Differences between revisions 11 and 12
Revision 11 as of 2009-12-03 19:24:30
Size: 2442
Comment:
Revision 12 as of 2013-05-30 16:06:57
Size: 2339
Editor: SakeBlok
Comment: Removed dead link...
Deletions are marked like this. Additions are marked like this.
Line 54: Line 54:
 * [[http://blog.eukhost.com/2006/11/02/lightweight-directory-access-protocol|Summarization of LDAP]]

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol: The protocol accessing data from directory services like OpenLDAP, Microsoft Active Directory, Netscape Directory Server or Novell eDirectory.

History

LDAP was developed as simple access protocol for X.500 databases.

Protocol dependencies

  • TCP/UDP: Typically, LDAP uses TCP or UDP (aka CLDAP) as its transport protocol. The well known TCP and UDP port for LDAP traffic is 389.

  • SSL/TLS: LDAP can also be tunneled through SSL/TLS encrypted connections. The well known TCP port for SSL is 636 while TLS is negotiated within a plain TCP connection on port 389.

Example traffic

TODO: - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The LDAP dissector is (fully functional).

Preference Settings

TODO: - Add links to preference settings affecting how LDAP is dissected.

Example capture file

SampleCaptures/ldap-controls-dirsync-01.cap Sample LDAP PDU with DIRSYNC CONTROLS

SampleCaptures/ldap-krb5-sign-seal-01.cap Sample GSSAPI-KRB5 signed and sealed LDAP PDU

Display Filter

A complete list of LDAP display filter fields can be found in the LDAP display filter reference

  • Show only the LDAP based traffic:

     ldap 

Capture Filter

You cannot directly filter LDAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Capture LDAP traffic over the default port (389):

     tcp port 389 

Discussion

LDAP (last edited 2013-05-30 16:06:57 by SakeBlok)