(Old content: click here to go to Updated content in Sharepoint)
Subject: Welcometo GTED!
Welcome to GTED,
If you have any questions, let me know.
Your account has been created. The DN is
dn: uid= dmaccormick3,ou=LocalAccounts,dc=gted,dc=gatech,dc=edu
If you have not already done so, youcan reset the password in Wand or have Customer Support (or me) do it. Or ifyou have been given the password, you can use Passport.gatech.edu toreset the password now, and whenever it expires in the future. If for somereason, you forget the password, or for any reason get the password reset usingWand, then it will have a 24hr expiration, so you must then reset it inpassport.
Normally, passwords do not expirefor a year, and you will get email notifications as that approaches.
Here is some other general info that may be helpful :
The OIT Support Center at 404-894-7173 can reset the password, ifforgotten.
Normally you will manage the account via Passport
Normal settings for an LDAP application using GTED would be:
Authentication type: simple binding
Bind DN: <your dn>
Password: <password you set in Wand orPassport for this account>
Example base DN:
Example search filter:
Ensure that your application or your SSL library either has
Incommon's root CA certificate or knows to ignore any certificateproblems.
use "TLS_REQCERT NEVER" in OpenLDAP's configuration.)Note that
ignoring certificate problems opens your LDAP session.
Examplequeries from UNIX:
ldapsearch-H ldaps://r.gted.gatech.edu:636 -x -D"uid= dmaccormick3 dmaccormick3, ou=LocalAccounts,dc=gted,dc=gatech,dc=edu" -W -b"dc=gted,dc=gatech,dc=edu" uid=jb434 cn sneduPersonPrimaryAffiliation
ldapsearch-LLL -D 'uid=dmaccormick3,ou=local accounts,dc=gted,dc=gatech,dc=edu' -H ldaps://r.gted.gatech.edu:636 -x-w PASS -b ou=people,dc=gted,dc=gatech,dc=edu gtgtid=900077828gtprimaryemailaddress
Itis better to search lower in the hierarchy when testing, to avoid long searchtimes and timeouts:
#ldapsearch -H ldaps://r.gted.gatech.edu:636 -x -D"uid=dmaccormick3, ou=Local Accounts,dc=gted,dc=gatech,dc=edu" -W -b"ou=accounts,ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=edu"uid=j* cn sn eduPersonPrimaryAffiliation
Atypical web application, might use the GTED access account above, to bind tothe LDAP, then look up the DN of the user who is trying to authenticate to yourapplication. The application could then bind again with that DN and thepassword supplied by the user.
Inother words, if you authenticate with your GTED access account, you should thenbe able to look up the DN for the user who is trying to authenticate. If yousearch on a user, using something like uid=xyz, then you will get back their DNobject. Then you can bind with that and their password.
Atypical DN for a user in GTED looks something like this:
Youwill note that they are in a different branch than your access account, butthat shouldn't matter if you are searching for a user, then using the DN thatis returned to bind next.
Hereis what a search on user with uid jb434 might look like:
ducos.iam.gatech.edu:ldapsearch -LLL -D 'uid=dmaccormick3,ou=localaccounts,dc=gted,dc=gatech,dc=edu' -H ldaps://r.gted.gatech.edu:636 -x-w xxxxxxxxx -b ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=eduuid=jb434
gtDebugInfo16:/departmental/oit/stats-viewers role: update status of jb434
ryson,John M) to enabled
Here is what that second bind might look like in unix:
ldapsearch -H ldaps://184.108.40.206:636 -x -D ldapsearch-H ldaps://r.gted.gatech.edu:636 -x -DgtDirGUID=9D2D2FCFDC6DF28D32324701A9C4CF29,ou=accounts,ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=edu
Note that searches with the Solaris client may have different syntax than Linuxor openldap searches. For example on acmex, you may want to use the ldapsearchclient in /usr/local/ldap/bin/ so that your syntax matches what you might havetested on a Linux platform:
-D 'uid=dmaccormick3, (or whatever your account is called)
ou=local accounts,dc=gted,dc=gatech,dc=edu' -H
ldaps://r.gted.gatech.edu:636 -x -wMypasssswd
The above information is what is commonly helpful for integrating an application to use GTED.
For exploring what is available to your account, an LDAP browser might also be a helpful tool.