creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 06:34:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/configuring-ldap-security-hardening/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

40 lines
1.6 KiB
Markdown
Raw Blame History

# LDAP Security Hardening — API Reference
## Libraries
| Library | Install | Purpose |
|---------|---------|---------|
| ldap3 | `pip install ldap3` | LDAP protocol client for security auditing |
## Key ldap3 Methods
| Method | Description |
|--------|-------------|
| `Server(ip, port, use_ssl, tls, get_info=ALL)` | Create LDAP server with TLS config |
| `Connection(server, user, password, authentication=NTLM)` | Authenticated bind |
| `Connection(server, auto_bind=True)` | Anonymous bind test |
| `conn.search(base, filter, attributes)` | Search directory objects |
## LDAP Security Settings (GPO)
| Setting | Registry Path | Recommended Value |
|---------|--------------|-------------------|
| LDAP Signing | `HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity` | 2 (Require) |
| Channel Binding | `HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LdapEnforceChannelBinding` | 2 (Always) |
| Simple Bind | GPO: Network security: LDAP client signing requirements | Require signing |
## Security Checks
| Check | Risk | Severity |
|-------|------|----------|
| Anonymous bind allowed | User/group enumeration | CRITICAL |
| LDAPS not available | Cleartext credential transmission | HIGH |
| LDAP signing not enforced | NTLM relay via LDAP | HIGH |
| Channel binding disabled | Credential relay attacks | MEDIUM |
## External References
- [ldap3 Documentation](https://ldap3.readthedocs.io/)
- [Microsoft LDAP Signing](https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/enable-ldap-signing-in-windows-server)
- [CIS AD Benchmark](https://www.cisecurity.org/benchmark/microsoft_windows_server)
Reference in New Issue View Git Blame Copy Permalink