Install OpenDLAP sudo apt-get update && sudo apt-get -y install slapd ldap-utils && sudo systemctl enable slapd
Select No to the Omit OPENLDAP server configuration.
Setup a DNS name
Setup an ORG name
Create Administration password
Use the MDB database backend
Select No to merge and move (next two options)
Downgrade the DLAP server to make it vulnerable. This will ensure that our LDAP server only supports plain and login authentication methods. We will need to create a new ldif file with the following content
#olcSaslSecProps.ldif dn: cn=config replace: olcSaslSecProps olcSaslSecProps: noanonymous,minssf=0,passcred
- olcSaslSecProps: Specifies the SASL security properties
- noanonymous: Disables mechanisms that support anonymous login
- minssf: Specifies the minimum acceptable security strength with 0, meaning no protection.
Modify the LDAP server using the following command
sudo ldapmodify -Y EXTERNAL -H ldapi:// -f ./olcSaslSecProps.ldif && sudo service slapd restart