diff --git a/scripts/base/init-default.zeek b/scripts/base/init-default.zeek
index cbfcca571d..b7d11dfbd2 100644
--- a/scripts/base/init-default.zeek
+++ b/scripts/base/init-default.zeek
@@ -59,6 +59,7 @@
 @load base/protocols/imap
 @load base/protocols/irc
 @load base/protocols/krb
+@load base/protocols/ldap
 @load base/protocols/modbus
 @load base/protocols/mqtt
 @load base/protocols/mysql
diff --git a/src/spicy/spicy-ldap/analyzer/__load__.zeek b/scripts/base/protocols/ldap/__load__.zeek
similarity index 100%
rename from src/spicy/spicy-ldap/analyzer/__load__.zeek
rename to scripts/base/protocols/ldap/__load__.zeek
diff --git a/src/spicy/spicy-ldap/analyzer/dpd.sig b/scripts/base/protocols/ldap/dpd.sig
similarity index 88%
rename from src/spicy/spicy-ldap/analyzer/dpd.sig
rename to scripts/base/protocols/ldap/dpd.sig
index dc734e5554..bf545ed375 100644
--- a/src/spicy/spicy-ldap/analyzer/dpd.sig
+++ b/scripts/base/protocols/ldap/dpd.sig
@@ -7,7 +7,7 @@ signature dpd_ldap_server_udp {
   ip-proto == udp
   payload /^\x30/
   requires-reverse-signature dpd_ldap_client_udp
-  enable "spicy_LDAP_UDP"
+  enable "LDAP_UDP"
 }
 
 signature dpd_ldap_client_tcp {
@@ -19,5 +19,5 @@ signature dpd_ldap_server_tcp {
   ip-proto == tcp
   payload /^\x30/
   requires-reverse-signature dpd_ldap_client_tcp
-  enable "spicy_LDAP_TCP"
+  enable "LDAP_TCP"
 }
diff --git a/src/spicy/spicy-ldap/analyzer/main.zeek b/scripts/base/protocols/ldap/main.zeek
similarity index 99%
rename from src/spicy/spicy-ldap/analyzer/main.zeek
rename to scripts/base/protocols/ldap/main.zeek
index 44955bffb0..1cdff64292 100644
--- a/src/spicy/spicy-ldap/analyzer/main.zeek
+++ b/scripts/base/protocols/ldap/main.zeek
@@ -292,7 +292,7 @@ function set_session(c: connection, message_id: int, opcode: LDAP::ProtocolOpcod
 #############################################################################
 @if (Version::at_least("5.2.0"))
 event analyzer_confirmation_info(atype: AllAnalyzers::Tag, info: AnalyzerConfirmationInfo) {
-  if ( atype == Analyzer::ANALYZER_SPICY_LDAP_TCP ) {
+  if ( atype == Analyzer::ANALYZER_LDAP_TCP ) {
     info$c$ldap_proto = "tcp";
   }
 }
@@ -302,7 +302,7 @@ event analyzer_confirmation(c: connection, atype: AllAnalyzers::Tag, aid: count)
 event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) {
 @endif
 
-  if ( atype == Analyzer::ANALYZER_SPICY_LDAP_TCP ) {
+  if ( atype == Analyzer::ANALYZER_LDAP_TCP ) {
     c$ldap_proto = "tcp";
   }
 
diff --git a/src/analyzer/protocol/CMakeLists.txt b/src/analyzer/protocol/CMakeLists.txt
index 4ea6642255..314a965730 100644
--- a/src/analyzer/protocol/CMakeLists.txt
+++ b/src/analyzer/protocol/CMakeLists.txt
@@ -16,6 +16,7 @@ add_subdirectory(ident)
 add_subdirectory(imap)
 add_subdirectory(irc)
 add_subdirectory(krb)
+add_subdirectory(ldap)
 add_subdirectory(login)
 add_subdirectory(mime)
 add_subdirectory(modbus)
diff --git a/src/spicy/spicy-ldap/analyzer/CMakeLists.txt b/src/analyzer/protocol/ldap/CMakeLists.txt
similarity index 100%
rename from src/spicy/spicy-ldap/analyzer/CMakeLists.txt
rename to src/analyzer/protocol/ldap/CMakeLists.txt
diff --git a/src/spicy/spicy-ldap/analyzer/asn1.spicy b/src/analyzer/protocol/ldap/asn1.spicy
similarity index 100%
rename from src/spicy/spicy-ldap/analyzer/asn1.spicy
rename to src/analyzer/protocol/ldap/asn1.spicy
diff --git a/src/spicy/spicy-ldap/analyzer/ldap.evt b/src/analyzer/protocol/ldap/ldap.evt
similarity index 95%
rename from src/spicy/spicy-ldap/analyzer/ldap.evt
rename to src/analyzer/protocol/ldap/ldap.evt
index bef6cb2af7..6b217348b1 100644
--- a/src/spicy/spicy-ldap/analyzer/ldap.evt
+++ b/src/analyzer/protocol/ldap/ldap.evt
@@ -1,10 +1,10 @@
 # Copyright (c) 2021 by the Zeek Project. See LICENSE for details.
 
-protocol analyzer spicy::LDAP_TCP over TCP:
+protocol analyzer LDAP_TCP over TCP:
     parse with LDAP::Messages,
     ports { 389/tcp, 3268/tcp};
 
-protocol analyzer spicy::LDAP_UDP over UDP:
+protocol analyzer LDAP_UDP over UDP:
     parse with LDAP::Messages,
     ports { 389/udp };
 
diff --git a/src/spicy/spicy-ldap/analyzer/ldap.spicy b/src/analyzer/protocol/ldap/ldap.spicy
similarity index 100%
rename from src/spicy/spicy-ldap/analyzer/ldap.spicy
rename to src/analyzer/protocol/ldap/ldap.spicy
diff --git a/src/spicy/CMakeLists.txt b/src/spicy/CMakeLists.txt
index e997004cd2..8d3d625dd7 100644
--- a/src/spicy/CMakeLists.txt
+++ b/src/spicy/CMakeLists.txt
@@ -28,5 +28,3 @@ install(DIRECTORY "${PROJECT_SOURCE_DIR}/scripts/spicy/" DESTINATION "${ZEEK_SPI
 set(ZEEK_SPICY_DATA_PATH "${CMAKE_INSTALL_FULL_DATADIR}/zeek" CACHE PATH "")
 
 add_subdirectory(spicyz)
-
-add_subdirectory(spicy-ldap)
diff --git a/src/spicy/spicy-ldap/CMakeLists.txt b/src/spicy/spicy-ldap/CMakeLists.txt
deleted file mode 100644
index d17735d5b4..0000000000
--- a/src/spicy/spicy-ldap/CMakeLists.txt
+++ /dev/null
@@ -1 +0,0 @@
-add_subdirectory(analyzer)
diff --git a/src/spicy/spicy-ldap/tests/analyzer/availability.zeek b/src/spicy/spicy-ldap/tests/analyzer/availability.zeek
index 7c48f3e015..44234ac15d 100644
--- a/src/spicy/spicy-ldap/tests/analyzer/availability.zeek
+++ b/src/spicy/spicy-ldap/tests/analyzer/availability.zeek
@@ -1,5 +1,5 @@
 # Copyright (c) 2021 by the Zeek Project. See LICENSE for details.
 
-# @TEST-EXEC: zeek -NN | grep -q ANALYZER_SPICY_LDAP_TCP
+# @TEST-EXEC: zeek -NN | grep -q ANALYZER_LDAP_TCP
 #
 # @TEST-DOC: Check that LDAP (TCP) is analyzer is available.
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 7ad3d68c64..2b87b5796f 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -406,6 +406,8 @@ scripts/base/init-default.zeek
     scripts/base/protocols/krb/main.zeek
       scripts/base/protocols/krb/consts.zeek
     scripts/base/protocols/krb/files.zeek
+  scripts/base/protocols/ldap/__load__.zeek
+    scripts/base/protocols/ldap/main.zeek
   scripts/base/protocols/modbus/__load__.zeek
     scripts/base/protocols/modbus/consts.zeek
     scripts/base/protocols/modbus/main.zeek
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index f410d976ab..bd3b78858e 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -20,6 +20,8 @@ known_certs
 known_hosts
 known_modbus
 known_services
+ldap
+ldap_search
 loaded_scripts
 modbus
 modbus_register_change
diff --git a/testing/btest/Baseline/scripts.base.files.x509.files/files.log b/testing/btest/Baseline/scripts.base.files.x509.files/files.log
index e64dfc52c0..ce19924fa1 100644
--- a/testing/btest/Baseline/scripts.base.files.x509.files/files.log
+++ b/testing/btest/Baseline/scripts.base.files.x509.files/files.log
@@ -7,10 +7,10 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	fuid	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256
 #types	time	string	string	addr	port	addr	port	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string
-XXXXXXXXXX.XXXXXX	FgN3AE3of2TRIqaeQe	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-user-cert	-	0.000000	F	F	1859	-	0	0	F	-	7af07aca6d5c6e8e87fe4bb34786edc0	548b9e03bc183d1cd39f93a37985cb3950f8f06f	6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
-XXXXXXXXXX.XXXXXX	Fv2Agc4z5boBOacQi6	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	1032	-	0	0	F	-	9e4ac96474245129d9766700412a1f89	d83c1a7f4d0446bb2081b81a1670f8183451ca24	a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
-XXXXXXXXXX.XXXXXX	Ftmyeg2qgI2V38Dt3g	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	897	-	0	0	F	-	2e7db2a31d0e3da4b25f49b9542a2e1a	7359755c6df9a0abc3060bce369564c8ec4542a3	3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
-XXXXXXXXXX.XXXXXX	FUFNf84cduA0IJCp07	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-user-cert	-	0.000000	F	F	1859	-	0	0	F	-	7af07aca6d5c6e8e87fe4bb34786edc0	548b9e03bc183d1cd39f93a37985cb3950f8f06f	6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
-XXXXXXXXXX.XXXXXX	F1H4bd2OKGbLPEdHm4	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	1032	-	0	0	F	-	9e4ac96474245129d9766700412a1f89	d83c1a7f4d0446bb2081b81a1670f8183451ca24	a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
-XXXXXXXXXX.XXXXXX	Fgsbci2jxFXYMOHOhi	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	897	-	0	0	F	-	2e7db2a31d0e3da4b25f49b9542a2e1a	7359755c6df9a0abc3060bce369564c8ec4542a3	3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
+XXXXXXXXXX.XXXXXX	FgN3AE3of2TRIqaeQe	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-user-cert	-	0.000000	F	F	1859	-	0	0	F	-	7af07aca6d5c6e8e87fe4bb34786edc0	548b9e03bc183d1cd39f93a37985cb3950f8f06f	6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
+XXXXXXXXXX.XXXXXX	Fv2Agc4z5boBOacQi6	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	1032	-	0	0	F	-	9e4ac96474245129d9766700412a1f89	d83c1a7f4d0446bb2081b81a1670f8183451ca24	a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
+XXXXXXXXXX.XXXXXX	Ftmyeg2qgI2V38Dt3g	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	897	-	0	0	F	-	2e7db2a31d0e3da4b25f49b9542a2e1a	7359755c6df9a0abc3060bce369564c8ec4542a3	3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
+XXXXXXXXXX.XXXXXX	FUFNf84cduA0IJCp07	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-user-cert	-	0.000000	F	F	1859	-	0	0	F	-	7af07aca6d5c6e8e87fe4bb34786edc0	548b9e03bc183d1cd39f93a37985cb3950f8f06f	6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
+XXXXXXXXXX.XXXXXX	F1H4bd2OKGbLPEdHm4	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	1032	-	0	0	F	-	9e4ac96474245129d9766700412a1f89	d83c1a7f4d0446bb2081b81a1670f8183451ca24	a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
+XXXXXXXXXX.XXXXXX	Fgsbci2jxFXYMOHOhi	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	897	-	0	0	F	-	2e7db2a31d0e3da4b25f49b9542a2e1a	7359755c6df9a0abc3060bce369564c8ec4542a3	3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/spicy.port-range-one-port/out.filtered b/testing/btest/Baseline/spicy.port-range-one-port/out.filtered
index 293b1047f3..708e225624 100644
--- a/testing/btest/Baseline/spicy.port-range-one-port/out.filtered
+++ b/testing/btest/Baseline/spicy.port-range-one-port/out.filtered
@@ -1,2 +1,5 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[zeek]   Scheduling analyzer for port 389/tcp
+[zeek]   Scheduling analyzer for port 3268/tcp
+[zeek]   Scheduling analyzer for port 389/udp
 [zeek]   Scheduling analyzer for port 31336/udp