LDAP: Difference between revisions
m (link machine names to Machine List) |
(querying LDAP) |
||
| Line 1: | Line 1: | ||
We use [http://www.openldap.org/ OpenLDAP] for directory services. Our primary LDAP server is [[Machine_List#ginseng|ginseng]] and our secondary LDAP server is [[Machine_List#artificial-flavours|artificial-flavours]]. |
We use [http://www.openldap.org/ OpenLDAP] for directory services. Our primary LDAP server is [[Machine_List#ginseng|ginseng]] and our secondary LDAP server is [[Machine_List#artificial-flavours|artificial-flavours]]. |
||
=== Querying LDAP === |
|||
There are many tools available for issuing LDAP queries. Queries should be issued to <tt>ginseng.csclub.uwaterloo.ca</tt>. The search base you almost certainly want is <tt>dc=csclub,dc=uwaterloo,dc=ca</tt>. Read access is available without authentication; [[Kerberos]] is used to authenticate commands which require it. |
|||
Example: |
|||
ldapsearch -x -h ginseng.csclub.uwaterloo.ca -b dc=csclub,dc=uwaterloo,dc=ca uid=ctdalek |
|||
The <tt>-x</tt> option causes <tt>ldapsearch</tt> to switch to simple authentication rather than trying to authenticate via SASL (which will fail if you do not have a Kerberos ticket). |
|||
The University LDAP server (uwldap.uwaterloo.ca) can also be queried like this. Again, use "simple authentication" as read access is available (from on campus) without authentication. SASL authentication will fail without additional parameters. |
|||
Example: |
|||
ldapsearch -x -h uwldap.uwaterloo.ca -b dc=uwaterloo,dc=ca "cn=Prabhakar Ragde" |
|||
[[Category:Software]] |
[[Category:Software]] |
||
Revision as of 17:10, 22 May 2010
We use OpenLDAP for directory services. Our primary LDAP server is ginseng and our secondary LDAP server is artificial-flavours.
Querying LDAP
There are many tools available for issuing LDAP queries. Queries should be issued to ginseng.csclub.uwaterloo.ca. The search base you almost certainly want is dc=csclub,dc=uwaterloo,dc=ca. Read access is available without authentication; Kerberos is used to authenticate commands which require it.
Example:
ldapsearch -x -h ginseng.csclub.uwaterloo.ca -b dc=csclub,dc=uwaterloo,dc=ca uid=ctdalek
The -x option causes ldapsearch to switch to simple authentication rather than trying to authenticate via SASL (which will fail if you do not have a Kerberos ticket).
The University LDAP server (uwldap.uwaterloo.ca) can also be queried like this. Again, use "simple authentication" as read access is available (from on campus) without authentication. SASL authentication will fail without additional parameters.
Example:
ldapsearch -x -h uwldap.uwaterloo.ca -b dc=uwaterloo,dc=ca "cn=Prabhakar Ragde"