1.3. Generic Service Information
See the top-level Oak LDAP Service page for general information about the service, including how to register to use it.
The service is provided via the
DNS name. TLS can be used as the transport layer by connecting to
port 389. Alternatively, SSL can be used by connecting to port 636.
For both TLS and SSL, one root certificates must be trusted. This is the
Addtrust External CA Root (this may
already be provided as part of your operating system).
Prior to 10th May 2011, the GTE CyberTrust Global Root CA was used instead.
Currently, authentication can only be performed via SASL, using the GSSAPI mechanism. This utilises our existing Kerberos single sign-on infrastructure. We plan to add plain password-based authentication in due course, but need to do some work to enable this.
The Oak LDAP Schema can be a useful reference, as a companion to the examples in this document.