nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard
verified publisher icon projectdiscovery

[BUG] ... LDAP "In order to perform this operation a successful bind must be completed on the connection" Error

Open pussycat0x opened this issue 8 months ago • 2 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues.

Current Behavior

am getting an error while using client.Search function error

error": "ldap search request failed: LDAP Result Code 1 "Operations Error": 000004DC: LdapErr: DSID-0C090C78, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4f7c at reflect.methodValueCall (native)",

Reference Template:

id: ldap-search

info:
  name: LDAP - search Test
  author: pussycat0x
  severity: info
  description: |
    Attempts to list the supported capabilities in a SMBv2 server for each enabled dialect.
  reference:
    - https://docs.projectdiscovery.io/templates/protocols/javascript/modules/ldap.Client
  metadata:
    max-request: 1
    shodan-query: ldap
  tags: js,network,ldap,anonymous

javascript:
  - code: |
      let ldap = require('nuclei/ldap');
      let cfg = new ldap.Config();
      cfg.Upgrade = true;
      let client = new ldap.Client(Host,Ldap,Port,cfg);
      let result1 = client.Authenticate('', '');
      const dcs  =  client.Search('(objectClass=*)', 'iim', 'com');

      log(dcs);

    args:
      Host: "ldap://{{Host}}"
      Ldap: "iim.com"
      Port: 3268
      
    extractors:
      - type: dsl
        dsl:
          - response

Expected Behavior

.

Steps To Reproduce

nuclei -u 127.0.0.1 -t template.yaml

Relevant log output

Environment

- OS: 
- Nuclei: 
- Go:

Anything else?

No response

pussycat0x avatar May 06 '25 08:05 pussycat0x

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions!

github-actions[bot] avatar Aug 10 '25 00:08 github-actions[bot]

Looks like legitimate behaviour, the server requires authentication for any non-empty basedn:

% ldapsearch -H ldap://xx.xx.xx.xx:3268 -x -b "dc=iim,dc=com" "(objectClass=*)" -v
# extended LDIF
#
# LDAPv3
# base <dc=iim,dc=com> with scope subtree
# filter: (objectClass=*)
# requesting: -v
#

# search result
search: 2
result: 1 Operations error
text: 000004DC: LdapErr: DSID-0C090C78, comment: In order to perform this ope
 ration a successful bind must be completed on the connection., data 0, v4f7c

# numResponses: 1

Mzack9999 avatar Aug 21 '25 19:08 Mzack9999