1. Introduction

1.1. About This Document

This document describes how to use a variety of client software with Oak LDAP. Any client supporting SASL / GSSAPI authentication to the LDAP server, and TLS or SSL connection encryption, should be usable with Oak LDAP. The idea is to provide tips for a variety of programming languages, tools, and operating systems. We welcome information allowing us to expand this variety.

1.2. Using This Document

Start by seeing which parts of the common configuration you require. A good next step is to get the command line tools working, if they are available for your platform. Then move on to the specific section for your programming language or runtime environment.

1.3. Generic Service Information

See the top-level Oak LDAP Service page for general information about the service, including how to register to use it.

The service is provided via the ldap.oak.ox.ac.uk DNS name. TLS can be used as the transport layer by connecting to port 389. Alternatively, SSL can be used by connecting to port 636. For both TLS and SSL, one root certificates must be trusted. This is the Addtrust External CA Root (this may already be provided as part of your operating system). Prior to 10th May 2011, the GTE CyberTrust Global Root CA was used instead.

We recommend that you configure your LDAP clients in such a way that new CAs can be easily added in the future, should the CA change again.

Currently, authentication can only be performed via SASL, using the GSSAPI mechanism. This utilises our existing Kerberos single sign-on infrastructure. We plan to add plain password-based authentication in due course, but need to do some work to enable this.

The Oak LDAP Schema can be a useful reference, as a companion to the examples in this document.

Up: Contents Next: 2. Common Client Configuration

Sections in this document: