Peter, The weakness of any ldap system is the acl's. Most acl's for ldap system are complicated enough that many people give to much privledge in the hope of getting things working. You will need to determine what users have valid accounts on the ldap system for administrative access. The default account for openldap is "cn=Manager,dc=example,dc=com" and password is secret. I would imagine most folks change the password and dc=example,dc=com but leave manager as the cn. See http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control for detailed info on openldaps acl system. A brute force password attack could work easily against the server since there are no delays built into the protocol/server as far as I am aware. The attack would obviously be logged. Once you can bind as any authenticated user you should investigate what your acl privlages are. You might find that you can do things you shouldnt be able to as a normal user. Mike On Wed, 1 Aug 2001, Peter Raven wrote: > Hi there, > > does anyone have good starting points for pen-testing an LDAP directory > server? I'm looking for a threat analyses, security checklists, tools > and personal experiences especially on the LDAP service; not on the > operating system. > > Thanks and greetings > Peter ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 13:08:09 PDT