Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 43 Next »

eThe core UH LDAP servers are ldap.hawaii.edu (recommended) and ldap1.its.hawaii.edu (legacy, slated for retirement) and are based on the uhEduPerson schema.

The "legacy" LDAP (ldap1.its.hawaii.edu) will be retired end of calendar year 2014


New services should utilize our Next Generation LDAP (see below).

Next Generation LDAP


The next generation of our LDAP service is now in Production. Please see below for details:

Table of Contents

Accessing LDAP

LDAP Generation

host

port

comments

(tick) Next Generation LDAP, Productionldap.hawaii.edu636 for LDAPS, 389 if using startTLScleartext or anonymous binds are rejected, a Special DN is required
(tick) Next Generation LDAP, Testldap-test.its.hawaii.edu636 for LDAPS, 389 if using startTLScleartext or anonymous binds are rejected, a Special DN is required
(minus) Legacy, Slated for Retirement

ldap1.its.hawaii.edu

389

data goes over cleartext, do not provide any passwords when you connect

(minus) Legacy, Slated for Retirement

ldap1.its.hawaii.edu

636

LDAPS, encrypted, always use this when providing a password

  • Connecting to LDAP is referred to as binding.
  • You cannot bind to LDAP anonymously, credentials are required for the Next Generation LDAP.
    • You must request a special DN in order to bind per UH Data Governance policies.
    • Special DNs are only granted when CAS (the Web Login Service) will not suffice.
    • Special DN requests are subject to E2.215 and may require a Data Governance approval.

Our UH LDAP service features three branches

By default a Special DN provides access to the "people" and "misc" branches.

  • ou=people,dc=hawaii,dc=edu
    • All people who have received a UH Number, meaning anyone who was, is or will shortly be a student, faculty, staff or guest at UH.
    • See also UH Role Assignments and Transitions
    • The UH Online Directory relies on this branch for providing contact information for people.
  • ou=misc,dc=hawaii,dc=edu
    • Departmental/ Group UH Usernames
    • Visiting individuals who have have been granted the ability to access the Internet from our campus(es).
  • ou=dept_listings,dc=hawaii,dc=edu
    • Department listings, primarily used for printing or providing PDFs of the University Phone Directory.

Data Element Dictionary

Using LDAP to verify a UH username and password

  • See LDAP Authentication
  • If you wish to limit use of your app to certain roles and/or campuses, you should retrieve the affiliations of the person associated with the authenticated username, and allow only those matching your criteria to pass through.

You should also look into CAS (the Web Login Service) as an alternative to using LDAP for authentication.

Sample Code

  • No labels