03 · Service
LDAP Security Audit
A directory is a single point of trust. We make sure it earns it.
What we check
- Weak, anonymous, or cleartext (non-TLS) binds
- Over-broad ACLs and delegation. Who can read and write what, and who shouldn’t
- Stale privileged group membership. Admins and service accounts that outlived their reason
- Schema sprawl and
extensibleObjectabuse - Exposure. Which networks can reach the directory, and from where
- Credential storage and password policy
What you get
A prioritized findings report with concrete, ranked fixes, not a 200-page PDF nobody reads. The top of the list is the thing to fix today; the bottom is hygiene.