readme.html

<!-- File: readme.html
     Copyright (c) 2021-2022 Splunk Inc.
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software distributed under
     the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
     either express or implied. See the License for the specific language governing permissions
     and limitations under the License.
-->

<html>
  <body>
    <p><h2>App Information</h2>
        <ul>
          <li>This LDAP application utilizes the LDAP3 library for Python. This was chosen, in part, due to the pythonic design of the library
            and the quality of the documentation. Both SSL and TLS are supported.</li>
          <li>Please make sure to view additional documentation for this app on our <a href="https://github.com/phantomcyber/phantom-apps/tree/next/Apps/phadldap#readme">GitHub Open Source Repo!</a> </li>
        </ul>

    <p><h2>LDAP Ports Requirements (Based on Standard Guidelines of <a href="https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml" target="_blank">IANA ORG</a>)</h2>
      <ul>
        <li>LDAP(service) TCP(transport protocol) - 389</li>
        <li>LDAP(service) UDP(transport protocol) - 389</li>
        <li>LDAP(service) TCP(transport protocol) over TLS/SSL (was sldap) - 636</li>
        <li>LDAP(service) UDP(transport protocol) over TLS/SSL (was sldap) - 636</li>
      </ul>

    <p><h2>Asset Configuration</h2>

      The asset for this app requires an account with which to Bind and perform actions. If you are only ever going to perform information gathering tasks
      (e.g. getting account attributes) then a standard user account would be fine. However, if you plan on doing things like Unlocking,
      Resetting Passwords, Moving objects, etc. - then you will need an account with permissions to actually perform these actions.
      It is best practice to NOT use a "Domain Administrator" (or higher) account. Instead, delegate the appropriate least-privilege access
      to a service account with a very strong password. Lastly, it is strongly recommended to use SSL and disallow insecure (plain text and unsigned binds)
      if at all possible.

    <p><h2>Run Query Action</h2>
      This action provides the user the ability to run generic queries with the LDAP syntax. The action takes a filter (in LDAP syntax), an optional
      search base to search within, and specific attributes that you would like to return.
      <ul>
          <li> Common AD LDAP Run Query Examples </li>
          <ul>
            <li>Get Users belonging to a specific OU, Container, or Group</li>
            <ul>
              <li>filter = (samaccountname=*)</li>
              <li>attributes = samaccountname;mail</li>
              <li>search_base = distinguishedNameOfOU/Container/Group</li>
            </ul>
            <li>List Group Names that a User belongs to</li>
            <ul>
              <li>filter = (&(member=distinguishedNameOfUserHERE)(objectClass=group))</li>
              <li>attributes = name</li>
            </ul>
            <li>Return results if mail attribute is present OR sAMAccountName matches '*admin*'</li>
            <ul>
              <li>filter = (|(mail=*)(samaccountname=*admin*))</li>
              <li>attributes = samaccountname;mail;userprincipalname;distinguishedname</li>
            </ul>
          <li>If you would like to learn more about LDAP Filter Syntax, check out this <a href="https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx">Microsoft Wiki</a></li>
          </ul>
      </ul>
      <br>

  </body>
</html>