1. Home
2. Webhosting
3. Ldapapps

Using LDAP for web applications

If you develop an application which requires access to non-public LDAP attributes, you have to file a request.

Why request?

Our LDAP server (ldaps.UGent.be) contains a lot of information which is accessible to everyone, e.g. name, e-mail address and phone number. Anonymous access (without login name and password) is restricted to attributes which are typically used in (phone) directory style applications. Other information is not publicly available; it can only be used by registered applications.
To register you have to provide us with the LDAP attribute groups which your application needs to access. Based on your request, an application-id in which your permissions are stored, will be created to allow ldap connection.

LDAP attribute groups

Attributes which can be accessed by applications are sorted in groups. Attribute groups are arranged by their level of privacy.
Cf. the list of current attribute groups .

• PUBLIC attribute groups are visible to anyone
• For the CONTROLLED and RESTRICTED attribute groups, an ldap application-id is required
• RESTRICTED attribute groups are privacy-sensitive; in all other ways they equal the CONTROLLED attribute groups

LDAP application-id

You receive an application-id (application-dn) which enables authenticated binding to the UGentLDAP server and provides access to the allowed attributes/attribute groups.
The application-id is associated with a password. This password has to be set by you . (Dutch only)

> Applicaties
> uw applicatie 
> reset password 

Request how?

Send an e-mail containing the following to ldapadm@ugent.be:

1. A description of the application.
2. A person responsible for the application. This person has to be UGent personnel. He or she will be contacted in case there would be structural changes.
3. A list of the attribute groups which your application needs to access.
4. A motivation for /description of the use of RESTRICTED groups, if these are required.
   Vb. I need the home address of the departmentpersonnel in order to calculate the distance they travel.

How to query the LDAP

The UGentLDAP can be accessed

1. using the url: ldaps://ldaps.ugent.be
2. using parameters:
   • host: ldaps.ugent.be
   • port: 636
   • protocol: LDAPS (LDAP+SSL)

The commonly used authentication mechanisms for LDAP are

• Simple bind
• SASL (Simple Authentication and Security Layer)

The UGent LDAP provides Simple bind only .
PLEASE NOTE: Some clients, as the unix ldapsearch command, use SASL by default. To select simple bind, use the -x option. (ldapsearch -x)