LDAP
OSI Protocols
https://www.itu.int/itu-t/recommendations/rec.aspx?rec=X.500
X.500 1984 – 1994
http://sec.cs.kent.ac.uk/x500book/ by D W Chadwick (Weird and Wonderful, Paradise/Cosine)
ASN.1 Type Length Value
X.500 Directory Access Protocol
(famous for X.509v3)
IETF
RFC4510 Technical Specification Road Map
RFC4511 LDAP: Directory Information Models
RFC4512 The Protocol
RFC4513 Authentication Methods and Security Mechanisms
RFC4514 String Representation of Distinguished Names
RFC4515 String Representation of Search Filters
RFC4516 Uniform Resource Locator
RFC4517 Syntaxes and Matching Rules
RFC4518 Internationalized String Preparation
RFC4519 Schema for User Applications
RFC4524 COSINE LDAP/X.500 Schema
Kurt D Zeilenga, LDAP RFC author and creator of OpenLDAP
https://www.zytrax.com/books/ldap/
https://ldapwiki.com/wiki/RootDSE
Schema, object tree
namingContext
RootDSE
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -s base -b "" (objectclass=*) ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -s base -b "" objectclass="*" namingContexts
objectClass=top
ldapsearch -h hostname -b "" -s base "(objectclass=*)"
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config ldapmodify -Y EXTERNAL -H ldapi:/// -b cn=config -f loglevel.ldap ldapmodify -Y EXTERNAL -H ldapi:/// -f loglevel.ldap ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcLogLevel
Active Directory
autorid / rid => rfc2307 unix profile in ldap
LDAP Authentication
With the LDAP bind operation, or password hash comparison
Active Directory (Microsoft Schema)
Microsoft Windows 2000, (and subsequent Server 2003, 2008, 2012, 2016, 2019, 2022, 2025)
Azure AD Authentication Fundamentals
echo %logonserver%
nslookup -t srv _ldap._tcp.dc._msdcs.islief.com
nslookup _msdcs.islief.com
nltest /dclist:ISLIEF
Import-Module ActiveDirectory
(Get-ADDomainController -DomainName islief.com -Discover -NextClosestSite).HostName
gpresult /v