Difference between revisions of "LDAP"

m
m
 
(6 intermediate revisions by 2 users not shown)
Line 8: Line 8:
 
==Auto-completing email addresses==
 
==Auto-completing email addresses==
  
Many [[email]] clients let you configure an LDAP server to act as your address book. Here are the settings you'll need:
+
Many [[email clients]] let you configure an LDAP server to act as your address book. This means you can search for someone's email address directly in your mail client, without having to use [[WSO Facebook]]. Here are the settings you'll need:
  
 
Server: ldap.williams.edu
 
Server: ldap.williams.edu
Line 17: Line 17:
  
 
Use SSL: No
 
Use SSL: No
 +
 +
If you're writing a program and want to use the LDAP server to retrieve a person's first name, last name, and email address you'll want to use the search base "uid=$USER,o=williams,ou=people" (where $USERNAME is a person's [[Unix ID]]), and retrive the attributes "sn" (last name), "givenName" (first name), and "mail" (email address).
  
 
==Authenticating with LDAP==
 
==Authenticating with LDAP==
  
Here are settings for authenticating different types of users. Ideally, you can authenticate more than one type, but that will depend what kind of support your software has. Of course, if you are a true [[Students with Computer Skills|badass]], you shouldn't be afraid to write your own extension to handle multiple LDAP settings. In all cases, you need to somehow substitute $USER with the name of the user that's logging in.
+
Here are settings for checking the passwords of different types of users. Ideally, you can authenticate more than one type, but that will depend what kind of support your software has. Of course, if you are a true [[students with computer skills|badass]], you shouldn't be afraid to write your own extension to handle multiple LDAP settings. In all cases, you need to somehow substitute $USER with the name of the user that's logging in.
  
 
===Williams Students===
 
===Williams Students===
Line 32: Line 34:
 
These include some students and some alumni.
 
These include some students and some alumni.
  
  Server: ursula
+
  Server: wanda
  Bind domain: uid=$USER,cn=users,dc=williams,dc=edu
+
  Bind domain: uid=$USER,cn=users,dc=ursula,dc=local
 
  SSL: yes
 
  SSL: yes
  
Line 47: Line 49:
 
  Bind domain: cn=$USER,ou=staff,o=williams
 
  Bind domain: cn=$USER,ou=staff,o=williams
 
  SSL: no
 
  SSL: no
 +
 +
===Williams Alumni===
 +
 +
Server: alumni.williams.edu
 +
Bind domain: uid=$USER,ou=alumni,o=williams
 +
SSL: no(?)
 +
 +
==Info from LDAP==
 +
In addition to the servers above, you can query ldap2.williams.edu for general directory info. (No SSL)
 +
 +
  
 
==Fun with LDAP==
 
==Fun with LDAP==
  
 
If you want to query an LDAP server directly, there's a program called "ldapsearch" available for [[Mac OS X]] and [[Linux]] that you can use to query these servers.
 
If you want to query an LDAP server directly, there's a program called "ldapsearch" available for [[Mac OS X]] and [[Linux]] that you can use to query these servers.

Latest revision as of 08:02, May 30, 2008


LDAP is a protocol for searching for email addresses and checking the passwords of people with a Unix ID. The College runs three LDAP servers:

  • nds1.williams.edu is the Novell NetWare server that has a lot of information about you, and that can check your password;
  • nds2.williams.edu is nds1's twin;
  • ldap.williams.edu is used solely for searching email addresses.

Auto-completing email addresses

Many email clients let you configure an LDAP server to act as your address book. This means you can search for someone's email address directly in your mail client, without having to use WSO Facebook. Here are the settings you'll need:

Server: ldap.williams.edu

Search Base: ou=People,o=williams

Port: 389

Use SSL: No

If you're writing a program and want to use the LDAP server to retrieve a person's first name, last name, and email address you'll want to use the search base "uid=$USER,o=williams,ou=people" (where $USERNAME is a person's Unix ID), and retrive the attributes "sn" (last name), "givenName" (first name), and "mail" (email address).

Authenticating with LDAP

Here are settings for checking the passwords of different types of users. Ideally, you can authenticate more than one type, but that will depend what kind of support your software has. Of course, if you are a true badass, you shouldn't be afraid to write your own extension to handle multiple LDAP settings. In all cases, you need to somehow substitute $USER with the name of the user that's logging in.

Williams Students

Server: nds2.williams.edu (or nds1.williams.edu)
Bind domain: cn=$USER,ou=student,o=williams
SSL: no

WSO accounts

These include some students and some alumni.

Server: wanda
Bind domain: uid=$USER,cn=users,dc=ursula,dc=local
SSL: yes

Williams Faculty

Server: nds2.williams.edu
Bind domain: cn=$USER,ou=faculty,o=williams
SSL: no

Williams Staff

Server: nds2.williams.edu
Bind domain: cn=$USER,ou=staff,o=williams
SSL: no

Williams Alumni

Server: alumni.williams.edu
Bind domain: uid=$USER,ou=alumni,o=williams
SSL: no(?)

Info from LDAP

In addition to the servers above, you can query ldap2.williams.edu for general directory info. (No SSL)


Fun with LDAP

If you want to query an LDAP server directly, there's a program called "ldapsearch" available for Mac OS X and Linux that you can use to query these servers.