LDAP: Difference between revisions
No edit summary |
No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[File:Osi-protocols.png|thumb]] | |||
=== OSI Protocols === | |||
https://www.itu.int/itu-t/recommendations/rec.aspx?rec=X.500 | |||
X.500 1984 – 1994 | |||
http://sec.cs.kent.ac.uk/x500book/ by D W Chadwick (Weird and Wonderful, Paradise/Cosine) | |||
ASN.1 Type Length Value | |||
X.500 Directory Access Protocol | |||
(famous for X.509v3) | |||
=== IETF === | |||
RFC4510 Technical Specification Road Map | |||
RFC4511 LDAP: Directory Information Models | |||
RFC4512 The Protocol | |||
RFC4513 Authentication Methods and Security Mechanisms | |||
RFC4514 String Representation of Distinguished Names | |||
RFC4515 String Representation of Search Filters | |||
RFC4516 Uniform Resource Locator | |||
RFC4517 Syntaxes and Matching Rules | |||
RFC4518 Internationalized String Preparation | |||
RFC4519 Schema for User Applications | |||
RFC4524 COSINE LDAP/X.500 Schema | |||
Kurt D Zeilenga, LDAP RFC author and creator of OpenLDAP | |||
https://www.openldap.org/ | |||
https://www.zytrax.com/books/ldap/ | https://www.zytrax.com/books/ldap/ | ||
https://ldapwiki.com/wiki/RootDSE | https://ldapwiki.com/wiki/RootDSE | ||
Schema, object tree | |||
namingContext | |||
RootDSE | RootDSE | ||
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -s base -b "" (objectclass=*) | |||
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -s base -b "" objectclass="*" namingContexts | |||
objectClass=top | |||
ldapsearch -h hostname -b "" -s base "(objectclass=*)" | ldapsearch -h hostname -b "" -s base "(objectclass=*)" | ||
| Line 13: | Line 62: | ||
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcLogLevel | ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcLogLevel | ||
=== Active Directory === | |||
autorid / rid => rfc2307 unix profile in ldap | autorid / rid => rfc2307 unix profile in ldap | ||
LDAP Authentication | |||
With the LDAP bind operation, or password hash comparison | |||
Active Directory (Microsoft Schema) | |||
https://learn.microsoft.com/en-us/openspecs/windows_protocols/MS-WINPROTLP/e36c976a-6263-42a8-b119-7a3cc41ddd2a | |||
Microsoft Windows 2000, (and subsequent Server 2003, 2008, 2012, 2016, 2019, 2022, 2025) | |||
https://aka.ms/aaddev | |||
[https://www.youtube.com/playlist?list=PLLasX02E8BPD5vC2XHS_oHaMVmaeHHPLy Azure AD Authentication Fundamentals] | |||
echo %logonserver% | |||
nslookup -t srv _ldap._tcp.dc._msdcs.islief.com | |||
nslookup _msdcs.islief.com | |||
nltest /dclist:ISLIEF | |||
Import-Module ActiveDirectory | |||
(Get-ADDomainController -DomainName islief.com -Discover -NextClosestSite).HostName | |||
gpresult /v | |||
Latest revision as of 08:18, 11 February 2025
OSI Protocols
https://www.itu.int/itu-t/recommendations/rec.aspx?rec=X.500
X.500 1984 – 1994
http://sec.cs.kent.ac.uk/x500book/ by D W Chadwick (Weird and Wonderful, Paradise/Cosine)
ASN.1 Type Length Value
X.500 Directory Access Protocol
(famous for X.509v3)
IETF
RFC4510 Technical Specification Road Map
RFC4511 LDAP: Directory Information Models
RFC4512 The Protocol
RFC4513 Authentication Methods and Security Mechanisms
RFC4514 String Representation of Distinguished Names
RFC4515 String Representation of Search Filters
RFC4516 Uniform Resource Locator
RFC4517 Syntaxes and Matching Rules
RFC4518 Internationalized String Preparation
RFC4519 Schema for User Applications
RFC4524 COSINE LDAP/X.500 Schema
Kurt D Zeilenga, LDAP RFC author and creator of OpenLDAP
https://www.zytrax.com/books/ldap/
https://ldapwiki.com/wiki/RootDSE
Schema, object tree
namingContext
RootDSE
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -s base -b "" (objectclass=*) ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -s base -b "" objectclass="*" namingContexts
objectClass=top
ldapsearch -h hostname -b "" -s base "(objectclass=*)"
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config ldapmodify -Y EXTERNAL -H ldapi:/// -b cn=config -f loglevel.ldap ldapmodify -Y EXTERNAL -H ldapi:/// -f loglevel.ldap ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcLogLevel
Active Directory
autorid / rid => rfc2307 unix profile in ldap
LDAP Authentication
With the LDAP bind operation, or password hash comparison
Active Directory (Microsoft Schema)
Microsoft Windows 2000, (and subsequent Server 2003, 2008, 2012, 2016, 2019, 2022, 2025)
Azure AD Authentication Fundamentals
echo %logonserver%
nslookup -t srv _ldap._tcp.dc._msdcs.islief.com
nslookup _msdcs.islief.com
nltest /dclist:ISLIEF
Import-Module ActiveDirectory
(Get-ADDomainController -DomainName islief.com -Discover -NextClosestSite).HostName
gpresult /v