LDAPS Honeypot Enterprise Community
The LDAPS service emulates a Microsoft Active Directory LDAP server over TLS (port 636). Use it to catch LDAP enumeration and bind attempts over TLS.
Enterprise configuration
Configure from Trapsters → device → Services → LDAPS:
| Parameter | Description |
|---|---|
port | TCP port (default 636) |
level | AD domain functional level |
Hostname and domain come from the device identity, same as LDAP.
Community configuration
json
"ldaps": [
{
"port": 636,
"hostname": "DC01",
"domain": "corp.local",
"level": "WinThreshold",
"key": "trapster/data/ssl/ldaps/key.pem",
"certificate": "trapster/data/ssl/ldaps/certificate.pem"
}
]Parameters
All LDAP parameters apply, plus:
| Parameter | Type | Default | Description |
|---|---|---|---|
key | string | trapster/data/ssl/ldaps/key.pem | PEM private key path |
certificate | string | trapster/data/ssl/ldaps/certificate.pem | PEM certificate path |
Trapster generates a self-signed certificate on startup with CN {hostname}.{domain} (for example DC01.corp.local).
What gets captured
Same events as LDAP: connection, bind/login attempts, and RootDSE queries - over TLS.
Pairing with breadcrumbs
From the LDAPS service row, click Generate breadcrumb to create a decoy password file or connection script. See Breadcrumbs.
