Standard Port: 389/tcp, 636/tcp
Connectivity Test
ldapsearch -h <ip> -x
Base DN lookup
ldapsearch -h <ip> -x -s base namingcontexts
LDAP Anonymous Query
ldapsearch -h <ip> -x -b '<base DN>' > anonymous.out
Group Enumeration
cat anonymous.out | grep -i 'memberOf'
User Enumeration
ldapsearch -h <ip> -x -b '<base DN>' '(objectClass=person)'
ldapsearch -h <ip> -x -b '<base DN>' '(objectClass=organizationalPerson)'
ldapsearch -h <ip> -x -b '<base DN>' '(objectClass=user)'
ldapsearch -h <ip> -x -b '<base DN>' '(objectClass=<Object Class>)' sAMAccountName | grep sAMAccountName