The core UH LDAP server is ldap1.its.hawaii.edu and is based on the uhEduPerson schema.
...
| LDAP Generation | host | port | comments |
|---|---|---|---|
 Next Generation LDAP, Production | ldap.hawaii.edu | 389 | only for STARTTLS, clear binds are rejected, a Special DN is required |
| Next Generation LDAP, Test | ldap-test.hawaii.edu | 389 | only for STARTTLS, clear binds are rejected, a Special DN is required |
 Older Legacy, Slated for Retirement | ldap1.its.hawaii.edu | 389 | data goes over cleartext, do not provide any passwords when you connect |
| Older Legacy, Slated for Retirement | ldap1.its.hawaii.edu | 636 | LDAPS, encrypted, always use this when providing a password |
- Connecting to LDAP is referred to as binding.
- You can cannot bind to LDAP anonymously (without using any credentials)
This only gets you public information for faculty and staff. No students.This is the only time you should connect in cleartext to port 389
- You must request a special DN in order to bind per UH Data Governance policies.
UNIX LDAP commands (e.g. ldapsearch) may not print an error message if you provide an incorrect special DN or password. These commands will continue working as if you had bound anonymously, and this is misleading. You may think you are using your special DN, but in reality, you are only able to get at public information (e.g. you can't search for students) - Special DNs are only granted when CAS (the Web Login Service) will not suffice.
- Special DN requests are subject to E2.215 and may require a Data Governance approval.
Using LDAP to verify a UH username and password
...
You should also look into CAS (the Web Login Service) as an alternative to using LDAP for authentication.
...