The Lightweight Directory Access Protocol (LDAP) is used to interact with and organize databases. LDAP is very widely used because it is an open standard that a number of vendors use in their own products—in many cases a directory service like Microsoft’s Active Directory. Keep in mind that you may have other services interacting with LDAP, and thus information may be disclosed to other parties without your approval.
If you kept good notes during your scanning process, you may remember having come across port 389 being open. If you did find this port open on your scan, you may have just found a target of interest. This port is associated with LDAP, in which case you may have hit pay dirt, with the target system being a directory server or something equally as important.
A directory is a database, but the data is organized in a hierarchical or logical format. Another way of looking at this design is to think of the organization of data much like the files and folders on a hard drive. To make this data easier and more efficient to access, you can use DNS alongside the service to speed up queries.
Directory services that make use of LDAP include these:
- Active Directory
- Novell eDirectory
- Open Directory
- Oracle iPlanet
Tools that allow for the enumeration of LDAP-enabled systems and services include the following:
- LDAP Admin Tool
- LDAP Account Manager
- LEX (The LDAP Explorer)
- Active Directory Explorer
- LDAP Administration Tool
- LDAP Search
- Active Directory Domain Services Management Pack
- LDAP Browser/Editor
- Nmap (using an NSE script)