389,636,3268,3269,9389 - Pentesting ldap Basic Enumeration Automated Using this you will be able to see the public information (like the domain name): nmap -n -sV --script "ldap* and not brute" $IP