(Old content: click here to go to Updated content in Sharepoint) 

 


Subject: Welcometo GTED!


Welcome to GTED,
 
If you have any questions, let me know. 

Your account has been created.  The DN is

dn: uid= dmaccormick3,ou=LocalAccounts,dc=gted,dc=gatech,dc=edu

 

If you have not already done so,  youcan reset the password in Wand or have Customer Support (or me) do it. Or ifyou have been given the password, you can use Passport.gatech.edu toreset the password now, and whenever it expires in the future. If for somereason, you forget the password, or for any reason get the password reset usingWand, then it will have a 24hr expiration, so you must then reset it inpassport.

 

Normally, passwords do not expirefor a year, and you will get email notifications as that approaches.

Here is some other general info that may be helpful :

 The OIT Support Center at 404-894-7173 can reset the password, ifforgotten.
Normally you will manage the account via Passport
 <http://passport.gatech.edu/>.

Normal settings for an LDAP application using GTED would be:
         Host: r.gted.gatech.edu
         Port: 636
         SSL: Required
         URI: ldaps://r.gted.gatech.edu:636
         Authentication type: simple binding
         Bind DN:  <your dn>
         Password: <password you set in Wand orPassport for this account>

        Example base DN:
        ou=accounts,ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=edu

       Example search filter:
              (uid=*)

  Ensure that your application or your SSL library either has
  Incommon's root CA certificate or knows to ignore any certificateproblems.
  (E.g.
  use "TLS_REQCERT NEVER" in OpenLDAP's configuration.)Note that
  ignoring certificate problems opens your LDAP session.

 

 
Examplequeries from UNIX:

ldapsearch-H ldaps://r.gted.gatech.edu:636 -x -D"uid= dmaccormick3 dmaccormick3, ou=LocalAccounts,dc=gted,dc=gatech,dc=edu" -W -b"dc=gted,dc=gatech,dc=edu" uid=jb434 cn sneduPersonPrimaryAffiliation
EnterLDAP Password:

ldapsearch-LLL -D 'uid=dmaccormick3,ou=local accounts,dc=gted,dc=gatech,dc=edu' -H ldaps://r.gted.gatech.edu:636 -x-w PASS -b ou=people,dc=gted,dc=gatech,dc=edu gtgtid=900077828gtprimaryemailaddress

Itis better to search lower in the hierarchy when testing, to avoid long searchtimes and timeouts:

#ldapsearch -H ldaps://r.gted.gatech.edu:636 -x -D"uid=dmaccormick3, ou=Local Accounts,dc=gted,dc=gatech,dc=edu" -W -b"ou=accounts,ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=edu"uid=j* cn sn eduPersonPrimaryAffiliation


Atypical web application, might use the GTED access account above, to bind tothe LDAP, then look up the DN of the user who is trying to authenticate to yourapplication. The application could then bind again with that DN and thepassword supplied by the user.



Inother words, if you authenticate with your GTED access account, you should thenbe able to look up the DN for the user who is trying to authenticate. If yousearch on a user, using something like uid=xyz, then you will get back their DNobject. Then you can bind with that and their password.


Atypical DN for a user in GTED looks something like this:

gtDirGUID=9D2D2FCFDC6DF28D32324701A9C4CF29,ou=accounts,ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=edu

Youwill note that they are in a different branch than your access account, butthat shouldn't matter if you are searching for a user, then using the DN thatis returned to bind next.

Hereis what a search on user with uid jb434 might look like:

ducos.iam.gatech.edu:ldapsearch -LLL -D 'uid=dmaccormick3,ou=localaccounts,dc=gted,dc=gatech,dc=edu' -H ldaps://r.gted.gatech.edu:636 -x-w xxxxxxxxx  -b ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=eduuid=jb434

dn:gtDirGUID=209AACE9FAFEBD75403EBEBCF4A53046,ou=accounts,ou=gtaccounts,ou=de

 partments,dc=gted,dc=gatech,dc=edu

gtDebugInfo16:/departmental/oit/stats-viewers role: update status of jb434  

 ryson,John M) to enabled

gtStudentMiddleName: N

homeDirectory: /nethome/jb434

telephoneNumber: 404/894-6153

 :

Normal 0 false false false EN-US JA X-NONE      

Here is what that second bind might look like in unix:

ldapsearch -H ldaps://130.207.172.140:636 -x -D ldapsearch-H ldaps://r.gted.gatech.edu:636 -x -DgtDirGUID=9D2D2FCFDC6DF28D32324701A9C4CF29,ou=accounts,ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=edu

NOTES:

Note that searches with the Solaris client may have different syntax than Linuxor openldap searches. For example on acmex, you may want to use the ldapsearchclient in /usr/local/ldap/bin/ so that your syntax matches what you might havetested on a Linux platform:

acmex.gatech.edu:/usr/local/ldap/bin/ldapsearch -LLL
-D 'uid=dmaccormick3,  (or whatever your account is called)
ou=local accounts,dc=gted,dc=gatech,dc=edu' -H
ldaps://r.gted.gatech.edu:636 -x -wMypasssswd
-b"ou=accounts,ou=gtaccounts,ou=departments,dc=gted,dc=gatech,dc=edu"
 gtdirguid=AE4018B98B6B6EDECED8AA1ADD658C4C

 

The above information is what is commonly helpful for integrating an application to use GTED. 

For exploring what is available to your account, an LDAP browser might also be a helpful tool.