Scribd
Upload
93 views

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol (LDAP) is used to access directory services like OpenLDAP, Active Directory, and Novell eDirectory. LDAP was originally developed as a simple access protocol for X.500 databases and uses TCP or UDP as its transport protocol on port 389, though it can also be tunneled through SSL/TLS. The LDAP dissector in Wireshark fully parses LDAP traffic and there are example capture files showing LDAP controls and GSSAPI-KRB5 signed and sealed LDAP packets.

Uploaded by

Dayakar Merugu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
93 views

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol (LDAP) is used to access directory services like OpenLDAP, Active Directory, and Novell eDirectory. LDAP was originally developed as a simple access protocol for X.500 databases and uses TCP or UDP as its transport protocol on port 389, though it can also be tunneled through SSL/TLS. The LDAP dissector in Wireshark fully parses LDAP traffic and there are example capture files showing LDAP controls and GSSAPI-KRB5 signed and sealed LDAP packets.

Uploaded by

Dayakar Merugu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

LDAP - The Wireshark Wiki Page 1 of 2

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol: The protocol accessing data from directory services like
OpenLDAP, Microsoft Active Directory, Netscape Directory Server or Novell eDirectory.

History

LDAP was developed as simple access protocol for X.500 databases.

Protocol dependencies

• TCP/UDP: Typically, LDAP uses TCP or UDP (aka CLDAP) as its transport protocol. The well
known TCP and UDP port for LDAP traffic is 389.
• SSL/TLS: LDAP can also be tunneled through SSL/TLS encrypted connections. The well known TCP
port for SSL is 636 while TLS is negotiated within a plain TCP connection on port 389.

Example traffic

TODO: - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The LDAP dissector is (fully functional).

Preference Settings

TODO: - Add links to preference settings affecting how LDAP is dissected.

Example capture file

SampleCaptures/ldap-controls-dirsync-01.cap Sample LDAP PDU with DIRSYNC CONTROLS

SampleCaptures/ldap-krb5-sign-seal-01.cap Sample GSSAPI-KRB5 signed and sealed LDAP PDU

Display Filter

A complete list of LDAP display filter fields can be found in the LDAP display filter reference

Show only the LDAP based traffic:

ldap

Capture Filter

You cannot directly filter LDAP protocols while capturing. However, if you know the TCP port used (see
above), you can filter on that one.

Capture LDAP traffic over the default port (389):

tcp port 389

External links

• LDAPv2 - RFC 1777


• LDAPv3 - RFC 2251
• LDAPv3 current - RFC 4510 and following
• Additional links can be found here: http://www.mozilla.org/directory/standards.html

Discussion

https://wiki.wireshark.org/LDAP?action=print 5/9/2018
LDAP - The Wireshark Wiki Page 2 of 2

LDAP (last edited 2013-05-30 16:06:57 by SakeBlok)

https://wiki.wireshark.org/LDAP?action=print 5/9/2018

You might also like