LDAP is short for Lightweight Directory Access Protocol. LDAP is a means to connect to and get data back from a directory. How we use it to authenticate students and users is by attempting to bind to the directory with the credentials we have been give from the user. To bind is to log in. See, LDAP isn't scary, it can all be done in a few simple steps.
The most common use of LDAP for us, is to perform simple binds. What would happen, is a user would enter a user name and password in the log in fields. We would take those values and attempt to log into the campus domain. If the user name and password are correct, we will get back a positive response, if not, we'll receive an error. From that information, we will know if the password was correct or not. We then search the local accounts for a user matching the user name provided on the log in form. Once found, they are permitted into the system.
Some directory servers do not allow users to bind with just a user name. In those cases, we perform a double bind. The first step is for use to perform a query against the LDAP server using an account provided us by your server administrators. For example, if jdoe was attempt to log in, we would first bind and then perform a query where uid=jdoe. We would get back a response that would typically include a dn or distinguished name. We would then take that value, and substitute the it for the user name and then perform the bind with those values. If the response is good, we log them in using the user name they provided.
For us to use LDAP requires we have some information regarding your setup. We must have the following information:
- LDAP Server address
- Base DN
- Format of username
- Port Number (typically 389 or 636)
- Encrypted (true or false)
We have provided an LDAP test page that can be accessed from your main menu. Simply click on the trac man, then Utilities and Prefs. There you will find a tab labels LDAP Tool. Simply fill out the the form with value provided to you and click Test. A green response is good, a red is bad.
Now that you have a good test, all we need is the information you used to generate that test minus the password. We will then create a script that will perform the authentication.File:Example.jpg