Re: LDAP directory

[Archive User <archive () xpedite com>]

Peter,

The weakness of any ldap system is the acl's. 
Most acl's for ldap system are complicated enough 
that many people give to much privledge in the hope
of getting things working. You will need to determine
what users have valid accounts on the ldap system 
for administrative access. The default account for 
openldap is "cn=Manager,dc=example,dc=com" and 
password is secret. I would imagine most folks
change the password and dc=example,dc=com but leave
manager as the cn. 

See http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control

for detailed info on openldaps acl system. 

A brute force password attack could work easily against
the server since there are no delays built into the protocol/server 
as far as I am aware. The attack would obviously be logged. 

Once you can bind as any authenticated user you should 
investigate what your acl privlages are. You might find 
that you can do things you shouldnt be able to as a normal
user. 

Mike

On Wed, 1 Aug 2001, Peter Raven wrote:
> Hi there,
>
> does anyone have good starting points for pen-testing an LDAP directory 
> server? I'm looking for a threat analyses, security checklists, tools
> and personal experiences especially on the LDAP service; not on the
> operating system.
>
> Thanks and greetings
> Peter


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/