OpenLDAP Directory

What?

  • LDAP is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. The latest specification can be found at the ietf
  • OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol.

Who?

  • An OpenLDAP Infrastructure is maintained by the ITS Linux System Administration and is used to provide the Directory generated by idm.bfh.ch published also in Active Directory.

How?

  • The BFH-Directory can be accessed by all known implementations of LDAP. e.g.
  • To access the BFH-Directory a valid users dn (Distinguished Name) and password has to be provided. e.g.
ldapsearch -LLL -x -Z -W -s sub -H ldap://ldap.bfh.ch:389 -b dc=bfh,dc=ch  -D 'cn=pup1,ou=Staff,ou=Accounts,dc=bfh,dc=ch' uid
  • System Administrators running an application in a BFH network can order a service account to be able to access the BFH-Directory at Servicedesk.
  • The Access to the Directory is secured by StartTLS on Port 389 and TLS (ldaps) on Port 636.

BFH Attributes

All needed Attributes are provided by Schemas. Either Standardized or Personal.

Standardized Schemas

The BFH-Directory makes use of the following Schemas provided by OpenLDAP.

  • core.schema
  • cosine.schema
  • nis.schema
  • inetorgperson.schema