Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Identity Management
LDAP Authentication and Root Certificate Authority
This article explains how to authenticate against the University of Chicago LDAP servers.
In order to authenticate against The University Of Chicago's LDAP servers, a LDAP client must:
- Support either StartTLS (port 389) or LDAP/SSL (port 636)
To perform an authenticated bind against our LDAP servers, the LDAP client should:
- Connect to ldap.uchicago.edu
- The bind DN (distinguished name) is of the form:
- The bind password is the CNet password
The server certificates are signed by AddTrust Root CA. Your client may need this certificate to verify the LDAP server certificates when making a secure connection.
If you are using OpenLDAP, you will need to adjust your configuration file (ldap.conf) to use the addtrustexternalcaroot.crt file: