base/protocols/ldap/main.zeek

LDAP

Namespace:: LDAP
Imports:: base/frameworks/reporter, base/protocols/conn/removal-hooks.zeek, base/protocols/ldap/consts.zeek

Summary

Runtime Options

`LDAP::default_capture_password`: `bool` `&redef`	Whether clear text passwords are captured or not.
`LDAP::default_log_search_attributes`: `bool` `&redef`	Whether to log LDAP search attributes or not.

Redefinable Options

`LDAP::ports_tcp`: `set` `&redef`	TCP ports which should be considered for analysis.
`LDAP::ports_udp`: `set` `&redef`	UDP ports which should be considered for analysis.

Types

`LDAP::MessageInfo`: `record`
`LDAP::SearchInfo`: `record`
`LDAP::State`: `record`

Redefinitions

`Log::ID`: `enum`	`LDAP::LDAP_LOG` `LDAP::LDAP_SEARCH_LOG`
`connection`: `record`	New Fields: `connection` ldap: `LDAP::State` `&optional`
`likely_server_ports`: `set` `&redef`

Events

`LDAP::log_ldap`: `event`
`LDAP::log_ldap_search`: `event`

Hooks

`LDAP::finalize_ldap`: `Conn::RemovalHook`	LDAP finalization hook.
`LDAP::log_policy`: `Log::PolicyHook`	Default logging policy hook for LDAP_LOG.
`LDAP::log_policy_search`: `Log::PolicyHook`	Default logging policy hook for LDAP_SEARCH_LOG.

Detailed Interface

Runtime Options

LDAP::default_capture_password 

Type:: bool
Attributes:: &redef
Default:: F

Whether clear text passwords are captured or not.

LDAP::default_log_search_attributes 

Type:: bool
Attributes:: &redef
Default:: F

Whether to log LDAP search attributes or not.

Redefinable Options

LDAP::ports_tcp 

Type:

Attributes:

Default:

{
   3268/tcp,
   389/tcp
}

TCP ports which should be considered for analysis.

LDAP::ports_udp 

Type:

Attributes:

Default:

{
   389/udp
}

UDP ports which should be considered for analysis.

Types

LDAP::MessageInfo 

Type:

Fields:

ts: time &log

uid: string &log

id: conn_id &log

message_id: int &log &optional

version: int &log &optional

opcode: string &log &optional

result: string &log &optional

diagnostic_message: string &log &optional

object: string &log &optional

argument: string &log &optional

LDAP::SearchInfo 

Type:

Fields:

ts: time &log

uid: string &log

id: conn_id &log

message_id: int &log &optional

scope: string &log &optional

deref_aliases: string &log &optional

base_object: string &log &optional

result_count: count &log &optional

result: string &log &optional

diagnostic_message: string &log &optional

filter: string &log &optional

attributes: vector of string &log &optional

LDAP::State 

Type:

Fields:

messages: table [int] of LDAP::MessageInfo &optional

searches: table [int] of LDAP::SearchInfo &optional

Events

LDAP::log_ldap 

Type:: event (rec: LDAP::MessageInfo)

LDAP::log_ldap_search 

Type:: event (rec: LDAP::SearchInfo)

Hooks

LDAP::finalize_ldap 

Type:: Conn::RemovalHook

LDAP finalization hook.

LDAP::log_policy 

Type:: Log::PolicyHook

Default logging policy hook for LDAP_LOG.

LDAP::log_policy_search 

Type:: Log::PolicyHook

Default logging policy hook for LDAP_SEARCH_LOG.