Versions Compared

Version Old Version 16 New Version 17
Changes made by

mhodges

mhodges

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The core UH LDAP server is ldap1.its.hawaii.edu and is based on the uhEduPerson schema.

Warning
titleThe "legacy" LDAP (ldap1.its.hawaii.edu) will be retired


The "legacy" LDAP server (ldap1.its.hawaii.edu) will be retired January 21, some time after January 2014 and no later than end of calendar year 2014. New services should utilize our Next Generation LDAP (see below). The actual retirement of the "legacy" LDAP will be done in two stages:

The "legacy" schema will be migrated from the Sun LDAP server on Solaris to the open source 389DS server on Read Hat Enterprise Linux. (January 25, 2014 at the earliest, stay tuned

)

.The "legacy" schema will be fully retired no later than end of calendar year 2014

.

Info
titleNext General LDAP


The next generation of our LDAP service is now in Production. Please see below for details:

...

LDAP Generation

host

port

comments

(tick) Next Generation LDAP, Productionldap.hawaii.edu389only for STARTTLS, clear binds are rejected, a Special DN is required
(tick) Next Generation LDAP, Testldap-test.hawaii.edu389only for STARTTLS, clear binds are rejected, a Special DN is required
(minus) Legacy, Slated for Retirement

ldap1.its.hawaii.edu

389

data goes over cleartext, do not provide any passwords when you connect

(minus) Legacy, Slated for Retirement

ldap1.its.hawaii.edu

636

LDAPS, encrypted, always use this when providing a password

  • Connecting to LDAP is referred to as binding.
  • You cannot bind to LDAP anonymously, credentials are required for the Next Generation LDAP.
    • You must request a special DN in order to bind per UH Data Governance policies.
    • Special DNs are only granted when CAS (the Web Login Service) will not suffice.
    • Special DN requests are subject to E2.215 and may require a Data Governance approval.

...