Ldap Commands Cheat Sheet

  



Table of Contents

LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements through techniques similar to SQL Injection. Updated March 26th, 2021 This blog post has been updated based on some tools and techniques from Offensive Security’s PEN-300 course (for the accompanying OSEP certification). Notable changes have been made in the sections on delegation, inter-forest exploitation, and lateral movement through MSSQL servers. Some other changes and clarifications have been made throughout the post. Example for a LDAP Query in commandline-programm: ldapsearch -h ldap.acme.com -p 389 -s sub -D 'cn=Directory Manager,o=acme' -W -b 'ou=personen,o=acme' '(&(mail=joe )(c=germany))' mail. It is not a problem for me to adjust such a query to my needs, but none of the common help pages tells you how to make the ldap commands work.

Ldap

Running ldapadd or ldapmodify and using the rootdn configured inslapd.conf:

Sheet

Assumes rootdn is defined something like this:

  1. Example for a LDAP Query in commandline-programm: ldapsearch -h ldap.acme.com -p 389 -s sub -D 'cn=Directory Manager,o=acme' -W -b 'ou=personen,o=acme' ' (& (mail=joe) (c=germany))' mail. It is not a problem for me to adjust such a query to my needs, but none of the common help pages tells you how to make the ldap commands work.
  2. Isilon OneFS CLI Command Reference 8.2.1 Initial publication: September, 2019; Updated: June 2020.
Tool

where the encrypted password was created with slappasswd.

Running ldapsearch using simple authentication and the rootdn. (Passwordswon’t show up in the result unless bind is done this way.)

Prompt for password:

Specifying password on command line:

Make sure SASL stuff is in config. See sample slapd.conf, below. Then,run this command:

Easiest way is via LDIF, in a field. e.g.,

userPassword field defines the password.

Ldap Commands Cheat Sheet Excel

Must also configure slapd to look there. See “access to attr=userPassword”in sample config, below.

Powershell Ldap Commands

Sample /etc/openldap/slapd.conf: