LDAP Authentication

LDAP Directory Services - Authenticating Users


Notes

For security reasons, this service is DEPRECATED.  Utilize UH Login for authentication.

Overview


Programmers of directory enabled applications are the intended audience for this page. Besides white pages data (title, office location, office phone number, office fax number) the LDAP directory service can be used to authenticate users in the UH community with their UH Username and password. If you want your UH web site to authenticate users with their UH Username it is recommended that you use UH Login when developing an online application.

How do I authenticate someone using LDAP?


Prerequisite:

Once you have the special DN, the general procedure is:

  1. Connect to the LDAP server.
  2. Bind with the special DN and password that you were given.
  3. Search LDAP for the username:
    1. Filter is uid=<username>
    2. Base is dc=hawaii,dc=edu
    3. Scope is sub
  4. Retrieve the DN for the username if found.
  5. Rebind with the user's DN and user-input password.
  6. If this rebind succeeds, the user is authenticated
  7. Optionally, you can retrieve the user's attributes to perform AuthZ:
    1.  Search for the user while still bound as the user (search base is the user's DN, search scope is base)

Related Information


  • Deprovisioned users are removed from LDAP, unless they remain associated with the White Pages Management System.

Sample Code

Note that this sample code is for simple retrieval of LDAP attributes, not double binding.