Documentation:LDAP

From UGCS

Jump to: navigation, search

LDAP on UGCS

UGCS uses LDAP, the Lightweight Directory Access Protocol, to store basic "directory information". This includes the contents of /etc/passwd for most users, as well as additional settings for mail and other services. See the Wikipedia page on LDAP for more information.

Our LDAP servers are ldap-head.ugcs.caltech.edu and ldap-backup.ugcs.caltech.edu. They support SSL (you will need our CA certificate) as well as kerberos authentication, and can be used from outside UGCS if you wish.

Below we have a description of the most common (and some uncommon) ldap entries for a UGCS user. These entries can be easily edited with ldapedit. If you run ldapedit without any arguments, it will print a list of ldap entries for your user.

You can look at any ldap entry using "ldapsearch". This command takes a ldap search filter. You will probably want to use 

ldapsearch uid=<username>

to look for a given user's entry. Some of the fields may be base64 encoded. If you see a field that looks like a bunch of gibberish, try running it through base64 decode. For example, if a user's gecos field was "Sm9zaHVhIEh1dGNoaW5zLCwsIA==", you could run 

echo "Sm9zaHVhIEh1dGNoaW5zLCwsIA==" | base64 -d

which would print out "Joshua Hutchins,,,"- the correct text. ldapedit does this automatically for you.


How to edit settings

You can edit settings using ldapedit 

ldapedit -modify <attribute> <value>
ldapedit -modify roomNumber 'MyRoom 123'
ldapedit -add <attribute> <value>

User Information

  • cn: Common name, usually your full name
  • sn: Surname (your last name)
  • givenName: Your first name
  • gecos: The gecos information field. Traditionally contains your name, phone number, address, etc
  • mobile: Your cell phone number
  • homePhone: Your home phone number
  • homePostalAddress: Your mailing address
  • roomNumber: Your current room number (can include your building too)

Account information

With the exception of loginShell, you can't change these.

  • uidNumber: Your UNIX uid
  • uid: Your UNIX username
  • loginShell: Your login shell (use chsh to change it)
  • homeDirectory: Your home directory

Mail settings

See also email basics

  • mail: Your primary mail address (just the username, not @ugcs.caltech.edu). You shouldn't change this
  • mailForwardingAddress: Email address(es) you want your mail forwarded to
  • deliveryMethod: If it is set to "forwardOnly", mail will not be kept locally when it is forwarded. Otherwise, it should be set to "normal", where mail will be kept on UGCS.
  • mailAlternateAddress: An alternate address to receive mail at. Mail sent to this address will be delivered to you. It can have @ugcs.caltech.edu, or just be the mail name part. You cannot directly edit this setting through ldap- see email aliases for more information.

Spam settings

  • amavisSpamKillLevel: A decimal number. If an email scores above this threshold (from spamassassin), it will be silently discarded. Most mail with scores about 2 or 3 are definitely spam. Our default kill level is 4.5
  • amavisSpamTag2Level: A decimal like spamKillLevel. Mail that scores above this will have ***SPAM*** added to its subject line.
  • amavisWhitelistSender: An email address to whitelist. If you have an address that consistently gets marked as spam but is not, please let us know .
  • amavisBlacklistSender: An email address to blacklist.

There are other less relevant amavis settings- almost any amavis setting can be configured through ldap.

Website Directory

These settings control your listing in our user directory

  • listWebsite: TRUE or FALSE, whether or not your site will appear.
  • websiteShortDesc: An optional string with a short description of your website. If you leave it blank (the default), it will use your name
  • websiteURL: An optional URL to point to. If left blank, it defaults to your UGCS website ( ~username/)

See also

Retrieved from "http://www.ugcs.caltech.edu/wiki/Documentation:LDAP"
Personal tools