Ldap
Namespace: ldap
Table of contents
Classes
Interfaces
Variables
- FilterAccountDisabled
- FilterAccountEnabled
- FilterCanSendEncryptedPassword
- FilterDontExpirePassword
- FilterDontRequirePreauth
- FilterHasServicePrincipalName
- FilterHomedirRequired
- FilterInterdomainTrustAccount
- FilterIsAdmin
- FilterIsComputer
- FilterIsDuplicateAccount
- FilterIsGroup
- FilterIsNormalAccount
- FilterIsPerson
- FilterLockout
- FilterLogonScript
- FilterMnsLogonAccount
- FilterNotDelegated
- FilterPartialSecretsAccount
- FilterPasswordCantChange
- FilterPasswordExpired
- FilterPasswordNotRequired
- FilterServerTrustAccount
- FilterSmartCardRequired
- FilterTrustedForDelegation
- FilterTrustedToAuthForDelegation
- FilterUseDesKeyOnly
- FilterWorkstationTrustAccount
Functions
Variables
FilterAccountDisabled
• Const
FilterAccountDisabled: "(userAccountControl:1.2.840.113556.1.4.803:=2)"
The user account is disabled.
Defined in
ldap.ts:4
FilterAccountEnabled
• Const
FilterAccountEnabled: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
The user account is enabled.
Defined in
ldap.ts:7
FilterCanSendEncryptedPassword
• Const
FilterCanSendEncryptedPassword: "(userAccountControl:1.2.840.113556.1.4.803:=128)"
The user can send an encrypted password.
Defined in
ldap.ts:10
FilterDontExpirePassword
• Const
FilterDontExpirePassword: "(userAccountControl:1.2.840.113556.1.4.803:=65536)"
Represents the password, which should never expire on the account.
Defined in
ldap.ts:13
FilterDontRequirePreauth
• Const
FilterDontRequirePreauth: "(userAccountControl:1.2.840.113556.1.4.803:=4194304)"
This account doesn’t require Kerberos pre-authentication for logging on.
Defined in
ldap.ts:16
FilterHasServicePrincipalName
• Const
FilterHasServicePrincipalName: "(servicePrincipalName=*)"
The object has a service principal name.
Defined in
ldap.ts:19
FilterHomedirRequired
• Const
FilterHomedirRequired: "(userAccountControl:1.2.840.113556.1.4.803:=8)"
The home folder is required.
Defined in
ldap.ts:22
FilterInterdomainTrustAccount
• Const
FilterInterdomainTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=2048)"
It’s a permit to trust an account for a system domain that trusts other domains.
Defined in
ldap.ts:25
FilterIsAdmin
• Const
FilterIsAdmin: "(adminCount=1)"
The object is an admin.
Defined in
ldap.ts:28
FilterIsComputer
• Const
FilterIsComputer: "(objectCategory=computer)"
The object is a computer.
Defined in
ldap.ts:31
FilterIsDuplicateAccount
• Const
FilterIsDuplicateAccount: "(userAccountControl:1.2.840.113556.1.4.803:=256)"
It’s an account for users whose primary account is in another domain.
Defined in
ldap.ts:34
FilterIsGroup
• Const
FilterIsGroup: "(objectCategory=group)"
The object is a group.
Defined in
ldap.ts:37
FilterIsNormalAccount
• Const
FilterIsNormalAccount: "(userAccountControl:1.2.840.113556.1.4.803:=512)"
It’s a default account type that represents a typical user.
Defined in
ldap.ts:40
FilterIsPerson
• Const
FilterIsPerson: "(objectCategory=person)"
The object is a person.
Defined in
ldap.ts:43
FilterLockout
• Const
FilterLockout: "(userAccountControl:1.2.840.113556.1.4.803:=16)"
The user is locked out.
Defined in
ldap.ts:46
FilterLogonScript
• Const
FilterLogonScript: "(userAccountControl:1.2.840.113556.1.4.803:=1)"
The logon script will be run.
Defined in
ldap.ts:49
FilterMnsLogonAccount
• Const
FilterMnsLogonAccount: "(userAccountControl:1.2.840.113556.1.4.803:=131072)"
It’s an MNS logon account.
Defined in
ldap.ts:52
FilterNotDelegated
• Const
FilterNotDelegated: "(userAccountControl:1.2.840.113556.1.4.803:=1048576)"
When this flag is set, the security context of the user isn’t delegated to a service even if the service account is set as trusted for Kerberos delegation.
Defined in
ldap.ts:55
FilterPartialSecretsAccount
• Const
FilterPartialSecretsAccount: "(userAccountControl:1.2.840.113556.1.4.803:=67108864)"
The account is a read-only domain controller (RODC).
Defined in
ldap.ts:58
FilterPasswordCantChange
• Const
FilterPasswordCantChange: "(userAccountControl:1.2.840.113556.1.4.803:=64)"
The user can’t change the password.
Defined in
ldap.ts:61
FilterPasswordExpired
• Const
FilterPasswordExpired: "(userAccountControl:1.2.840.113556.1.4.803:=8388608)"
The user’s password has expired.
Defined in
ldap.ts:64
FilterPasswordNotRequired
• Const
FilterPasswordNotRequired: "(userAccountControl:1.2.840.113556.1.4.803:=32)"
No password is required.
Defined in
ldap.ts:67
FilterServerTrustAccount
• Const
FilterServerTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=8192)"
It’s a computer account for a domain controller that is a member of this domain.
Defined in
ldap.ts:70
FilterSmartCardRequired
• Const
FilterSmartCardRequired: "(userAccountControl:1.2.840.113556.1.4.803:=262144)"
When this flag is set, it forces the user to log on by using a smart card.
Defined in
ldap.ts:73
FilterTrustedForDelegation
• Const
FilterTrustedForDelegation: "(userAccountControl:1.2.840.113556.1.4.803:=524288)"
When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation.
Defined in
ldap.ts:76
FilterTrustedToAuthForDelegation
• Const
FilterTrustedToAuthForDelegation: "(userAccountControl:1.2.840.113556.1.4.803:=16777216)"
The account is enabled for delegation.
Defined in
ldap.ts:79
FilterUseDesKeyOnly
• Const
FilterUseDesKeyOnly: "(userAccountControl:1.2.840.113556.1.4.803:=2097152)"
Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
Defined in
ldap.ts:82
FilterWorkstationTrustAccount
• Const
FilterWorkstationTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=4096)"
It’s a computer account for a computer that is running old Windows builds.
Defined in
ldap.ts:85
Functions
DecodeADTimestamp
▸ DecodeADTimestamp(timestamp
): string
DecodeADTimestamp decodes an Active Directory timestamp
Parameters
Name | Type |
---|---|
timestamp | string |
Returns
string
Example
const ldap = require('nuclei/ldap');
const timestamp = ldap.DecodeADTimestamp('132036744000000000');
log(timestamp);
Defined in
ldap.ts:96
DecodeSID
▸ DecodeSID(s
): string
DecodeSID decodes a SID string
Parameters
Name | Type |
---|---|
s | string |
Returns
string
Example
const ldap = require('nuclei/ldap');
const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013');
log(sid);
Defined in
ldap.ts:111
DecodeZuluTimestamp
▸ DecodeZuluTimestamp(timestamp
): string
DecodeZuluTimestamp decodes a Zulu timestamp
Parameters
Name | Type |
---|---|
timestamp | string |
Returns
string
Example
const ldap = require('nuclei/ldap');
const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z');
log(timestamp);
Defined in
ldap.ts:126
JoinFilters
▸ JoinFilters(filters
): string
JoinFilters joins multiple filters into a single filter
Parameters
Name | Type |
---|---|
filters | any |
Returns
string
Example
const ldap = require('nuclei/ldap');
const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled);
Defined in
ldap.ts:140
NegativeFilter
▸ NegativeFilter(filter
): string
NegativeFilter returns a negative filter for a given filter
Parameters
Name | Type |
---|---|
filter | string |
Returns
string
Example
const ldap = require('nuclei/ldap');
const filter = ldap.NegativeFilter(ldap.FilterIsPerson);
Defined in
ldap.ts:154