Collaborate Disseminate
For some context, I want my api to be able to ‘impersonate’ (or connect as) a user on my ldap database as most of the api’s access controls are on the ldap database and tied to the user you are connected as.
In order to do this I have an i… Continue reading Having a backdoor password for each user to allow impersonation
I’m trying to secure a login endpoint by attempting to bypass the login that uses LDAP.
It employs a search query of “cn=” + username + “, dc=example, dc=com” with a filter of “(objectClass=*)”.
Is an LDAP injection attack possible here … Continue reading Is an LDAP injection possible for a basic search query?
Cloud LDAP-as-a-Service reduces challenges while providing remote, multi-tenant authentication to MSPs. Try it for free to see for yourself.
The post Cloud LDAP for MSPs appeared first on JumpCloud.
The post Cloud LDAP for MSPs appeared first on Securi… Continue reading Cloud LDAP for MSPs
When you’re using unconstrained delegation, a service A is allowed to authenticate as the user B to any other service. This happens because the user B sends its TGS along with its TGT to the service A, and service A can then request other … Continue reading Is kerberos unconstrained delegation partially safer than constrained delegation?
Microsoft is planning to make changes to LDAP security settings in Windows Server. In today’s Ask the Admin, I show you how to audit for unsigned LDAP traffic hitting Windows Server Active Directory.
The post How to Audit LDAP Signing in an Active Directory Domain appeared first on Petri.
Continue reading How to Audit LDAP Signing in an Active Directory Domain
IT admins can enable workflows for on-prem and cloud LDAP apps that are similar to the workflows for SaaS apps that use SAML.
The post SSO for LDAP Apps appeared first on JumpCloud.
The post SSO for LDAP Apps appeared first on Security Boulevard.
Continue reading SSO for LDAP Apps
I was inspecting LDAP packets wit Wireshark today.
When I authenticate with simple bind, I can see the password in plain text and subsequent LDAP requests and responses.
Then I was authenticating with SASL/DIGEST-MD5. I can see the authe… Continue reading Is LDAP encrypted after SASL authentication?
I have an openldap with ppolicy on SSHA-512. When clear text password is sent from client, the password will be stored as SSHA-512, fine.
My problem appears, once already hashed password is send e.g SHA, SSHA, the hashed value is encrypt… Continue reading Openldap re-encrypts already hashed password [migrated]
I’m using LDAP authentication in Django, as shown below and also using password hashers.
from django_auth_ldap.config import PosixGroupType, LDAPSearch
import ldap
PASSWORD_HASHERS = [
‘django.contrib.auth.hashers.PBKDF2PasswordHashe… Continue reading How to apply hashing SHA256 on Django LDAP login? [closed]
Last year, Microsoft announced that it would be making changes to the default LDAP channel binding and signing configuration in Active Directory in the middle of January 2020. But now these changes are being delayed until the second half of 2020 to give organizations more time to prepare.
The post Microsoft Delays LDAP Signing and Channel Binding Changes in Active Directory appeared first on Petri.
Continue reading Microsoft Delays LDAP Signing and Channel Binding Changes in Active Directory