Google+
ITS and UVa logos for printed output

LDAP (Lightweight Directory Access Protocol)

Private LDAP Information for UVA Developers

Requesting Access

In order to access the Private LDAP Directory information for use in applications and software at UVA, developers must:

  1. Download and complete the LDAP Access Form.
  2. Return the completed form via Messenger Mail to: Director, ITS-Infrastructure Support Services and Administration, P.O. Box 400324.
  3. If LDAP access is approved for your application, you will be emailed with information regarding the bind account and password you should use in your application.

Questions about this process may be addressed to ldapaccess@virginia.edu.

Connecting to the Private LDAP Server

To connect to the private LDAP server, you will need a bind account and password (which will be provided to you upon approval of your request for access). The following information will also be needed to connect to the server:

Description Value
Name of Server pitchfork.itc.virginia.edu
Insecure Port (non-encrypted) # 389
Secure Port (encrypted) # 636
Root LDAP Search Base o=University of Virginia,c=US
People LDAP Search Base ou=People,o=University of Virginia,c=US
Group LDAP Search Base ou=Groups,o=University of Virginia,c=US

Secure Connections

While a secure, encrypted connection is not enforced at this time, it is highly recommended. At some point in the future this may become a requirement and, in general, it is a good idea to use an encrypted connection to provide additional protection for the bind password and the data that is pulled from the directory.

Configuring a Secure Connection

Configuring an encrypted connection will vary depending on the programming language you are using, but in general instead of using ldap://pitchfork.itc.virginia.edu:389 you would use ldaps://pitchfork.itc.virginia.edu:636.

Obtaining the Necessary Certificates

You will also need to load the appropriate root certificate into the certificate store being used by your program or platform. The root certificate can be downloaded from the Comodo website at https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1.

Attributes

The list of attributes available on the private LDAP servers includes:

Name Description ValueType

m=multi-valued, s=single-valued

Values Access Reference Steward
cn Full name of the person m  y inetOrgPerson
RFC-2798
 
displayNameName to display to userss y inetOrgPerson
RFC-2798
 
snLast Names yinetOrgPerson
RFC-2798
 
givenNameFirst Names yinetOrgPerson
RFC-2798
 
initials Initialss y inetOrgPerson
RFC-2798
 
title Working Titlem  inetOrgPerson
RFC-2798
 
uidUVA Computing IDs yinetOrgPerson
RFC-2798
 
mailregistered email addresss yinetOrgPerson
RFC-2798
 
homePhoneHome phone number   inetOrgPerson
RFC-2798
 
telephoneNumberOffice Numberm yinetOrgPerson
RFC-2798
 
facsimileTelephoneNumberFax Numberm yinetOrgPerson
RFC-2798
 
labeledURIHome Pages yinetOrgPerson
RFC-2798
 
descriptionA form of affiliationm yinetOrgPerson
RFC-2798
 
jpegPhotoA photo provided by the individual s yinetOrgPerson
RFC-2798
 
uidNumberUNIX UID s  yposixAccount
RFC-2307
 
gidNumberUNIX GID s yposixAccount
RFC-2307
 
gecosUNIX Name s  posixAccount
RFC-2307
 
homeDirectoryUNIX Home Directorys yposixAccount
RFC-2307
 
loginShellUNIX Shell s yposixAccount
RFC-2307
 
mailAlternateAddressEmail aliases m ymailRecipient  
preferredEmailAddressEmail addresss y  
mailForwardingAddressMail delivery address   y  
CVPN3000-Access-HoursVPN controls rCisco proprietary 
cVPN3000-IPSec-Split-Tunneling-Policyfull or partial tunnels rCisco proprietary  
isMemberOfGroup Membershipm yeduMember 
uvaPersonUpdateTimestampWhen we last saw an update from a system of record for this individualm  yuvaPerson 
uvaUniversityIDPhotoID Card Photo s ruvaPersonBusinessOps
uvaUniversityIDPhotoThumbID Card Photo thumbnail s ruvaPersonBusinessOps
uvaUniversityIDPhotoHashUsed for processing s ruvaPersonBusinessOps
uvaLastCompQuizLast successful completion of the Security Awareness Training (Responsible Computing Quiz) s yuvaPerson  
uvaPayrollDepartmentDepartment - payroll view s yuvaPerson 
uvaPayrollClassificationClassification - payroll view s yuvaPerson  
uvaPayrollLastUpdateLast Oracle updates  uvaPerson 
uvaRegistrarLastUpdateLast registrar updates   uvaPerson  
uvaRegistrarSchoolSchool of the students yuvaPerson 
uvaRolesSystem Roles held by the individual (ISDS, SIS, Eservices)m   uvaPerson  
uvaDisplayDepartmentYour department name? yuvaPerson  
uvaDisplayNameA full name strings  uvaPerson  
uvaAccountsAccounts held by the individualm yuvaPerson  
msnInstMessHandleMSN IM Handles  uvaPerson 
aolInstMessHandleAIM IM Handles  uvaPerson 
uvaDeliverableAddressAll deliverable addresses a user has configured in AMSm yuvaPerson 
uvaEmailAddressesAll deliverable addresses and aliases a user has configured in AMSm yuvaPerson  
uvaIkeyNumberNumber of ikey (1 for first, 2 for second, etc)s  uvaPerson  
uvaIsModeratorOfSympa mailing lists this user moderatesm yuvaPerson  
uvaIsOwnerOfGroups this user owns/administersm yuvaPerson  
uvaJvpnIkeyEnabledIs person's Ikey enabled for use on JointVPNs  uvaPerson  
uvaJvpnIpsecSplitTunnelingPolicyIndicates full or split tunnel for JointVPN userss  uvaPerson  
uvaUserDBFlagInternal flags - e.g., no accountm  uvaPerson 
uvaOracleDeptNameOracle Dept Names yuvaPerson 
uvaOracleOrgCodeOracle ORG Codes yuvaPerson  
uvaExpirationDateIf this record should expires  uvaPerson  
uvaCleanupDateWhen accounts have been cleaned ups  uvaPerson  
uvaExpirationStatusRecord expiration statuss yuvaPerson  
uvaMemberWould ITS issue any accounts yuvaPerson  
uvaRegistrarClassificationRegistrar classifications  uvaPerson 
MSNwirelessAccessJefferson WLAN access controls  uvaPerson  
unixuidPerson's UNIX UIDs yuvaPerson 
wirelessAccessCavalier WLAN access controls  uvaPerson  
uvRestrictDon't display information on this persons yuvaPerson  
uvaPersonTODOUsed by NetBadge for its reminder servicem  uvaPerson 
eduPersonScopedAffiliation Relationship to universitym yeduPerson 
eduPersonAffiliationRelationship to universitym yeduPerson 
edupersonprimaryaffiliationPrimary relationships y eduPerson  
eduPersonOrgUnitDNDepartment ORGs yeduPerson  
eduPersonPrincipalNamecomputingID@virginia.edus yeduPerson 
eduPersonNickNameNicknames yeduPerson  
eduPersonOrgDNUniversity of Virginias yeduPerson  
uvaEmplIDsEMPL IDs from various systems of recordm yuvaPerson  
uvaPersonSupervisorSysidSupervisor EMPL ID from various systems of recordm yuvaPerson 
uvaAccessListJointVPN access listm yuvaPerson 

  Page Updated: Thursday 2018-03-22 13:14:33 EDT