Overview #
Although RCF 3045
provides a methodology to determine the vendorName and vendorVersion of the LDAP server from the RootDSE Example, many LDAP Server Implementations do not provide this information.
There are also the supportedLDAPVersion attributes which will show you which protocol version of LDAP the LDAP Server Implementation supports. Generally, if the server ONLY shows supportedLDAPVersion=2, do not even try to use modern LDAP tools as most will have issues, in other words, upgrade to a LDAP Server Implementation that supports supportedLDAPVersion=3.
supportedLDAPVersion: 2 supportedLDAPVersion: 3
Each LDAP Server Implementation, unfortunately, has its own characteristics that clearly separate it from others. To find out its type, use any available LDAP search tool and START with the following parameters:
ldapsearch -LLL -h ipaddress -b "" -s base -D cn=admin,....,dc=com -W "(objectclass=*)" vendorname vendorversion isGlobalCatalogReady
This will at least show you if the LDAP Server Implementation supports vendorName and vendorVersion and if the isGlobalCatalogReady returns true you know this is Microsoft Active Directory.
Now you can use the following information to search for the and hopefully determine the specifics.
UnboundID#
vendorName: UnboundID Corp. vendorVersion: UnboundID Directory Server 4.1.0.6
Active Directory#
Microsoft Active Directory does not provide the vendorVersion or VendorName in the rootDSE.We typically check the RootDSEto determine if there is a value for "forestFunctionality" and if there is we assume it is Microsoft Active Directory.
For the version, you then need to determine which version of which object you are trying to determine.
- operatingSystem - Each Domain Controller entry will have a operatingSystem attribute which shows the OS Version on that DC
- forestFunctionality - The RootDSE will have the forestFunctionality attribute as an integer which related the Active Directory Functional Levels
- domainFunctionality - The RootDSE will have the domainFunctionality attribute as an integer which related the Active Directory Functional Levels
To find all Domain Controllers and their versions, use this SearchRequest:
(&(&(&(&(samAccountType=805306369)(primaryGroupId=516))(objectCategory=computer)(operatingSystem=*))))For more information on versions of Active Directory Functional Levels
EDirectory#
EDirectory provides a couple of more detailed results beyond vendorName and VendorVersion in the dsRevision and Version AttributeTypes located on the NcpServer LDAP EntryvendorName: Novell, Inc. vendorVersion: LDAP Agent for Novell eDirectory 8.8 SP7 (20705.00)You can obtain more specific information using a query similar to:
ldapsearch -H ldap://serverip:389 -ZZ -x -D "cn=admin,...,dc=com" -W -b "dc=com" -s sub "(objectClass=ncpServer)" "dsRevision" "Version" "objectClass"
Will return results similar to:
{{{
dsRevision: 2070500
Version: eDirectory for Linux x86_64 v8.8 SP7 [DS]
NetScape#
vendorname=Netscape Communications Corp. vendorversion=Netscape-Directory/6.11 B2002.281.0853
Sun One Directory: Attribute vendorVersion will contain the term "Sun Directory".#
vendorName=Sun Microsystems\, Inc. vendorVersion=Sun Java(TM) System Directory Server/5.2_Patch_6
Oracle Internet Directory#
An older version shows:orcldirectoryversion: OID 10.1.4.3.0
Oracle Unified Directory#
majorVersion: 11 maintenanceVersion: 1 platformVersion: 0 releaseVersion: 2 vendorName: Oracle Corporation vendorVersion: Oracle Unified Directory 11.1.2.1.0
Oracle Virtual Directory#
orcldirectoryversion: OVD 11.1.1.6.0
IBM - Found this one:#
vendorName: [International Business Machines (IBM)] vendorVersion: [6.0]
OpenLDAP#
dn: objectClass: top objectClass: OpenLDAProotDSE
Siemens AG#
Siemens AG DirX Directory V8.0 B 8.1.218 2008:06:14 01:10 32-Bit
