LDAP Authentication
LDAP Directory Services - Authenticating Users
Notes
For security reasons, this service is DEPRECATED. Utilize UH Login for authentication.
Overview
Programmers of directory enabled applications are the intended audience for this page. Besides white pages data (title, office location, office phone number, office fax number) the LDAP directory service can be used to authenticate users in the UH community with their UH Username and password. If you want your UH web site to authenticate users with their UH Username it is recommended that you use UH Login when developing an online application.
How do I authenticate someone using LDAP?
Prerequisite:
- Request a special DN and password. This special DN is only issued to faculty and staff who are responsible for web sites and computers that will be using LDAP to lookup information on students.
Once you have the special DN, the general procedure is:
- Connect to the LDAP server.
- Bind with the special DN and password that you were given.
- Search LDAP for the username:
- Filter is uid=<username>
- Base is dc=hawaii,dc=edu
- Scope is sub
- Retrieve the DN for the username if found.
- Rebind with the user's DN and user-input password.
- If this rebind succeeds, the user is authenticated
- Optionally, you can retrieve the user's attributes to perform AuthZ:
- Search for the user while still bound as the user (search base is the user's DN, search scope is base)
Related Information
- Deprovisioned users are removed from LDAP, unless they remain associated with the White Pages Management System.
Sample Code
Note that this sample code is for simple retrieval of LDAP attributes, not double binding.
- Retrieve LDAP values using PHP
- Example call to ldap_lookup function (PHP)
- Retrieve LDAP values using C++
- Retrieve LDAP values using Haskell
- Retrieve LDAP values using Groovy
- Retrieve LDAP values using Node.js
- Retrieve LDAP values using Perl-5
- Retrieve LDAP values using PHP-5
- Retrieve LDAP values using Python-3
- Retrieve LDAP values using Ruby
- Retrieve LDAP values using Scala