Directory Services

This post summarizes some standards and implementations of Directory Services.

List of Directory Services

LDAP


Lightweight Directory Access Protocol (LDAP) is a standard, not an implementation.

A domain is a collection of subjects and objects that share a common security policy, and individual domains can operate separately from other domains.

A trust is established between the domains to create a security bridge and allow users from one domain to access another domain.

Official web

You can find a list of LDAP enumeration tools on this post.

List of Directory Services Implementations

  • Active Directory
  • OpenLDAP

Active Directory

Active Directory is a solution by Microsoft that follows the ITU-T X.500 standard.

Do not confuse with Azure Active Directory.

Active Directory is compatible with LDAP, unlike other Microsoft solutions like Azure Active Directory.

A forest is a collection of AD domains grouped together in a hierarchical structure, sharing a common schema, configuration, and global catalog. This term is exclusive to AD.

Types of trusts within AD:

  • Realm trust: regarding Kerberos realms.
  • Shortcut trust: transitive trust between parts of a domain tree or forest that shortens the trust path.
  • Forest trust: transitive trust between two forest root domains.
  • External trust: non-transitive trust between AD domains in separate forests.

Transitive trust means that the trust path flows as the domain tree is formed.

Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods.

OpenLDAP


OpenLDAP is an open-source implementation of LDAP.

Official web

Identity Products

Identity Products:

  • Azure Active Directory
  • Sailpoint

Azure Active Directory

Azure Active Directory, also known as Azure AD, does not use Kerberos authentication; instead, it uses HTTP and HTTPS protocols such as SAML, WS-Federation, and Open ID Connect for authentication.

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *