To use LDAP to authenticate users on Windows PCs, you can use the pGina dynamically linked library. pGina is available from http://pgina.org.
Setup instructions are available in the document, Configuring pGina for LDAP Authentication For Windows XP.
In the section, Configure pGina, you can leave the Admin User and Admin Pass values blank if you don't need to authenticate UH students. This is because students are not publicly visible in LDAP and can't be found unless a special DN and password is used to connect to the directory server. Faculty and staff are publicly visible in LDAP so no Admin User and Pass are needed.
If you want to authenticate UH students, you will need to request a special DN.
Windows 7 users may need to add the IP address and hostname for the UH LDAP server, ldap1.its.hawaii.edu, to the Windows hosts file.
Vista and Windows 7
- pGina 2.1, the latest release as of July 2010, seems to no longer pass the LDAP admin credentials properly. As a result, it only works to authenticate fac/staff.
- pGina 2.0 does appear to work with Vista and Windows 7, but only after adding a line to the hosts file,
128.171.224.193 ldap1.its.hawaii.edu
Campuses may want to limit PC usage to students, faculty, and staff at that campus. To do this, go to the pGina configuration screen and change the Filter from (uid=%s) to something like (&(uid=%s)(uhOrgAffiliation=eduPersonOrgDn=kcc,eduPersonAffiliation=*)) . In this example, the eduPersonOrgDn value is kcc for Kapiolani Community College.
Values for eduPersonOrgDn are:
- hawcc — Hawaii Community College
- hcc — Honolulu Community College
- kcc — Kapiolani Community College
- kauaicc — Kauai Community College
- lcc — Leeward Community College
- mauicc — Maui Community College
- wcc — Windward Community College
- uhh — University of Hawaii at Hilo
- uhm — University of Hawaii at Manoa
- uhwo — University of Hawaii – West Oahu
- rcuh — Research Corporation of UH