🦑 Next> Carding Tutorials

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Crading Tutorials by Underc0de :

> The evolution of security systems


🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) In the first popular bank cards, all information was stored on a magnetic strip, and most of it was not encrypted in any way, including the account number, name of the issuing bank and data on the parameters of the available credit limit.

2) The PIN code of the card was also stored on the same strip, with which the cardholder could log in to banking services and cash out funds, but in an encrypted form.

3) It is worth noting that, as conceived by the creators of this security system, the owner does not need a PIN code to make purchases - just pass the card through the reader. This was supposed to make the use of the card convenient for the owner, but gave rise to a hacking method that for decades has allowed fraudsters to stay afloat.

4) Most modern banks have already abandoned these types of cards, but they, albeit in small quantities, continue to be used.

> To steal funds from such a card, you only need to steal data from the magnetic strip.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Methode 1> Protect yourself from it

>1) attackers use a special device - a skimmer to completely copy data from a bank card, and then make a full copy of it. After that, the fraudster usually tries to take possession of money as soon as possible - he makes a number of expensive purchases and sells goods for cash.

2) Currently, bank cards use a more modern security system - a chip. It, unlike a magnetic strip, is sewn into a plastic card and stores almost all information about the owner in encrypted form.

3) The exception is the card number, several recent transactions and other information that is determined by the issuing bank and the payment system. At the same time, customer data is not transmitted directly through the terminal - instead, a specially generated code is sent, which is checked in the bank database.

4) this protection is not absolutely safe. For example, in France, a group of hackers was able to steal more than $ 680 thousand, bypassing a similar protection system. Specialists from École Normale Supérieure (Higher Normal School) had to conduct a whole study to find out how hackers managed to carry out the theft.
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Bin

> Dropbox

Bin: 489504xxxxxxxxxx
Date: 02/24
IP: USA
zip: 40018

🦑EBAY BIN

434256403xxxxxxx

468451005665xxxx
01-21
137

542432147777xxxx
|05|
2022

516737100287xxxx 05/21

IP: Estados unidos

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Good Proxies :

177.66.195.82:4145 185.189.208.177:51693 103.247.13.129:4145 31.171.71.74:4145 85.187.255.6:4145 92.255.178.64:4145 177.11.245.17:4145 177.86.159.92:61316 95.179.158.90:32204 50.247.72.33:54321 103.112.129.82:1080 138.59.233.46:10801 50.253.49.189:54321 188.242.224.144:42622 85.206.57.202:4145 181.113.25.106:55137 123.108.249.82:58853 140.82.59.139:31125 221.120.98.49:44553 117.254.60.67:4145 196.3.98.109:14888 203.160.59.153:38631 181.113.25.146:41944 89.208.176.12:4145 178.79.46.5:39046 134.209.189.228:9999 177.84.115.89:4145 103.41.147.152:42867 103.247.100.154:4145 168.121.137.64:10801 168.227.212.129:4145 190.184.144.146:43806 177.66.89.50:63253 41.223.234.74:4145 178.215.170.83:7070 190.214.55.218:30662 109.160.97.49:4145 88.87.81.217:61407 217.30.73.152:40546 103.197.48.49:8291 36.66.151.189:41838 36.66.116.7:41185 195.20.102.248:53423 103.67.16.221:4153 45.77.55.103:32444 50.251.183.1:32100 113.11.136.28:4145 202.40.186.226:32324 93.191.14.103:9999 116.90.237.106:39992 177.67.242.222:4145 103.14.251.144:34432 80.78.64.70:4145 202.84.35.134:48538 138.255.14.6:63253 103.108.128.178:4153 194.177.31.138:40761 200.195.26.66:4145 189.50.11.198:33555 177.23.104.38:40760 103.75.100.241:4145 117.252.69.153:44550 179.49.59.227:10801 203.188.252.239:43393 181.16.136.40:45827 180.250.196.178:4145 45.77.138.197:31762 177.190.170.11:60120 189.105.30.246:4145 110.74.193.108:55762 103.255.73.10:61990 103.206.253.58:53934 188.235.107.77:59891 93.87.9.66:3629 45.164.88.2:4145 89.250.149.114:59599 90.188.40.74:4145 173.199.70.238:32002 209.250.249.214:31443 199.247.28.53:32244 173.199.71.126:32762 177.10.144.22:1080 103.211.152.242:51039 179.99.246.216:4145 110.232.74.13:47094 37.26.86.118:31826 109.251.76.229:4145 88.119.136.221:55616 79.101.63.194:4145 109.69.4.148:4145 178.151.143.112:56264 195.110.53.148:4153 200.233.220.166:43801 217.13.222.129:4145 103.76.243.186:4145 177.38.166.7:4145 177.220.170.34:4145 180.245.36.191:4145 80.78.73.222:4145 45.63.43.205:33524 181.209.82.154:14888 138.255.14.15:63253 143.208.146.246:55909 41.60.232.194:59341 45.7.133.174:4145 82.114.86.91:44358 85.92.183.37:4145 202.191.121.66:4145 110.232.249.159:4145 45.64.134.34:45984 95.65.69.139:1080 31.135.125.253:4145 196.61.14.7:39979 103.85.163.138:40679 103.245.19.73:42204 103.54.30.94:43657 103.239.255.170:58733 103.200.40.194:4145 45.63.41.113:32002 119.42.118.175:4145 137.59.161.226:33716 80.168.155.141:61650 124.41.240.66:59534 45.114.72.27:44550 103.113.229.202:4145 81.33.4.214:49311 178.69.12.30:50893 103.8.58.5:49587 118.175.207.240:4145 177.129.136.173:63253 181.114.33.22:4145 103.26.245.190:34836 196.250.0.207:4145 179.108.137.82:4145 181.112.62.122:40372 37.192.194.50:35437 31.209.96.173:51688 79.164.176.68:4145 77.93.248.67:4145 177.74.118.5:39593 203.83.162.70:13629 82.198.187.83:4145 181.129.74.58:41760 202.152.135.241:4145 178.16.138.198:4145 185.188.218.14:4145 109.175.29.7:51372 116.199.172.210:59311 160.238.163.18:4145 176.36.89.203:60155 31.129.175.214:54512 191.37.147.210:4145 189.45.42.150:40063 212.107.232.45:4145 103.37.82.118:36500 190.90.7.130:10801 103.113.104.136:1080 117.206.83.122:44550 168.90.91.22:4145 138.68.41.90:1080 109.160.55.202:4145 91.122.193.80:4145 93.42.192.110:34145 158.58.133.15:30992 185.253.74.206:1080 103.68.1.46:34285 103.242.14.8:37318 182.163.102.150:4145 186.226.170.240:8291 45.55.27.15:1080 45.55.27.161:1080 116.206.153.2:40428 185.51.92.108:51327 94.100.220.20:40543 117.102.77.204:4145 80.245.115.97:4145 43.245.140.190:4153 94.230.134.77:52425 191.102.250.145:4145 94.127.144.179:37302 87.120.179.74:4145 220.135.2.247:59171 199.247.28.82:31165 45.63.116.11:33926

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK CC FROM ZEUS TORGAN-DETAILS
t.me/UndercOdeTesting

1) Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows.

2) While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. It is also used to install the CryptoLocker ransomware.

3) Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation,

> it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek.

4) Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected(powered by wiki-posted on underc0de

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

> leaked tool

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Linux tool script>. chinia script
Linux daily life, coding
T.me/UndercOdeTesting

PS: This script is only used for Debian, Kali,Linux Mint Please write your own for other distributions.

> Small ps: If you have good suggestions (or applications and terminal tools), or use some places that you do not understand, you are welcome to join the community QQ group exchange;
use:

1) git clone https://github.com/YGoldking/DailyLinux.git

2) cd DailyLinux/

3) chmod +x install.sh

4) ./install.sh

5) Update this script to run:./upgrade.sh

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Intranet penetration using SSH reverse tunnel
instagram.com/UndercOdeTestingCompany

1) No matter it is infiltration or in the open air, intranet penetration is an important link. We and our assigned intranet IP cannot be accessed through the extranet, so this article will show you how to use Linux. SSH reverse tunnel for intranet penetration.

2) Suppose machines A and B, A has a public IP, and B is behind NAT and has no available port forwarding.

3) Now I want to initiate an SSH connection to B from A. Because B is behind the NAT, there is no such combination of public IP + port available , so A cannot penetrate NAT. This article deals with this situation. Also encountered by most people.

🦑 Let's first assume the following machines:

Machine code Machine position address Account ssh / sshd port Do you need to run sshd
A Public network a.site usera twenty two Yes
B Behind NAT localhost userb twenty two Yes
C Behind NAT localhost userc twenty two no
SSH direction tunnel connection

4) This method refers to the active establishment of an SSH tunnel from B to A, which forwards port 6766 of A to port B. As long as the tunnel is not closed, this forwarding is effective. You only need to access A's 6766 port to connect to B in reverse.

5) First establish an SSH tunnel on B, and forward port 6676 of A to port 22 of B:


> B $ ssh -p 22 -qngfNTR 6766: localhost: 22 usera@a.site
Then use 6766 reverse SSH to B on A



> A $ ssh -p 6766 userb @ localhost
The thing to do is actually that simple.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Maintenance of the tunnel

> Stability maintenance

1) Unfortunately, the SSH connection will be closed overtime. If the connection is closed and the tunnel cannot be maintained, then A cannot use the reverse tunnel to penetrate B's NAT.

2) Therefore, we need a solution to provide a stable SSH To the tunnel.

3) One of the easiest methods is autossh. This software will automatically establish an SSH tunnel after a timeout. This solves the problem of tunnel stability. If you use Arch Linux, you can get it like this:

> $ sudo pacman -S autossh


4) Let's do something similar on B before, except that the tunnel will be maintained by autossh:

> B $ autossh -p 22 -M 6777 -NR 6766: localhost: 22 usera@a.site

5) The port specified by the -M parameter is used to monitor the status of the tunnel and has nothing to do with port forwarding.

> Then you can access B on port 6766 on A:

> A $ ssh -p 6766 user @ localhost

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 UDP hole punching, that is, through a machine on the public network, two machines that are respectively behind each NAT can establish SSH connections.
T.me/UndercOdeTesting

1) Here's how to use SSH reverse tunnel to connect C to B.

2) First edit the configuration file on A , turn on the switch:sshd/etc/ssh/sshd_configGatewayPorts

> GtaewayPorts yes
Then restart ssh

> A $ sudo systemct1 restart sshd
Then slightly modify the autossh command used on B:

> B $ autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' user@a.site
Then use C's port 6676 to connect to B on C:

> C $ ssh -p 6766 user@a.site

3) So far you have easily penetrated the two layers of NAT

4) Final solution
Combining the previously mentioned, the final solution is as follows:

5) First turn on the GatewayPorts switch of sshd on A and restart sshd.

6) Then create a new user autossh on B. According to the idea of ​​permission minimization, the autossh service handout on B runs as the user autossh to avoid security problems as much as possible:

>B $ sudo useradd -m autossh

> B $ sudo passwd autossh
Then create the SSH key for the autossh user on B and upload it to A:

> B $ su-autossh

> B $ ssh-keygen -t; rsa '-C' autossh @ B '

> B $ ssh-copy-id user@a.site

7) Be careful not to set a password for this key , that is ssh-keygen , do not enter extra characters despite entering all the way when running the command.

8) Then create a service file called with autossh user privileges on B. Write the following text to the file and set the permissions to 644:autossh/lib/systemd/system/autossh.service

1 [Unit]
2 Description = Auto SSH Tunnel
3 After = network-online.target
4 [Service]
5 User = autossh
6 Type = simple
7 ExecStart = / bin / autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' usera@a.site -i /home/autossh/.ssh/id_rsa
8 ExecReload = / bin / kill -HUP $ MAINPID
9 KillMode = process
10 Restart = always
11 [Install]
12 WantedBy = multi-user.target
13 WantedBy = graphical.target
Setting network-online.target on B takes effect:

9) B $ systemctl enable NetworkManager-wait-online
If you use systemd-networkd and you need to restart the service, it should be systemd-networkd-wait-online. Then set the service to start automatically:

> B $ systemctl enable autossh
If you like, you can start it immediately after this:

> B $ systemctl start autossh
Then you can use this reverse tunnel on A to penetrate B's NAT SSH connection to B:

> C $ ssh -p 6766 user @ localhost
Or SSH to C directly through two layers of NAT:

> C $ ssh -p 6766 user@a.site
If you are familiar with ssh, you can use this tunnel to do more things. For example, you can specify dynamic port forwarding when connecting backwards:

> C $ ssh -p 6766 -qngfNTD 7677 user@site.a

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to set up a basic OpenLDAP Server full by Underc 0de
>how to install and set up OpenLDAP centralized within a company's e-mail address book server for client queries. Basically, OpenLDAP is also used in many other areas, like centralized user account authentication servers, but email address book queries are the most commonly used.
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) go to www.openldap.org download the latest openldap package, follow the steps to compile and install, and then click Run:


#tar cvfz openldap-stable-20010524.tgz
#cd openldap-2.0.11
# / the configure.
#Make the depend
#make
#make test
#make install

2) My operating environment is redhat 6.1. If no errors are encountered, the LDAP daemon slapd is installed by default in the directory / usr / local / libexec; the configuration file is in the directory / usr / local / etc / openldap / and put various OpenLDAP tools
ldapadd, ldapdelete, ldapmodify, ldapmodrdn, ldappasswd, ldapsearch in the directory

3) / usr / local / bin, and the runtime database in / usr / local / var / openldap-ldbm.

🦑 Settings

1) Change the configuration file /usr/local/etc/openldap/slapd.conf
and add the following line after the include /usr/local/etc/openldap/schema/core.schema line to include all the schemes.

include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include / usr / local /etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
include /usr/local/etc/openldap/schema/misc.schema
include / usr / local / etc / openldap / schema / nadf.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema

2) "ldbm database definitions" in file slapd.conf Partially change the corresponding
suffix, the rootdn line is as follows

database ldbm
suffix "o = yourdomain, c = us"
rootdn "cn = root, o = yourdomain, c = us"
rootpw secret
directory / usr / local / var / openldap-ldbm

> has a variety of formats you can use, here I use o = yourdomain, c = us to indicate the format of your company domain name and country or region rootdn after installation, the default is cn = Manager, changing to root here is completely your own preference, which is in line with the tradition that root has the highest permissions in Unix / Linux.

3) Now you can start slapd and run / usr / local / libexec / slapd.

You can consider adding / usr / local / bin and / usr / local / libexec to the search path, which is added to the PATH line in
/ etc / profile
:
PATH = "$ PATH: / usr / X11R6 / bin: / usr / local / bin: / usr / local / libexec "
so you only need to type slapd after the next login.

4) Test whether the ldap server is working properly.
Run the following command to check if there is corresponding output.

#ldapsearch -x -b "o = yourdomain, c = us" "(objectclass = *)"


5) Edit the .ldif text file and use ldapadd to add records to the LDAP database.
The content of the file is as follows:

dn: o = yourdomain, c = us
objectclass: dcobject
objectclass: organization
o: yourdomain
dc: yourdomain

DN: CN = jephe Wu, yourdomain = O, C = US
objectClass: inetOrgPerson
CN: Wu jephe
Sn: Wu
mail: jephe_wu@yourdomain.com


...... More Users ......

1) and so on, is added per Personal records enter this file. Note that the object type inetorgperson must have at least cn and sn. Here we use three definitions: cn, sn, and mail. This is sufficient for our email address book function. You can also define things like mobile, homephone, pager ... and so on.

2) Then use the following command to add the above .ldif file into the LDAP database

#ldapadd -x -D "cn = root, o = yourdomain, c = us" -w secret -f
"yourldiffilename"

Note: the first part of the above file " dn: o = yourdomain, c = us "is required, otherwise you cannot add data. Replace "yourdomain" above with your company's domain name.

3) Set Outlook Express to allow LDAP server to query email addresses.

> "Tools / Accounts / Add--Directory Service", fill in your server's IP address or the full domain name of the host, select yes in the next screen to allow the directory service to query the address, and finally check the "Directory Service" column just set Click "Properties / Advanced" for the project and fill in
"o = yourdomain, c = us" in "Search Base " .

4) Netscape Please set the corresponding options based on the information above.

🦑 Four. Common usage problems

1) There is no problem to start slapd, but the database cannot be added. An error occurred when running ldapadd "ldap_bind:
cannot contact LDAP Server".
Answer: The most likely reason is that there is no 127.0.0.1 localhost project in / etc / hosts.

2) Pay attention to the query order: If there is content in the address book of Outlook Express, the address book will be given priority when checking the address. If there is no corresponding record in the local address book, then query the LDAP server.

3) Use the following command to make sure that the client and the LDAP server have communication. Run the following command on the server, and then test the address in the OE. You will get the output of querying the connection process of the LDAP database.

# tcpdump port 389

THAT IT
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 openLDAP Features > ALL
fb.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) OpenLDAP is a cross-platform standard Internet protocol based on the X.500 standard protocol.

2) OpenLDAP provides static data query searches without the need to maintain database information through SQL statements as in relational data.

3) OpenLDAP implements data synchronization between nodes based on a push and pull mechanism, referred to as replication, and provides a security authentication mechanism based on TLS and SASL to implement data encryption transmission and Kerberos password authentication functions.

4) OpenLDAP can implement load (LVS, HAProxy) and high-availability solutions based on third-party open source software, and provides authentication services such as Headbeat, Corosync, Keepalived, etc. 24 hours.

5) OpenLDAP data elements use simple text strings (referred to as LDIF files) instead of special characters to facilitate the maintenance and management of directory tree entries.

6) OpenLDAP can implement centralized authentication and management of users. All account changes need only be operated directly on the OpenLDAP server, without having to operate on each client. The scope of influence is global.

7) OpenLDAP uses a simple protocol by default, such as supporting the TCP / IP protocol to transfer entry data. By using a lookup operation to read and write directory tree entry information, it is also possible to obtain directory tree entry information in an encrypted manner.

8) OpenLDAP products are applied to major application platforms (Nginx, HTTP, vsftpd, Samba, SVN, Postfix, OpenStack, Hadoop, etc.), servers (HP, IBM, Dell, etc.) and storage (EMC, NetApp, etc.) consoles, and are responsible for account management Authentication function to achieve unified account management.

9) OpenLDAP implementation has the characteristics of low cost, simple configuration, powerful functions, easy management and open source.
OpenLDAP uses ACL (Access Control List) to flexibly control users' access to data, thereby ensuring data security.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Install openLDAP using docker
Installing openLDAP using docker is very simple.
pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Run the following command to quickly set up an openLDAP server:

> docker run -p 389:389 -p 689:689 --name my-openldap-container --detach osixia/openldap:1.2.2

2) Parameter explanation:

-p 389:389 Exposing the container's port 389 to the host's port 389
-p 689:689 Exposing container's port 689 to the host's port 689
--name my-openldap-container Name the docker container 'my-openldap-container'
--detach Background process
osixia/openldap:1.2.2 Image name to run

3) After running the above command, an openLDAP service has been created.

4) Run the following command to test if the service started successfully:

> docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin

5) If you get a return value similar to the following text, the service started successfully.

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

[...]

# numResponses: 3
# numEntries: 2

🦑 openLDAP environment variable

1) By --env ]setting the initial values to start the service openLDAP containers, for example:

> docker run --env LDAP_ORGANISATION="My company" --env LDAP_DOMAIN="my-company.com" \
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.2

2) The common environment variables are as follows:

LDAP_ORGANISATIONname of association. Default is Example Inc.
LDAP_DOMAINLdap domain. Default is example.org
LDAP_BASE_DNLdap base DN. If empty, it is automatically set from the LDAP_DOMAIN value. Default is (empty)
LDAP_ADMIN_PASSWORDLdap administrator password. Default is admin
LDAP_CONFIG_PASSWORDLdap configuration password. Default is config
LDAP_READONLY_USERAdd read-only users. Default is false
LDAP_READONLY_USER_USERNAMERead-only username. Readonly by default
LDAP_READONLY_USER_PASSWORDRead-only user password. Readonly by default

🦑 The environment variables related to TLS are as follows:

LDAP_TLSAdded openldap TLS functionality. Cannot be deleted after set to true. The default is true.
LDAP_TLS_CRT_FILENAMELdap ssl certificate file name. Default is ldap.crt
LDAP_TLS_KEY_FILENAMELdap ssl certificate private key file name. Default is ldap.key
LDAP_TLS_CA_CRT_FILENAMELdap ssl CA certificate file name. Ca.crt by default
LDAP_TLS_ENFORCEEnforce TLS except for ldapi connections. Cannot be disabled after set to true. The default is false.
LDAP_TLS_CIPHER_SUITETLS cipher suite. The default is SECURE256: + SECURE128: -VERS-TLS-ALL: + VERS-TLS1.2: -RSA: -DHE-DSS: -CAMELLIA-128-CBC: -CAMELLIA-256-CBC, based on Red Hat's TLS hardening guide
LDAP_TLS_VERIFY_CLIENTTLS authentication client. Default is demand

🦑 The environment variables related to the copy operation are as follows:

1) LDAP_REPLICATIONAdd openldap replication. The default isfalse
LDAP_REPLICATION_CONFIG_SYNCPROVThe olcSyncRepl option used to configure the database. There are no rids and providers automatically added based on LDAP_REPLICATION_HOSTS. The default isbinddn="cn=admin,cn=config" bindmethod=simple credentials=

> $LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
LDAP_REPLICATION_DB_SYNCPROVOlcSyncRepl option for the database.

2) There are no rids and providers automatically added based on LDAP_REPLICATION_HOSTS. The default is binddn = `` cn = admin,LDAPBASEDN&quot;bindmethod=simplecredentials=LDAP_BASE_DN&quot; bindmethod=simple credentials=L D A P
B
A S E
D
N " b i n d m e t h o d=s i m p l e c r e d e n t i a l s= LDAP_ADMIN_PASSWORD searchbase = ”$ LDAP_BASE_DN" type = refreshAndPersist interval = 00: 00: 00: 10 retry = ”60 +” timeout = 1 starttls = critical

3) LDAP_REPLICATION_HOSTSThe replication host list must contain the current container host name set by –hostname on the docker run command. The default is:
- ldap：//ldap.example.org
- ldap：//ldap2.example.org