Several practical applications

Articles, Papers Walkthroughs

• Build an OpenLDAP Docker Image That’s Populated With Users
• Creating Active Directory Accounts: Using LDIF files and OpenLDAP tools
• Hacking into an LDAP or Active Directory service - "note: this isn't pentesting but just gentle digging"
• 2020 LDAP channel binding and LDAP signing requirements for Windows
• Interacting with an LDAP server using Ruby - This is a little dated but would be great in conjunction with the containers noted above.
• Full Ruby LDAP docs

LDIF

LDIF is the LDAP Data Interchange Format. LDIF files are flat text files.

• dbgen.pl - Perl
• LDIF Parser and Generator - Python
• LDIFDE - Export / Import data from Active Directory - LDIFDE commands
• schema2ldif: Tool for converting OpenLDAP-style schemas to the LDIF format - Perl

RFCs

• RFC 2849 - The LDAP Data Interchange Format (LDIF) - Technical Specification
• RFC 4510 - Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
• RFC 4515 - Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters

Terminology

These are some of the best available glossaries and other resources for learning more about LDAP terminology.

• Glossary of LDAP and Directory Terminology
• LDAP - Object Classes and Attributes

Other Awesome Lists

• LDAP section of awesome-sysadmin
• LDAP section of awesome security hardening

Books

• Understanding LDAP Design and Implementation - Free PDF from IBM

Conferences and Education

• LDAPCon
• Videos from LDAPCon 2019

Support Channels

• OpenLDAP Issue Tracking System
• openldap.org mailing lists - If you are reading this, you may wish to subscribe to openldap-technical.

Miscellaneous

• /r/ldap - The LDAP subreddit
• Public LDAP Servers