Hosting a Rogue LDAP Server

Install OpenDLAP
sudo apt-get update && sudo apt-get -y install slapd ldap-utils && sudo systemctl enable slapd

Select No to the Omit OPENLDAP server configuration.
Setup a DNS name
Setup an ORG name
Create Administration password
Use the MDB database backend
Select No to merge and move (next two options)

Downgrade the DLAP server to make it vulnerable. This will ensure that our LDAP server only supports plain and login authentication methods. We will need to create a new ldif file with the following content

#olcSaslSecProps.ldif
dn: cn=config
replace: olcSaslSecProps
olcSaslSecProps: noanonymous,minssf=0,passcred

  • olcSaslSecProps: Specifies the SASL security properties
  • noanonymous: Disables mechanisms that support anonymous login
  • minssf: Specifies the minimum acceptable security strength with 0, meaning no protection.

Modify the LDAP server using the following command

sudo ldapmodify -Y EXTERNAL -H ldapi:// -f ./olcSaslSecProps.ldif && sudo service slapd restart