What LDAP query can be used to enumerate all users in a directory

0 votes
I’m trying to list all users within an LDAP directory for an audit, but I’m not sure how to construct an LDAP query for this purpose. Are there any standard LDAP queries that can retrieve user account information or list all user entries in the directory?

If there are specific search filters or base DNs to include in the query to narrow down user results, I’d like some guidance on structuring this type of LDAP search.
Nov 6 in Cyber Security & Ethical Hacking by Anupam
• 5,550 points
46 views

1 answer to this question.

0 votes

Creating an LDAP search query with the appropriate base DN, search scope, and search filter is necessary to enumerate every user in an LDAP directory.

1. Base DN (Distinguished Name)

The Base DN is the point in the directory from which the search begins. To enumerate all users, you'll typically start at the highest point that contains all user accounts. This is often the domain component (DC) for the entire organization in Active Directory or a similar high-level organizational unit (OU) in other LDAP systems.

  • Example for Active Directory: dc=example,dc=com
  • Example for a specific OU in any LDAP system: ou=People,dc=example,dc=com

2. Search Scope

  • Subtree: This scope searches the base object and the entire subtree rooted at the base. Use this to find all users under the base DN, regardless of how deeply nested they are.
  • One Level: Only searches objects immediately under the base DN, not including the base DN itself. Use if you're certain all users are directly under the base DN.
  • Base: Searches only the base DN itself. Not applicable for finding all users unless the directory is extremely flat.

For enumerating all users, use "Subtree".

3. Search Filter

This narrows down the results to only include objects that match the filter. For users, you commonly filter by object classes or attributes indicative of user accounts.

Common Filters for Users:

  • For Active Directory and similar systems: (objectClass=user) or (objectCategory=Person)
  • For systems using POSIX accounts (like OpenLDAP with a POSIX schema): (objectClass=posixAccount)
  • Generic, but less specific (matches more than just users in some schemas): (objectClass=person)

Example LDAP Queries:

For Active Directory (Subtree Scope):

  • Base DN: dc=example,dc=com
  • Scope: Subtree
  • Filter: (objectClass=user)
  • LDAP Query String: ldap://dc=example,dc=com??sub?(objectClass=user)

For OpenLDAP with POSIX Accounts (Subtree Scope):

  • Base DN: dc=example,dc=com
  • Scope: Subtree
  • Filter: (objectClass=posixAccount)
  • LDAP Query String: ldap://dc=example,dc=com??sub?(objectClass=posixAccount)

Using Command Line Tools (e.g., ldapsearch):

If you're executing these queries from the command line using a tool like ldapsearch, the command might look something like this:

ldapsearch -x -H ldap://ldap.example.com -b "dc=example,dc=com" -s sub "(objectClass=user)" *

  • -x specifies simple authentication (use -D and -w for authenticated searches).
  • -H specifies the LDAP server.
  • -b sets the base DN.
  • -s sub sets the scope to subtree.
  • (objectClass=user) is the search filter.
  • * returns all attributes for matching entries (use specific attribute names if you only need a few).
answered Nov 18 by CaLLmeDaDDY
• 6,630 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers

What should be in my resume to get a job in cyber security?

What should be in my resume to ...READ MORE

Oct 14 in Cyber Security & Ethical Hacking by Anupam
• 5,550 points
103 views
0 votes
0 answers

How can PHP be used to create a secure web application to prevent SQL injection?

I’m developing a web application using PHP, ...READ MORE

Oct 17 in Cyber Security & Ethical Hacking by Anupam
• 5,550 points
73 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,630 points
114 views
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
0 votes
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP