LDAP Services In EECS

Note:  This document is not intended to be a tutorial on LDAP terminology; for an introduction to LDAP, please consult one of the many good tutorials that exist online or in print.  See the References section for some suggestions.

LDAP is a protocol for providing directory services.  LDAP has become a widely-used standard, and it makes a good foundation for distributing department-wide information in an easily-accessible manner.  The most visible use of LDAP in the department at this time is for address auto-completion in mail programs, but our directory servers are also currently used for distributing other information (e.g. network port information) as well as for application support (e.g both the IMAP server and Steltor Calendar server store per-user preferences in the user's LDAP entry).

Using LDAP

As mentioned above, the most common use of LDAP currently is to look up information about people in the department.  See these pages for information on configuring Netscape or Outlook to query our directory servers:

http://iris.eecs.berkeley.edu/15-faq/15-software/netscapeLDAP.html#ldap
http://iris.eecs.berkeley.edu/15-faq/15-software/outlookLDAP.html#LDAP

All modern programming languages support LDAP.  In IRIS, we have written applications in both perl and PHP that query our LDAP servers.  See the References section below for links.

OU Structure (Schema)


We currently maintain information about PEOPLE and network PORTS in publically-searchable LDAP OUs.  The structure of each is described below.

All attributes have an Access Control List (ACL).  All entries should be assumed to have read/write access for the Directory Manager.

Most attributes are visible to the world.  This is helpful since most people connect to the LDAP server anonymously.  Some attributes (e.g. employeeidnumber) are restricted, since they are private.  These attributes will only be visible to authenticated users who meet the ACL restrictions.

PEOPLE

BASE DN: ou=People,o=EECS.Berkeley.EDU,o=Berkeley.EDU

Basic Person Attributes

Attribute
Description
ACL
ou

objectclass

sn

uid

cn

givenname

mailhost

businesscategory

description

employeenumber

employeetype

labeleduri

mail

mailalternateaddress

mailautoreplymode

mailautoreplytext;lang-en

maildeliveryoption

nswmextendeduserprefs

postaladdress

roomnumber

street

telephonenumber

userpassword

vacationenddate

vacationstartdate






EECS-Specific Attributes

eecsdwrosterid
eecspeopleacctfund
eecspeopleaffiliation
eecspeopledwrosteracl
eecspeopledwuseracl
eecspeoplelastmod


Steltor (née Corporate Time) Attributes

ctcaldefaultnotereminder
ctcaldefaultreminder
ctcaldefaulttaskreminder
ctcaldisplayprefs
ctcalflags
ctcallanguageid
ctcalnotifmechanism
ctcaloperatingprefs
ctcalpasswordrequired
ctcalpublishedtype
ctcalrefreshprefs
ctcalsmstimerange
ctcalsysopcanwritepassword
ctcaltimezone
ctcalxitemid

PORTS


BASE DN: ou=Ports,o=EECS.Berkeley.EDU,o=Berkeley.EDU

Attributes:


References

Online Tutorials:

Books in Print