This wiki has been migrated to and is now deprecated. Please use that site instead.

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol: The protocol accessing data from directory services like OpenLDAP, Microsoft Active Directory, Netscape Directory Server or Novell eDirectory.


LDAP was developed as simple access protocol for X.500 databases.

Protocol dependencies

Example traffic

TODO: - Add example traffic here (as plain text or Wireshark screenshot).


The LDAP dissector is (fully functional).

Preference Settings

TODO: - Add links to preference settings affecting how LDAP is dissected.

Example capture file

SampleCaptures/ldap-controls-dirsync-01.cap Sample LDAP PDU with DIRSYNC CONTROLS

SampleCaptures/ldap-krb5-sign-seal-01.cap Sample GSSAPI-KRB5 signed and sealed LDAP PDU

Display Filter

A complete list of LDAP display filter fields can be found in the LDAP display filter reference

Capture Filter

You cannot directly filter LDAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.