Differences between revisions 6 and 7
Revision 6 as of 2006-06-05 03:19:18
Size: 2216
Editor: localhost
Revision 7 as of 2006-11-27 13:50:28
Size: 2315
Editor: 203
Deletions are marked like this. Additions are marked like this.
Line 53: Line 53:
 * [http://blog.eukhost.com/2006/11/02/lightweight-directory-access-protocol Summarization of LDAP]

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol: The protocol accessing data from directory services like [http://www.openldap.org/ OpenLDAP], [http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx Microsoft Active Directory], [http://enterprise.netscape.com/ Netscape Directory Server] or [http://www.novell.com/products/edirectory/ Novell eDirectory].


LDAP was developed as simple access protocol for ["X.500"] databases.

Protocol dependencies

  • ["TCP"]/["UDP"]: Typically, LDAP uses ["TCP"] or ["UDP"] as its transport protocol. The well known TCP and UDP port for LDAP traffic is 389.
  • ["SSL"]/["TLS"]: LDAP can also be tunneled through ["SSL"]/["TLS"] encrypted connections. The well known TCP port for ["SSL"] is 636 while ["TLS"] is negotiated within a plain ["TCP"] connection on port 389.

Example traffic

TODO: - Add example traffic here (as plain text or Wireshark screenshot).


The LDAP dissector is (fully functional).

Preference Settings

TODO: - Add links to preference settings affecting how LDAP is dissected.

Example capture file

attachment:SampleCaptures/ldap-controls-dirsync-01.cap Sample LDAP PDU with DIRSYNC CONTROLS

attachment:SampleCaptures/ldap-krb5-sign-seal-01.cap Sample GSSAPI-KRB5 signed and sealed LDAP PDU

Display Filter

A complete list of LDAP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/l/ldap.html LDAP display filter reference]

  • Show only the LDAP based traffic:


Capture Filter

You cannot directly filter LDAP protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture LDAP traffic over the default port (389):

     tcp port 389 


LDAP (last edited 2013-05-30 16:06:57 by SakeBlok)