==================
OpenLDAP Directory
==================

What?
=====

+ `LDAP <https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol>`_ is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. The latest specification can be found at the `ietf <https://tools.ietf.org/html/rfc4511>`_

+ `OpenLDAP <http://www.openldap.org/>`_ is an open source implementation of the Lightweight Directory Access Protocol.

Who?
====

+ An OpenLDAP Infrastructure is maintained by the ITS Linux System Administration and is used to provide the Directory generated by `idm.bfh.ch <https://idm.bfh.ch>`_ published also in Active Directory.

How?
====

+ The BFH-Directory can be accessed by all known implementations of LDAP. e.g.
- `ldap-utils <https://wiki.debian.org/LDAP/LDAPUtils>`_
- `jxplorer <http://jxplorer.org/>`_

+ To access the BFH-Directory a valid users dn (Distinguished Name) and password has to be provided. e.g.

.. code-block:: bash

  ldapsearch -LLL -x -Z -W -s sub -H ldap://ldap.bfh.ch:389 -b dc=bfh,dc=ch  -D 'cn=pup1,ou=Staff,ou=Accounts,dc=bfh,dc=ch' uid

+ System Administrators running an application in a BFH network can order a service account to be able to access the BFH-Directory at `Servicedesk <https://servicedesk.bfh.ch/>`_.

+ The Access to the Directory is secured by StartTLS on Port 389 and TLS (ldaps) on Port 636.

BFH Attributes
==============

All needed Attributes are provided by Schemas. Either Standardized or Personal.

User related ObjectClasses and Attributes
-----------------------------------------

This is not a complete List but a group togheter of the most used Attributes.

+ **person**
    Attributes: *cn*, *sn*, description
+ **inetOrgPerson**
    Attributes: displayName, givenName, preferredLanguage, mail
+ **posixAccount**
    Attributes: *homeDirectory*, *uid*, *uidNumber*, *gidNumber*, gecos, loginShell
+ **bfhAutomount**
    Attributes: bfhAutomountInformation, bfhAccountType, bfhDepartment, bfhSection, bfhUnit, bfhAcademicTitle, bfhAdditionalTitle
+ **swissEduPerson**
    Attributes: swissEduPersonUniqueID, swissEduPersonGender, swissEduPersonStudyBranch1, swissEduPersonStudyBranch2, swissEduPersonStudyBranch3, swissEduPersonStudyLevel, eduPersonAffiliation

Group related ObjectClasses and Attributes
------------------------------------------

This is not a complete List but a group togheter of the most used Attributes.

+ **posixGroup**
    Attributes: *cn*, gidNumber, description
+ **bfhGroup**
    Attributes: displayName, mail


Standardized Schemas
--------------------

The BFH-Directory makes use of the following Schemas provided by OpenLDAP.

+ core.schema
+ cosine.schema
+ nis.schema
+ inetorgperson.schema


Switch AAI related Schemas
--------------------------

To be able to provide the requested attributes to Switch AAI Service Providers, the following Schemas are in use.

+ eduperson.schema
+ swissedu.schema

BFH related Schemas
-------------------

As we do use some "special" attributes for our inhouse applications, we also provide our own Schemas.

+ bfh.schema
+ lpk.schema