1.3. Generic Service Information

See the top-level Oak LDAP Service page for general information about the service, including how to register to use it.

The service is provided via the ldap.oak.ox.ac.uk DNS name. TLS can be used as the transport layer by connecting to port 389. Alternatively, SSL can be used by connecting to port 636. For both TLS and SSL, one root certificates must be trusted. This is the Addtrust External CA Root (this may already be provided as part of your operating system). Prior to 10th May 2011, the GTE CyberTrust Global Root CA was used instead.

We recommend that you configure your LDAP clients in such a way that new CAs can be easily added in the future, should the CA change again.

Currently, authentication can only be performed via SASL, using the GSSAPI mechanism. This utilises our existing Kerberos single sign-on infrastructure. We plan to add plain password-based authentication in due course, but need to do some work to enable this.

The Oak LDAP Schema can be a useful reference, as a companion to the examples in this document.

Up: Contents Previous: 1.2. Using This Document