LDAP Credentials
#
Description#
General- Documentation: https://tools.ietf.org/html/rfc2251
- Summary: LDAP stands for Lightweight Directory Access Protocol. It is a protocol used when accessing directory information services. It is useful when fast retrieval of data is needed, and to query databases where users perform a lot of queries and only few updates to the database, typically login information.
- IPs allowlist: This can be implemented on the server side.
- Scopes: Credentials correspond to the concerned user's range of permission.
#
Revoke the secretDatabase administrators can revoke an entry in the directory.
#
Check for suspicious activityLogs can be kept on the server.
Ldap credentials assignment
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 2.52
Prefixed: False
PreValidators:
- type: ContentWhitelistPreValidator patterns: - ldap- type: ContentWhitelistPreValidator patterns: - email - user - dn - uid- type: ContentWhitelistPreValidator patterns: - pass - pwd - cred
#
Examples- text: | ldap_uri = ldaps://company.beta.com ldap_bind_dn = a_ldap_user_01@company.beta.com ldap_pass = "k%udk423u4%P8=H_" host: company.beta.com username: a_ldap_user_01@company.beta.com password: k%udk423u4%P8=H_
- text: | ldap_server = ldaps://company.beta.com ldap_user = a_ldap_user_01 ldap_pwd = "k%udk423u4%P8=H_" host: company.beta.com username: a_ldap_user_01 password: k%udk423u4%P8=H_
- text: | ldap_server = ldaps://company.beta.com:389 ldap_user = a_ldap_user_01 ldap_pwd = "k%udk423u4%P8=H_" host: company.beta.com:389 username: a_ldap_user_01 password: k%udk423u4%P8=H_
- text: | ldap_server = 124.36.78.214:389 ldap_user = a_ldap_user_01 ldap_pwd = "k%udk423u4%P8=H_" host: 124.36.78.214:389 username: a_ldap_user_01 password: k%udk423u4%P8=H_
Ldap credentials assignment with dn
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: very rare
Prefixed: False
PreValidators:
- type: ContentWhitelistPreValidator patterns: - ldap- type: ContentWhitelistPreValidator patterns: - (dn|dc|ou|cn|o|uid)=- type: ContentWhitelistPreValidator patterns: - pass - pwd? - cred
#
Examples- text: | ldaps://company.beta.com cn=somedev,ou=company,dc=beta,dc=com pwd = "k%udk423u4%P8=H_" host: company.beta.com username: cn=somedev,ou=company,dc=beta,dc=com password: k%udk423u4%P8=H_
- text: | ldaps://company.beta.com:389 cn=somedev,ou=company,dc=beta,dc=com pwd = "k%udk423u4%P8=H_" host: company.beta.com:389 username: cn=somedev,ou=company,dc=beta,dc=com password: k%udk423u4%P8=H_