LDAP Enumeration

What is LDAP?

The Lightweight Directory Access Protocol is a protocol used to access directory listings within Active Directory or from other Directory Services.  A directory is usually compiled in an hierarchical and logical format, rather like the levels of management and employees in a company.  LDAP tends to be be tied into the Domain Name System to allow integrated quick lookups and fast resolution of queries.

LDAP generally runs on port 389 and like other protocols tends to usually conforms to a distinct set of rules (RFC's).

It is possible to query the LDAP service, sometimes anonymously to determine a great deal of information that could glean the tester, valid usernames, addresses, departmental details that could be utilised in a brute force or social engineering attack.

A more detailed explanation and links to associated documentation and RFC's etc. can be found here.

Hopefully the tools I have reviewed will go some way to help you enumerate any LDAP servers you find.