NOTE: Specific to EDirectoryNetworkaddress Anomalies EDirectory NetworkAddress
LDAPSearch for a NetworkAddress#Given an IP address of 192.168.1.121, how we can locate the entry in eDirectory that is connected on that address?
This can be performed by:
- 192 = c0
- 168 = a8
- 1 = 01
- 121 = 79
Since we are looking for an IP address type the filter would be: "1#\c0\a8\01\79"
The complete LDAPSearch string and results are shown below.
ldapsearch -h 192.168.1.4 -b ou=butler,ou=people,DC=willeke,DC=com -D cn=admin,ou=administration,dc=willeke,dc=com -W (networkAddress=1#\c0\a8\01\79) networkaddress cn uid version: 1 # # filter: (networkAddress=1#\c0\a8\01\79) # requesting: networkaddress cn uid # # jim,butler,people,willeke,com dn: cn=jim,ou=butler,ou=people,dc=willeke,dc=com uid: w39821 cn: jim networkaddress:: MSPAqAF5 # search result # search: 2 # result: 0 Success # numResponses: 2 # numEntries: 1
The response for the network address is encoded in base64.
Edirectory NetworkAddress#So, you know someone's IP address and you want to determine who they are. Assuming they are logged into eDirectory, you can do an LDAP search to determine who is logged into eDirectory from that address.
NetworkAddress is of the SYN_NET_ADDRESS, "1" means its an IP address; "#" is used by eDirectory to delimit fields of different data types.
So if you are given an IP Address, you would have you would need to do an LDAP search as
So if we only have to worry about IP, and we have the ip address, then we can do searches as:
1# always indicates it is IP. If we take the IP address of 192.168.1.100 and convert each octet to Hex we have: c0 a8 01 64
We can then do a LDAP search using the following:
ldapsearch -h xxx.xxx.xxx.xxx -b ou=people,DC=willeke,DC=com -D cn=jim,ou=butler,ou=people,dc=willeke,dc=com -W networkAddress=1#\C0\A8\01\64) networkaddress Enter LDAP Password: version: 1 NOTE: "\" is an escape character for [Hex]. # # filter: (networkAddress=\31\23\C0\A8\01\64) # requesting: networkaddress # # jim,butler,people,willeke,com dn: cn=jim,ou=butler,ou=people,dc=willeke,dc=com networkaddress:: MSPAqAFk # search result # search: 2 # result: 0 Success # numResponses: 2 # numEntries: 1
If we decode the base64 value it shows up as 31 23 c0 a8 01 64