Peter,
The weakness of any ldap system is the acl's.
Most acl's for ldap system are complicated enough
that many people give to much privledge in the hope
of getting things working. You will need to determine
what users have valid accounts on the ldap system
for administrative access. The default account for
openldap is "cn=Manager,dc=example,dc=com" and
password is secret. I would imagine most folks
change the password and dc=example,dc=com but leave
manager as the cn.
See http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control
for detailed info on openldaps acl system.
A brute force password attack could work easily against
the server since there are no delays built into the protocol/server
as far as I am aware. The attack would obviously be logged.
Once you can bind as any authenticated user you should
investigate what your acl privlages are. You might find
that you can do things you shouldnt be able to as a normal
user.
Mike
On Wed, 1 Aug 2001, Peter Raven wrote:
> Hi there,
>
> does anyone have good starting points for pen-testing an LDAP directory
> server? I'm looking for a threat analyses, security checklists, tools
> and personal experiences especially on the LDAP service; not on the
> operating system.
>
> Thanks and greetings
> Peter
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 02 2001
Intro
