This document describes how to use a variety of client software with Oak LDAP. Any client supporting SASL / GSSAPI authentication to the LDAP server, and TLS or SSL connection encryption, should be usable with Oak LDAP. The idea is to provide tips for a variety of programming languages, tools, and operating systems. We welcome information allowing us to expand this variety.
Start by seeing which parts of the common configuration you require. A good next step is to get the command line tools working, if they are available for your platform. Then move on to the specific section for your programming language or runtime environment.
See the top-level Oak LDAP Service page for general information about the service, including how to register to use it.
The service is provided via the
DNS name. TLS can be used as the transport layer by connecting to
port 389. Alternatively, SSL can be used by connecting to port 636.
For both TLS and SSL, one root certificates must be trusted. This is the
Addtrust External CA Root (this may
already be provided as part of your operating system).
Prior to 10th May 2011, the GTE CyberTrust Global Root CA was used instead.
Currently, authentication can only be performed via SASL, using the GSSAPI mechanism. This utilises our existing Kerberos single sign-on infrastructure. We plan to add plain password-based authentication in due course, but need to do some work to enable this.
The Oak LDAP Schema can be a useful reference, as a companion to the examples in this document.