# Unauthorized Access Vulnerability in LDAP ## Introduction LDAP stands for Lightweight Directory Access Protocol, based on the X.500 standard and supports TCP/IP. LDAP directory is a database and the LDAP server (equivalent to DBMS) handles queries and updates. Data is stored in a tree-like hierarchical structure and is optimized for reading performance compared to relational databases. LDAP is suitable for information with fewer changes and cross-platform. **LDAP Attributes** | Attribute | Full Name | Description | | :---------: | :----------------: | :----------------------------------------------------------------------------------------------------------------------------------------: | | dn | distinguished name | A unique identifier, similar to an absolute path. Each object has a unique identifier. For example: uid=tester,ou=People,dc=example,dc=com | | rdn | relative | A relative identifier, similar to a relative path. For example: uid=tester | | uid | user id | Usually refers to the user login name. For example: uid=tester | | sn | sur name | Usually refers to a person's last name. For example: sn: Su | | giveName | | Usually refers to a person's first name. For example: giveName: Aldwin | | I | | Usually refers to the name of a place. For example: I: Beijing | | objectClass | | objectClass is a special attribute that contains the storage method and related attribute information. | | dc | domain component | Usually refers to a domain name. For example: dc=example,dc=com | | ou | organization unit | Usually refers to the name of an organizational unit. For example: ou=people,dc=example,dc=com | | cn | common name | Usually refers to an object's name. If it's a person, the full name is required. | | c | country | A two-letter country code. For example: CN, US, HK, JP, etc. | ## Environment Setup ``` docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.5.0 ``` ## Vulnerability Reproduction ``` docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin ``` ![image-20230130131836741](/files/WwVyJRhNghAiEvPzwESb) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://icybersec.gitbook.io/cybersecuritynote-en/security-vulnerability/unauthorized-vulnerability/unauthorized-access-vulnerability-in-ldap.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.