Documentation:LDAP

=LDAP on UGCS=

UGCS uses LDAP, the Lightweight Directory Access Protocol, to store basic "directory information". This includes the contents of /etc/passwd for most users, as well as additional settings for mail and other services. See the Wikipedia page on LDAP for more information.

Our LDAP servers are ldap-head.ugcs.caltech.edu and ldap-backup.ugcs.caltech.edu. They support SSL (you will need our CA certificate) as well as kerberos authentication, and can be used from outside UGCS if you wish.

Below we have a description of the most common (and some uncommon) ldap entries for a UGCS user. These entries can be easily edited with ldapedit. If you run ldapedit without any arguments, it will print a list of ldap entries for your user.

You can look at any ldap entry using "ldapsearch". This command takes a ldap search filter. You will probably want to use ldapsearch uid= to look for a given user's entry. Some of the fields may be base64 encoded. If you see a field that looks like a bunch of gibberish, try running it through base64 decode. For example, if a user's gecos field was "Sm9zaHVhIEh1dGNoaW5zLCwsIA==", you could run echo "Sm9zaHVhIEh1dGNoaW5zLCwsIA==" | base64 -d which would print out "Joshua Hutchins,,,"- the correct text. ldapedit does this automatically for you.

If you wish to edit your settings from a non-UGCS computer, your computer needs to be set up for Kerberos authentication. You also need to install MIT Kerberos SASL packages so that LDAP can authenticate (on Debian and derivatives, this package is libsasl2-modules-gssapi-mit).

How to edit settings
You can edit settings using ldapedit ldapedit -modify ldapedit -modify roomNumber 'MyRoom 123' ldapedit -add

User Information

 * cn: Common name, usually your full name
 * sn: Surname (your last name)
 * givenName: Your first name
 * gecos: The gecos information field.  Traditionally contains your name, phone number, address, etc
 * mobile: Your cell phone number
 * homePhone: Your home phone number
 * homePostalAddress: Your mailing address
 * roomNumber: Your current room number (can include your building too)

Account information
With the exception of loginShell, you can't change these.


 * uidNumber: Your UNIX uid
 * uid: Your UNIX username
 * loginShell: Your login shell (use chsh to change it)
 * homeDirectory: Your home directory

Mail settings
See also email basics


 * mail: Your primary mail address (just the username, not @ugcs.caltech.edu). You shouldn't change this
 * mailForwardingAddress: Email address(es) you want your mail forwarded to
 * deliveryMethod: If it is set to "forwardOnly", mail will not be kept locally when it is forwarded.  Otherwise, it should be set to "normal", where mail will be kept on UGCS.
 * mailAlternateAddress: An alternate address to receive mail at. Mail sent to this address will be delivered to you.  It can have @ugcs.caltech.edu, or just be the mail name part.  You cannot directly edit this setting through ldap- see email aliases for more information.

Spam settings

 * amavisSpamKillLevel: A decimal number.  If an email scores above this threshold (from spamassassin), it will be silently discarded.  Most mail with scores about 2 or 3 are definitely spam.  Our default kill level is 4.5
 * amavisSpamTag2Level: A decimal like spamKillLevel.  Mail that scores above this will have ***SPAM*** added to its subject line.
 * amavisWhitelistSender: An email address to whitelist.  If you have an address that consistently gets marked as spam but is not, please let us know.
 * amavisBlacklistSender: An email address to blacklist.

There are other less relevant amavis settings- almost any amavis setting can be configured through ldap.

Website Directory
These settings control your listing in our user directory
 * listWebsite: TRUE or FALSE, whether or not your site will appear.
 * cn: The script uses your CN ("Common Name") for the link text.  If it is set to your username, you can change it to your name if you want that to show instead.
 * websiteShortDesc: An optional string with a short description of your website. If you leave it blank (the default), it will use your name
 * websiteURL: An optional URL to point to. If left blank, it defaults to your UGCS website ( ~username/)