Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Identity Management

LDAP Authentication and Root Certificate Authority

This article explains how to authenticate against the University of Chicago LDAP servers.

In order to authenticate against The University Of Chicago's LDAP servers, a LDAP client must:

  • Support either StartTLS (port 389) or LDAP/SSL (port 636)

To perform an authenticated bind against our LDAP servers, the LDAP client should:

  1. Connect to
  2. The bind DN (distinguished name) is of the form:
    'uid=your cnetid,ou=people,dc=uchicago,dc=edu'
  3. The bind password is the CNet password

The server certificates are signed by AddTrust Root CA. Your client may need this certificate to verify the LDAP server certificates when making a secure connection.

If you are using OpenLDAP, you will need to adjust your configuration file (ldap.conf) to use the addtrustexternalcaroot.crt file:

TLS_CACERT /PATH/TO/addtrustexternalcaroot.crt

Keywords:openldap, bind   Doc ID:16242
Owner:Dave L.Group:University of Chicago
Created:2010-12-09 19:00 CDTUpdated:2017-04-08 15:06 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  2   0