LDAP and LDAPS Check Toolkit

/0 Comments/in , /by 

<#
.SYNOPSIS
LDAP and LDAPS Check Toolkit

.DESCRIPTION
This script provides comprehensive checks and tests for LDAP and LDAPS configurations,
including connectivity, security, and certificate validation.

.NOTES
File Name      : LDAPCheckToolkit.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, appropriate permissions
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\LDAPCheckToolkit.ps1
#>

# Import required modules
Import-Module ActiveDirectory

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\LDAP_Check_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"
$global:ldapServer = $env:COMPUTERNAME  # Default to local machine
$global:ldapPort = 389  # Default LDAP port
$global:ldapsPort = 636  # Default LDAPS port

function Show-Menu {
    Clear-Host
    Write-Host "=== LDAP and LDAPS Check Toolkit ===" -ForegroundColor Cyan
    Write-Host "Current LDAP Server: $global:ldapServer"
    Write-Host "1. Set LDAP Server"
    Write-Host "2. Test LDAP Connectivity"
    Write-Host "3. Test LDAPS Connectivity"
    Write-Host "4. Check LDAP Binding"
    Write-Host "5. Verify LDAP SSL Certificate"
    Write-Host "6. Check LDAP Server Capabilities"
    Write-Host "7. Test LDAP Query"
    Write-Host "8. Check LDAP Security Settings"
    Write-Host "9. Analyze LDAP Traffic"
    Write-Host "10. Generate Comprehensive HTML Report"
    Write-Host "11. Exit"
}

function Set-LDAPServer {
    $server = Read-Host "Enter the LDAP server name (or press Enter for localhost)"
    if ([string]::IsNullOrWhiteSpace($server)) {
        $global:ldapServer = $env:COMPUTERNAME
    } else {
        $global:ldapServer = $server
    }
    Write-Host "LDAP server set to: $global:ldapServer" -ForegroundColor Green
}

function Test-LDAPConnectivity {
    Write-Host "`nTesting LDAP Connectivity..." -ForegroundColor Yellow
    try {
        $result = Test-NetConnection -ComputerName $global:ldapServer -Port $global:ldapPort
        if ($result.TcpTestSucceeded) {
            Write-Host "LDAP connectivity test successful." -ForegroundColor Green
        } else {
            Write-Host "LDAP connectivity test failed." -ForegroundColor Red
        }
        return $result
    }
    catch {
        Write-Host "Error testing LDAP connectivity: $_" -ForegroundColor Red
        return $null
    }
}

function Test-LDAPSConnectivity {
    Write-Host "`nTesting LDAPS Connectivity..." -ForegroundColor Yellow
    try {
        $result = Test-NetConnection -ComputerName $global:ldapServer -Port $global:ldapsPort
        if ($result.TcpTestSucceeded) {
            Write-Host "LDAPS connectivity test successful." -ForegroundColor Green
        } else {
            Write-Host "LDAPS connectivity test failed." -ForegroundColor Red
        }
        return $result
    }
    catch {
        Write-Host "Error testing LDAPS connectivity: $_" -ForegroundColor Red
        return $null
    }
}

function Check-LDAPBinding {
    Write-Host "`nChecking LDAP Binding..." -ForegroundColor Yellow
    try {
        $domainDN = (Get-ADDomain).DistinguishedName
        $ldapPath = "LDAP://$global:ldapServer/$domainDN"
        $ldapConnection = New-Object System.DirectoryServices.DirectoryEntry($ldapPath)
        
        if ($ldapConnection.Name -ne $null) {
            Write-Host "LDAP binding successful." -ForegroundColor Green
            $result = @{
                Success = $true
                Path = $ldapPath
                Name = $ldapConnection.Name
            }
        } else {
            Write-Host "LDAP binding failed." -ForegroundColor Red
            $result = @{
                Success = $false
                Path = $ldapPath
                Error = "Unable to bind to LDAP server"
            }
        }
        return $result
    }
    catch {
        Write-Host "Error checking LDAP binding: $_" -ForegroundColor Red
        return @{
            Success = $false
            Path = $ldapPath
            Error = $_.Exception.Message
        }
    }
}

function Verify-LDAPSSLCertificate {
    Write-Host "`nVerifying LDAP SSL Certificate..." -ForegroundColor Yellow
    try {
        $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
        $cert.Import("LDAP://$global:ldapServer`:$global:ldapsPort")
        
        $result = @{
            Subject = $cert.Subject
            Issuer = $cert.Issuer
            ValidFrom = $cert.NotBefore
            ValidTo = $cert.NotAfter
            Thumbprint = $cert.Thumbprint
        }
        
        if ((Get-Date) -gt $cert.NotAfter) {
            Write-Host "SSL Certificate has expired." -ForegroundColor Red
        } else {
            Write-Host "SSL Certificate is valid." -ForegroundColor Green
        }
        
        return $result
    }
    catch {
        Write-Host "Error verifying LDAP SSL Certificate: $_" -ForegroundColor Red
        return $null
    }
}

function Check-LDAPServerCapabilities {
    Write-Host "`nChecking LDAP Server Capabilities..." -ForegroundColor Yellow
    try {
        $rootDSE = [ADSI]"LDAP://$global:ldapServer/RootDSE"
        $capabilities = $rootDSE.supportedCapabilities
        $ldapVersion = $rootDSE.supportedLDAPVersion
        $controls = $rootDSE.supportedControl
        
        $result = @{
            SupportedCapabilities = $capabilities
            SupportedLDAPVersion = $ldapVersion
            SupportedControls = $controls
        }
        
        Write-Host "LDAP Server Capabilities retrieved successfully." -ForegroundColor Green
        return $result
    }
    catch {
        Write-Host "Error checking LDAP Server Capabilities: $_" -ForegroundColor Red
        return $null
    }
}

function Test-LDAPQuery {
    Write-Host "`nTesting LDAP Query..." -ForegroundColor Yellow
    try {
        $domainDN = (Get-ADDomain).DistinguishedName
        $searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$global:ldapServer/$domainDN")
        $searcher.Filter = "(objectClass=user)"
        $searcher.SizeLimit = 5
        $results = $searcher.FindAll()
        
        $queryResults = @()
        foreach ($result in $results) {
            $queryResults += [PSCustomObject]@{
                Name = $result.Properties["name"][0]
                DistinguishedName = $result.Properties["distinguishedname"][0]
            }
        }
        
        Write-Host "LDAP Query test successful." -ForegroundColor Green
        return $queryResults
    }
    catch {
        Write-Host "Error testing LDAP Query: $_" -ForegroundColor Red
        return $null
    }
}

function Check-LDAPSecuritySettings {
    Write-Host "`nChecking LDAP Security Settings..." -ForegroundColor Yellow
    try {
        $ntdsSettings = Get-ADObject -Identity "CN=NTDS Settings,CN=$global:ldapServer,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,$((Get-ADDomain).DistinguishedName)" -Properties *
        
        $result = @{
            LDAPServerSigningRequired = $ntdsSettings.LDAPServerIntegrity -eq 2
            LDAPSEnabled = $ntdsSettings.SSLPort -ne $null
            NTLMAuthEnabled = $ntdsSettings.SupportedSASLMechanisms -contains "GSSAPI"
            KerberosAuthEnabled = $ntdsSettings.SupportedSASLMechanisms -contains "GSS-SPNEGO"
        }
        
        Write-Host "LDAP Security Settings retrieved successfully." -ForegroundColor Green
        return $result
    }
    catch {
        Write-Host "Error checking LDAP Security Settings: $_" -ForegroundColor Red
        return $null
    }
}

function Analyze-LDAPTraffic {
    Write-Host "`nAnalyzing LDAP Traffic..." -ForegroundColor Yellow
    Write-Host "This function would typically use network monitoring tools to analyze LDAP traffic."
    Write-Host "For security and complexity reasons, actual traffic analysis is not implemented in this script."
    Write-Host "Consider using tools like Wireshark or Microsoft Network Monitor for detailed LDAP traffic analysis."
    
    # Placeholder for traffic analysis results
    $result = @{
        TotalConnections = "N/A"
        AverageResponseTime = "N/A"
        ErrorRate = "N/A"
    }
    
    return $result
}

function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>LDAP and LDAPS Check Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
        .success { color: green; }
        .warning { color: orange; }
        .error { color: red; }
    </style>
</head>
<body>
    <h1>LDAP and LDAPS Check Report</h1>
    <p>Generated on: $(Get-Date)</p>
    <p>LDAP Server: $global:ldapServer</p>

    <h2>LDAP Connectivity</h2>
    $($AllResults.LDAPConnectivity | ConvertTo-Html -Fragment)

    <h2>LDAPS Connectivity</h2>
    $($AllResults.LDAPSConnectivity | ConvertTo-Html -Fragment)

    <h2>LDAP Binding</h2>
    $($AllResults.LDAPBinding | ConvertTo-Html -Fragment)

    <h2>LDAP SSL Certificate</h2>
    $($AllResults.LDAPSSLCertificate | ConvertTo-Html -Fragment)

    <h2>LDAP Server Capabilities</h2>
    $($AllResults.ServerCapabilities | ConvertTo-Html -Fragment)

    <h2>LDAP Query Test</h2>
    $($AllResults.LDAPQuery | ConvertTo-Html -Fragment)

    <h2>LDAP Security Settings</h2>
    $($AllResults.SecuritySettings | ConvertTo-Html -Fragment)

    <h2>LDAP Traffic Analysis</h2>
    $($AllResults.TrafficAnalysis | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-11)"

    switch ($choice) {
        "1" { Set-LDAPServer }
        "2" { $allResults.LDAPConnectivity = Test-LDAPConnectivity }
        "3" { $allResults.LDAPSConnectivity = Test-LDAPSConnectivity }
        "4" { $allResults.LDAPBinding = Check-LDAPBinding }
        "5" { $allResults.LDAPSSLCertificate = Verify-LDAPSSLCertificate }
        "6" { $allResults.ServerCapabilities = Check-LDAPServerCapabilities }
        "7" { $allResults.LDAPQuery = Test-LDAPQuery }
        "8" { $allResults.SecuritySettings = Check-LDAPSecuritySettings }
        "9" { $allResults.TrafficAnalysis = Analyze-LDAPTraffic }
        "10" { Generate-HTMLReport -AllResults $allResults }
        "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "11") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "11")

This LDAP and LDAPS Check Toolkit includes:

  1. A menu-driven interface for easy navigation.
  2. Functions to analyze and test various aspects of LDAP and LDAPS:
    • LDAP and LDAPS Connectivity Tests
    • LDAP Binding Check
    • LDAP SSL Certificate Verification
    • LDAP Server Capabilities Check
    • LDAP Query Test
    • LDAP Security Settings Check
    • LDAP Traffic Analysis (placeholder)
  3. Option to set a target LDAP server (local or remote)
  4. HTML report generation for easy sharing and viewing of results

Key features:

  • Comprehensive LDAP and LDAPS connectivity testing
  • Detailed SSL certificate verification for LDAPS
  • Analysis of LDAP server capabilities and supported features
  • Basic LDAP query testing
  • Review of LDAP security settings
  • Placeholder for LDAP traffic analysis (which would typically require additional tools)

This tool is particularly useful for:

  • System administrators managing LDAP-enabled environments
  • Security professionals auditing LDAP configurations
  • IT professionals troubleshooting LDAP-related issues
  • Anyone needing to quickly gather comprehensive information about LDAP and LDAPS configurations

To use this script effectively:

  1. Run PowerShell as an administrator
  2. Ensure you have the Active Directory PowerShell module installed
  3. Have the necessary permissions to query LDAP server information
  4. Review the generated HTML report for a comprehensive overview of the LDAP server’s configuration and status

Note: The LDAP traffic analysis function is a placeholder and would typically require additional network monitoring tools to implement fully. For actual traffic analysis, consider using specialized tools like Wireshark or Microsoft Network Monitor.

This script provides a thorough analysis of LDAP and LDAPS configurations, helping to identify potential issues, misconfigurations, or security concerns. It’s designed to give administrators a quick but comprehensive view of their LDAP server’s health and configuration.

You might also like
Advanced Active Directory Monitoring Tool
Windows Firewall Analyzer Tool – Target Computer
Domain Check Toolkit
Advanced Template Module Generator Tool
CSV File Validator Tool
Email Validation Toolkit
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *