RE: LDAP directory

From: Sacha Faust (sachaat_private)
Date: Mon Aug 06 2001 - 16:14:07 PDT

  • Next message: James W. Abendschan: "ATM packet sniffing on a Cisco?"

    finding LDAP users can change depending on what you consider a user.
    You need to identify what objectclass and attributes are used in the user
    Netscape Directory Server( iPlanet Directory ) use
    objectClass: person
    to define a user object by default. Things to scan for to find users is
    email, name, uid, person, ....
    Just try to understand what the Directory is for and then search for
    relevant information.
    It's often very easy to find search base for users when you query the LDAP
    root dse for information and then looking
    for the "namingcontexts" attribute.
    Here is a quick snip of how to get the searchbase our of the root dse
    information :
    <--- START SNIP
    int get_namingcontext( LDAP *ld ){
    	LDAPMessage *ldmsg;
    	LDAPMessage *msg_tmp;
    	BerElement *ber;
    	int proto_ver;
    	int i;
    	char *szattr;
    	char **szvalues;
    	char *attr[2];
    	int GOOD = TRUE;
    	attr[0] = "namingcontexts";		// all we want is the namingcontext
    	attr[1] = NULL;
    	// forcing ldap protocol version 3
    	proto_ver = LDAP_VERSION3;
    	if( ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &proto_ver) !=
    		ldap_perror(ld, "ldap_set_option : ldap version");
    		return FALSE;
    	if( ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) !=
    		ldap_perror(ld, "ldap_set_option : referrals option");
    		return FALSE;
    	if( ldap_search_s(ld, "", LDAP_SCOPE_BASE, "(objectclass=*)", attr, 0,
    &ldmsg) != LDAP_SUCCESS ){
    		ldap_perror(ld, "ldap_search_s");
    		return FALSE;
    	// now process the information in ldmsg
    	// ....
    <------- END SNIP
    Another thing to consider is the security of the implementation. I've only
    had the change to check security of Netscape Directory server and I was
    quite shock at the file ACL ( specially on NT systems ). There is many ways
    of elevating privilege if a user get any kind of access to the LDAP Server
    file system
    ( Check attachement and for full ACL
    listing ). Having everyone RW access to all the most of the files under NT
    is very dangerous. A user can replace a binary and when the server admin
    runs it you can take control over the system.
    Another nice thing in Netscape Directory server is it's ability to run Perl
    code when nsexecref attribute is specified
    Example :
    dn: cn=UpdateGateway, cn=Operation, cn=Tasks, cn=slapd-ldap, cn=Netscape
    Directory Server, cn=Server Group,,,
    nsexecref: perl?updatedsgw	<---- actually
    objectclass: top
    objectclass: nstask
    objectclass: nsAdminObject
    cn: UpdateGateway
    You can have alot of fun with this once you gain a decent access to the
    Anyone as more information on the subject. I did all of this a while ago.
    -----Original Message-----
    From: Andrey Gordienko [mailto:redat_private]
    Sent: Friday, August 03, 2001 10:56 AM
    To: sachaat_private
    Hello sacha,
      I use your ldapminer I know have send request for get info of server
      (your firts request) but I dont know request for get users
      please if you can tell me format of request for get users
    Best regards,
      Do you need in security ?
      download now ShadowSecurityScanner and
      ShadowEnterpriseWebFirewall from
     Andrey                          mailto:redat_private
                                        ICQ   53652588
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 15:17:06 PDT