Contact Us

NSIT Support Line
Dial 4-TECH (773-834-8324)
support@uchicago.edu
Current Hours

Home > Documentation > Documentation - LDAP

Documentation - LDAP

LDAP Documentation Home | LDAP Attributes | LDAP Affiliations

Contents

Authentication

In order to authenticate against The University Of Chicago's LDAP servers, a LDAP client must:

  1. Connect from 128.135.0.0/16
  2. Support either StartTLS (port 389) or LDAP/SSL (port 636)
  3. Use 128 bit or better transport layer encryption when authenticating

To perform an authenticated bind against our LDAP servers, the LDAP client should:

  1. Connect to ldap.uchicago.edu
  2. The bind DN (distinguished name) is of the form:
    'uid=your cnetid,ou=people,dc=uchicago,dc=edu'
  3. The bind password is the CNet password

The server certificates are signed by Equifax Root CA. Your client may need this certificate to verify the LDAP server certificates when making a secure connection.

If you are using OpenLDAP, you will need to adjust your configuration file (ldap.conf) to use the equifax.crt file:

TLS_CACERT /PATH/TO/equifax.crt

Mail Client Configuration

See the Directory Servers section of NSIT Documentation's client configuration page.

Schema

Directory schema information is stored within the DIT and available to clients querying from the 128.135.0.0/16 network. The search should have the following properties:

  • Base: cn=subschema
  • Scope: base
  • Filter: (objectclass=subschema)
  • Return: All Operational Attributes

An example, using ldapsearch(1):

% ldapsearch -H ldap://ldap.uchicago.edu -b cn=subschema \
-s base '(objectclass=subschema)' \+

Support

Please contact ldap-support@lists.uchicago.edu if you have questions regarding NSIT's LDAP servers.

Mailing Lists

  • ldap-announce: A broadcast list for announcements regarding downtime and changes to the NSIT LDAP servers.
  • ldap-support: A list for support requests and general inquiries regarding the NSIT LDAP servers.

Additional Information

Last updated: 9/2/09