LDAP Injection & Enumeration

LDAP is the directory behind most enterprise logins and group membership, and it answers questions in a filter syntax an app stitches together from user input. Get that stitching wrong and the filter becomes injectable, the same way SQL does. This covers how directory queries work, what an anonymous bind hands to ldapsearch and windapsearch, how filter injection bends a login into an auth bypass or a blind attribute read, and the escaping and least-privilege binds that close it.