Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

LDAP and LDAP Injection/Prevention

Lightweight Directory Access Protocol

LDAP (Lightweight Directory Access Protocol) is a software protocol that you have to be used in colleges and startup for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.



A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users

My college LDAP:

My college Secured LDAP



Major Operations which can be performed in this protocol

Simple directory entry with several attributes :

 dn: cn=akash sharan, dc=example, dc=com
 objectClass: organizationalStudent
 cn: akash sharan

An LDAP uniform resource identifier (URI) scheme exists, which clients support in varying degrees, and servers return in referrals and continuation references.

LDAP URI syntax :

ldap://host:port/DN?attributes?scope?filter?extensions

ldap://ldap.example.com/cn=akash%20sharan, dc=example, dc=com

host - IP address
DN - is the distinguished name to use as the search base.
for example - cn=John Doe, dc=example, dc=com
Attributes - is a comma-separated list of attributes to retrieve.
Scope specifies the search scope and can be "base" 
(the default), "one" or "sub" classes.
Filter is a search filter.
Extensions are extensions to the LDAP URL format.

LDAP Injection

LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements through techniques similar to SQL Injection.

Normal Operation:

Operation with Code Injection:

LDAP injection examples:
For user search, Following code is responsible to take actions

Insert the username

The LDAP query which will be executing in backend




String ldapSearchQuery = "(cn =" + $userName + ")";
System.out.println(ldapSearchQuery); 





                        







If the variable $userName is not validated, it could be possible to accomplish LDAP injection, as follows:
If a user puts “*” on box search, the system may return all the usernames on the LDAP base. If a user puts “akash) (| (password = * ) )”, it will generate the code below revealing akash’s password ( cn = akash ) ( | (password = * ) ).
Prevention


References
https://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet
https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
http://www.faqs.org/rfcs/rfc2254.html
e comments if you find anything incorrect, or you want to share more information about the topic discussed above.

	

        Article Tags : 
        

            PHP
Web Technologies        


	


      

      

          
Recommended Articles

      

      

          
          
1. Difference and Similarities between PHP and C

          
2. How to remove all the options of a select box and then add one option and select it using JQuery ?

          
3. Print current day and time using HTML and JavaScript

          
4. How to select and upload multiple files with HTML and PHP, using HTTP POST?

          
5. What are the differences and Similarities Between Lumen and Laravel?

          
6. Find the OR and AND of Array elements using JavaScript

          
7. How to create a drag and drop feature for reordering the images using HTML CSS and jQueryUI ?

          
8. How to create X and Y axis flip animation using HTML and CSS ?

          
9. Login and Registration Project Using Flask and MySQL

          
10. Websites and Software that help HTML, CSS And JavaScript Developers

          
11. How to create previous and next button and non-working on end position using JavaScript ?

          
12. How to implement search and filtering in a REST API with Node.js and Express.js ?

          
13. Php Program to Rearrange array such that arr[i] >= arr[j] if i is even and arr[i]<=arr[j] if i is odd and j < i

          
14. Javascript Program to Rearrange array such that arr[i] >= arr[j] if i is even and arr[i]<=arr[j] if i is odd and j < i

          
15. How to make responsive sliding login and registration form using HTML CSS and JavaScript ?

          
16. CRUD Operations and File Upload using Node.js and MongoDB

          
17. How to Build a Simple and Scalable Web API using Nest.js and Typescript ?

          
18. Word and Character Counter using HTML CSS and JavaScript

          
19. Build Dark and Light Color using HSL and Calc functions in CSS

          
20. How to calculate and print bonus and gross using basic salary by JavaScript ?

          
21. Implement a Function that Accept Array and Condition and Returns Boolean Values in JavaScript

          
22. Create a Data Export and Import using HTML CSS and JavaScript

          
23. Javascript Program to Rearrange positive and negative numbers in O(n) time and O(1) extra space

          
24. Php Program to Rearrange positive and negative numbers in O(n) time and O(1) extra space

          
25. Create a Like and Dislike Toggle using HTML and CSS