I seem to find open LDAP servers on the Internet more often than I should. Here are some notes on using ldapsearch

Installing ldapsearch on Ubuntu

apt-get install ldap-utils

Root-DSE object

nmap includes a script to gather info from a LDAP root-dse object (http://nmap.org/nsedoc/scripts/ldap-rootdse.html). We can also use ldapsearch to test:

ldapsearch -p [PORT] -x -b "" -s base 'objectclass=*' -h [IP]

Open LDAP server

Connect to an open LDAP server, john the ripper can be used to crack passwords that are returned:

ldapsearch -p [PORT] -x -h [IP] -b "dc=[y],dc=com"