The following information will allow you to write or use applications that authenticate against Case's LDAP server.

It is important to note that the LDAP authentication transparently authenticates against Kerberos. Therefore, if you simply need to verify a username and password, binding directly to Kerberos is preferred, as it is faster and prevents unecessary load on the LDAP servers. If you are requiring a user log in to use a web application, it is recommended to use CAS, the university's official web single sign-on service.

The procedure for authenticating against LDAP is as follows:

1. E-mail ldap-admin@case.edu and ask for a UID reader account. These accounts can search for user names of all users, even hidden users, are only given to university personnel that have a legitimate need for such an account.
2. Connect (bind) to the LDAP server with this account
3. Search for the username specified. Record the DN of the user (if found).
4. Try to bind with the DN of the search result with the password specified by the user

[edit] Important Info

Host Names:

ldap-replica1.cwru.edu
ldap-replica2.cwru.edu
ldap-replica3.cwru.edu
ldap.cwru.edu (round robin for above 3)

Base DN:

ou=People,o=cwru.edu,o=isp

Bind DN:

obtain from ITS.  See directions above.

Port:

389 (standard)
636 (SSL secured)