Re: LDAP directory

From: Archive User (archiveat_private)
Date: Wed Aug 01 2001 - 22:28:19 PDT

  • Next message: BUGTRAQ: "RE: LDAP directory"

    Peter,
    
    The weakness of any ldap system is the acl's. 
    Most acl's for ldap system are complicated enough 
    that many people give to much privledge in the hope
    of getting things working. You will need to determine
    what users have valid accounts on the ldap system 
    for administrative access. The default account for 
    openldap is "cn=Manager,dc=example,dc=com" and 
    password is secret. I would imagine most folks
    change the password and dc=example,dc=com but leave
    manager as the cn. 
    
    See http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control
    
    for detailed info on openldaps acl system. 
    
    A brute force password attack could work easily against
    the server since there are no delays built into the protocol/server 
    as far as I am aware. The attack would obviously be logged. 
    
    Once you can bind as any authenticated user you should 
    investigate what your acl privlages are. You might find 
    that you can do things you shouldnt be able to as a normal
    user. 
    
    Mike
    
    On Wed, 1 Aug 2001, Peter Raven wrote:
    > Hi there,
    > 
    > does anyone have good starting points for pen-testing an LDAP directory 
    > server? I'm looking for a threat analyses, security checklists, tools
    > and personal experiences especially on the LDAP service; not on the
    > operating system.
    > 
    > Thanks and greetings
    > Peter
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    



    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 13:08:09 PDT