Added LDAP Channel Binding Support

[deadjakk]

I ran into this on a recent engagement and thought I would push it upstream since I would be willing to bet ldap channel binding is going to be popping up more and more.

Tested working 👍

[jkter]

Thank you for this PR! I used it during my assessment and it worked well.

@dirkjanm Could be this PR merged? I find it very useful.

[Zamanry]

I noticed that the flag --ldap-channel-binding does not appear in the options:

The error is expected, but this shows that the flag does exist:

[Zamanry]

Nevermind. I installed ly4k's ldap3 library and then the parameter appeared. Was not aware this was even possible. Worked like a charm. Thanks!

[cmprmsd]

Can confirm it's working well 👍

[spextat0r]

Bumping this as it still works in 2025. For anyone who stumbles on this and wants it with the latest version of ldapdomaindump with the updates that have been added since this PR was made I forked it and added deadjakk’s code.

[moscowchill]

Why did he not merge this??

[spextat0r]

Why did he not merge this??

No idea however ly4k’s ldap3 library is now archived and the official ldap3 repo has support for ldaps and channel binding now (at least its shown within their documentation on pypi idk if the implementation is out yet) https://ldap3.readthedocs.io/en/latest/connection.html

[moscowchill]

Why did he not merge this??

No idea however ly4k’s ldap3 library is now archived and the official ldap3 repo has support for ldaps and channel binding now (at least its shown within their documentation on pypi idk if the implementation is out yet) https://ldap3.readthedocs.io/en/latest/connection.html

Thanks! I implemented the official ldap3 libs channel bindin and submitted a new PR.

[Neustradamus]

@deadjakk: Nice, thanks for your PR about TLS Channel Binding!

@moscowchill has done a new PR about it too:

• Add LDAP channel binding support #77

Linked to:

• State of Play scram-sasl/info#1