Differences between revisions 8 and 9
Revision 8 as of 2007-11-02 03:23:46
Size: 2331
Comment:
Revision 9 as of 2008-04-12 17:50:31
Size: 2357
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
The Lightweight Directory Access Protocol: The protocol accessing data from directory services like [http://www.openldap.org/ OpenLDAP], [http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx Microsoft Active Directory], [http://enterprise.netscape.com/ Netscape Directory Server] or [http://www.novell.com/products/edirectory/ Novell eDirectory]. The Lightweight Directory Access Protocol: The protocol accessing data from directory services like [[http://www.openldap.org/|OpenLDAP]], [[http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx|Microsoft Active Directory]], [[http://enterprise.netscape.com/|Netscape Directory Server]] or [[http://www.novell.com/products/edirectory/|Novell eDirectory]].
Line 8: Line 8:
LDAP was developed as simple access protocol for ["X.500"] databases. LDAP was developed as simple access protocol for [[X.500]] databases.
Line 12: Line 12:
 * ["TCP"]/["UDP"]: Typically, LDAP uses ["TCP"] or ["UDP"] (aka ["CLDAP"]) as its transport protocol. The well known TCP and UDP port for LDAP traffic is 389.
 * ["SSL"]/["TLS"]: LDAP can also be tunneled through ["SSL"]/["TLS"] encrypted connections. The well known TCP port for ["SSL"] is 636 while ["TLS"] is negotiated within a plain ["TCP"] connection on port 389.
 * [[TCP]]/[[UDP]]: Typically, LDAP uses [[TCP]] or [[UDP]] (aka [[CLDAP]]) as its transport protocol. The well known TCP and UDP port for LDAP traffic is 389.
 * [[SSL]]/[[TLS]]: LDAP can also be tunneled through [[SSL]]/[[TLS]] encrypted connections. The well known TCP port for [[SSL]] is 636 while [[TLS]] is negotiated within a plain [[TCP]] connection on port 389.
Line 29: Line 29:
attachment:SampleCaptures/ldap-controls-dirsync-01.cap Sample LDAP PDU with DIRSYNC CONTROLS [[attachment:SampleCaptures/ldap-controls-dirsync-01.cap]] Sample LDAP PDU with DIRSYNC CONTROLS
Line 31: Line 31:
attachment:SampleCaptures/ldap-krb5-sign-seal-01.cap Sample GSSAPI-KRB5 signed and sealed LDAP PDU [[attachment:SampleCaptures/ldap-krb5-sign-seal-01.cap]] Sample GSSAPI-KRB5 signed and sealed LDAP PDU
Line 35: Line 35:
A complete list of LDAP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/l/ldap.html LDAP display filter reference] A complete list of LDAP display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/l/ldap.html|LDAP display filter reference]]
Line 42: Line 42:
You cannot directly filter LDAP protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one. You cannot directly filter LDAP protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.
Line 50: Line 50:
 * [http://www.ietf.org/rfc/rfc1777.txt LDAPv2 - RFC 1777]
 * [http://www.ietf.org/rfc/rfc2251.txt LDAPv3 - RFC 2251]
 * Additional links can be found here: [http://www.mozilla.org/directory/standards.html http://www.mozilla.org/directory/standards.html]
 * [http://blog.eukhost.com/2006/11/02/lightweight-directory-access-protocol Summarization of LDAP]
 * [[http://www.ietf.org/rfc/rfc1777.txt|LDAPv2 - RFC 1777]]
 * [[http://www.ietf.org/rfc/rfc2251.txt|LDAPv3 - RFC 2251]]
 * Additional links can be found here: [[http://www.mozilla.org/directory/standards.html|http://www.mozilla.org/directory/standards.html]]
 * [[http://blog.eukhost.com/2006/11/02/lightweight-directory-access-protocol|Summarization of LDAP]]

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol: The protocol accessing data from directory services like OpenLDAP, Microsoft Active Directory, Netscape Directory Server or Novell eDirectory.

History

LDAP was developed as simple access protocol for X.500 databases.

Protocol dependencies

  • TCP/UDP: Typically, LDAP uses TCP or UDP (aka CLDAP) as its transport protocol. The well known TCP and UDP port for LDAP traffic is 389.

  • SSL/TLS: LDAP can also be tunneled through SSL/TLS encrypted connections. The well known TCP port for SSL is 636 while TLS is negotiated within a plain TCP connection on port 389.

Example traffic

TODO: - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The LDAP dissector is (fully functional).

Preference Settings

TODO: - Add links to preference settings affecting how LDAP is dissected.

Example capture file

SampleCaptures/ldap-controls-dirsync-01.cap Sample LDAP PDU with DIRSYNC CONTROLS

SampleCaptures/ldap-krb5-sign-seal-01.cap Sample GSSAPI-KRB5 signed and sealed LDAP PDU

Display Filter

A complete list of LDAP display filter fields can be found in the LDAP display filter reference

  • Show only the LDAP based traffic:

     ldap 

Capture Filter

You cannot directly filter LDAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Capture LDAP traffic over the default port (389):

     tcp port 389 

Discussion

LDAP (last edited 2013-05-30 16:06:57 by SakeBlok)