Abstract
The Lightweight Directory Access Protocol (LDAP)
is widely used to make structured data available for standardized
lookup, which may sometimes include personal information or
authentication credentials. Previous work, including ours, found
security issues such as public LDAP servers leaking sensitive in-
formation without prior authentication and server configurations
with poor communication security. However, prior work did not
investigate whether, or to what extent, the identified problems
are linked to hosting and management setups. In this paper, we
address this gap and explore the organizations hosting public-
facing LDAP servers. We identify the network segments more
likely to host LDAP instances, the products and operating systems
used, and examine the management practices related to Public
Key Infrastructure (PKI) setups for LDAP. In contrast to studies
on Web and email, which have revealed strong centralization
tendencies in deployment, we show that the LDAP ecosystem
is diverse, with a wide range of different hosting networks. In
this study, we identify 69.1k LDAP instances—6.5× more than
prior work—and map these to the respective LDAP products. We
find that 5.8% of the servers use a product that is end-of-life or
runs on a deprecated OS. We identify servers using problematic
X.509 certificates, e.g., those associated with publicly known
private keys. From our observations, we give recommendations
for network operators to improve their security posture.
is widely used to make structured data available for standardized
lookup, which may sometimes include personal information or
authentication credentials. Previous work, including ours, found
security issues such as public LDAP servers leaking sensitive in-
formation without prior authentication and server configurations
with poor communication security. However, prior work did not
investigate whether, or to what extent, the identified problems
are linked to hosting and management setups. In this paper, we
address this gap and explore the organizations hosting public-
facing LDAP servers. We identify the network segments more
likely to host LDAP instances, the products and operating systems
used, and examine the management practices related to Public
Key Infrastructure (PKI) setups for LDAP. In contrast to studies
on Web and email, which have revealed strong centralization
tendencies in deployment, we show that the LDAP ecosystem
is diverse, with a wide range of different hosting networks. In
this study, we identify 69.1k LDAP instances—6.5× more than
prior work—and map these to the respective LDAP products. We
find that 5.8% of the servers use a product that is end-of-life or
runs on a deprecated OS. We identify servers using problematic
X.509 certificates, e.g., those associated with publicly known
private keys. From our observations, we give recommendations
for network operators to improve their security posture.
| Original language | English |
|---|---|
| Title of host publication | 2025 21st International Conference on Network and Service Management (CNSM) |
| Publication status | Accepted/In press - 27 Oct 2025 |
| Event | 21th International Conference on Network and Service Management, CNSM 2025 - Bologna, Italy Duration: 27 Oct 2025 → 31 Oct 2025 Conference number: 21 https://www.cnsm-conf.org/2025/ |
Conference
| Conference | 21th International Conference on Network and Service Management, CNSM 2025 |
|---|---|
| Abbreviated title | CNSM 2025 |
| Country/Territory | Italy |
| City | Bologna |
| Period | 27/10/25 → 31/10/25 |
| Internet address |